Hidden Terminal for Shared Hosts — No SSH Required
Shared hosting (cPanel, DirectAdmin) usually blocks SSH access.
You're locked out of your own server. Can't run pip, git, composer, or even ls -la.
CronShell gives you a real terminal — powered by cron jobs and WebSocket.
No SSH. No open ports. No pain.
- 🔒 No SSH needed — works entirely through cron
- 🌐 Real-time WebPanel — WebSocket-powered terminal UI
- 🎨 Dark theme — looks exactly like a Linux terminal
- 📜 Command history — Arrow Up/Down
- 🔑 Token authentication — no one else can access
- 📁 Log archive — every command output saved to
logs/ - 🛡️ Safe mode — blacklist/whitelist dangerous commands
- 🪶 Lightweight — pure Python, no database
- 📦 cPanel compatible — Flask + Socket.IO version included
cron_shell/
├── README.md
├── README_FA.md
│
└── cron_shell/
├── cronshell.py # 🔧 Core engine (run by cron)
├── webpanel.py # 🌐 Flask + Socket.IO WebPanel
├── webpanel_fastapi.py # ⚡ FastAPI + WebSocket WebPanel
├── runner.sh # 🏃 Cron entry point
├── config.json # ⚙️ Configuration
├── crontab # 📅 Sample cron job
└── static/
├── panel.html # 🖥️ Terminal UI (Flask version)
├── panel_fastapi.html # 🖥️ Terminal UI (FastAPI version)
└── vazir.woff2 # 🇮🇷 Persian font
The main script that cron runs every minute (via runner.sh).
What it does:
- Checks if
command.shhas content - If yes: executes the command, saves output to
logs/, clearscommand.sh - Supports whitelist/blacklist for safety
- Log rotation (auto-deletes old logs)
Use this when: you don't need the web panel. Just write commands in command.sh.
echo "ls -la /home" > command.sh
# Wait 1 minute...
cat logs/result_*.logWeb-based terminal with real-time output via Flask + Socket.IO.
What it does:
- Serves a terminal-style HTML page
- Connects via WebSocket (Socket.IO)
- Executes commands and shows output instantly
- Token-based authentication
- Saves all outputs to
logs/
Use this when: you're on cPanel/shared hosting (where ASGI doesn't work).
Start:
pip install flask flask-socketio
python webpanel.py
# Open: http://your-server:9999/?token=YOUR_TOKENThe cron job needs execute permission to run runner.sh :
- Open File Manager in cPanel
- Navigate to
cron_shell/ - Click once on
runner.sh(single click, not double) - Click Permissions in the top toolbar
- Check Execute for User row:
User: [✓] Read [✓] Write [✓] Execute
Group: [✓] Read [ ] Write [ ] Execute
World: [✓] Read [ ] Write [ ] Execute
- Click Change Permissions
Done. The file can now be executed by cron.
Same as Flask version, but built with FastAPI + native WebSocket.
What it does:
- Everything
webpanel.pydoes - Native async support (better performance)
- Cleaner WebSocket handling
Use this when: you're on a VPS or dedicated server (ASGI works fine).
Start:
pip install fastapi uvicorn
python webpanel_fastapi.py
# Open: http://your-server:9999/?token=YOUR_TOKENUpload the cron_shell/ folder to your shared host or VPS.
Copy the content of crontab file to your cPanel Cron Jobs:
* * * * * /home/youruser/cron_shell/runner.shEdit config.json:
{
"token": "your-strong-secret-token-here",
"sleep": 0,
"timeout": 30,
"log_retention": 7,
"whitelist": [],
"blacklist": ["rm -rf /", "mkfs", "dd if="]
}cd /home/youruser/cron_shell
# For cPanel / shared hosting:
python webpanel.py
# For VPS:
python webpanel_fastapi.pyhttp://your-server-ip:9999/?token=your-strong-secret-token-here
- Token required — set in
config.json - Blacklist — block dangerous commands
- Whitelist — allow only specific commands
- No open ports needed (for cron-only mode)
⚠️ Only use on servers you own or have explicit permission to access.
MIT © Seyyed Mohamad Hosein Moosavi Raja (OandONE)
Pull requests are welcome.
Found a bug? Open an issue.
Want to add a feature? Fork it.
---
