I was on Reddit.com, and I encountered a question regarding reverse shells. So, I pulled up this resource: https://marketsplash.com/tutorials/bash-shell/reverse-shell-bash/ regarding reverse shells.
The OP (original poster) of the question was asking about reverse shells for the purpose of testing the security awareness of his tool, like Whitehat Sentinel, CrowdStrike FalconHost and Tenable.IO. The security tools are classed as “network vulnerability scanners.” In some cases, the vulnerability scanner will connect with a host, and execute a reverse shell to execute its test(s). This is a valuable and genuine use for reverse shells; however, attackers also use this method to deploy payloads.
I have used PiHole to blackhole selected DNS requests, but I always cringe at their “One-Step Automated Install” method: https://github.com/pi-hole/pi-hole/#one-step-automated-install, where you pipe a downloaded script into BASH. I would advise users who encounter this installation method to download the script, run it through a virus scanner — perhaps it happened automatically during download, then if you’re virus scanner gives its blessing, you can just execute the file like any other BASH shell.