A PTY shell is a command-line session attached to a pseudo-terminal (PTY). To the program, it looks like an interactive terminal, even when the session is carried over a web socket, SSH tunnel, or another remote channel. Unlike a simple one-shot command execution, a PTY shell usually supports interactive features such as prompts, input editing, job control, and terminal-based tools.
In cyber security, PTY shells matter because they are often the practical end point of remote code execution: once an attacker gets a PTY shell, they can explore files, read environment variables, move laterally, and run follow-up commands as if they were logged in locally. Defenders treat unexpected PTY activity as a high-signal alert, especially on servers that should only expose web features. Limiting terminal endpoints, enforcing authentication, and monitoring for spawned shell processes can help prevent a web bug from becoming full system access.



