hiphp: create a BackDoor to control PHP-based sites
What is Hiphp? The HIPHP BackDoor is an open-source tool that allows for remote control of websites utilizing the PHP programming language via the HTTP/HTTPS protocol. By utilizing the POST/GET...
Category: Web Maintaining Access
Kraken v1.2 releases: modular multi-language webshell
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken...
ModSecurity Backdoor: PoC of malicious software running inside of ModSecurity WAF
ModSecurity Backdoor This is a proof-of-concept of malicious software running inside of ModSecurity WAF. The software has two main functions: Retrieving the content of files. Running commands and retrieving output...
DFShell: The Best Forwarded Shell
DFShell D3Ext’s Forwarded Shell it’s a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the...
msmap v0.7 releases: Memory WebShell Generator
MSMAP Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer, and Management Clients. Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical Interface...
Apache Tomcat webshell application for RCE
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin for Apache Tomcat. Execute system commands via an API with ?action=exec....
WordPress webshell plugin for RCE: webshell plugin and interactive shell for pentesting a WordPress website
WordPress webshell plugin for RCE A webshell plugin and interactive shell for pentesting a WordPress website. Features Webshell plugin for WordPress. Execute system commands via an API with ?action=exec. Download files...
presshell: Quick & dirty WordPress Command Execution Shell
presshell – Quick & dirty WordPress Command Execution Shell Execute shell commands on your wordpress server. The uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php Download git clone https://github.com/scheatkode/presshell.git Installation To...
YAPS v1.5 releases: Yet Another PHP Shell
YAPS – Yet Another PHP Shell As the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there. It is a single PHP file containing all its functions...
rome-webshell: powerful and delightful PHP WebShell
Rome WebShell A powerful and delightful PHP WebShell This is a lightweight PHP webshell, using only vanilla JavaScript and CSS, no jQuery/Bootstrap bloat. Features Fully interactive file explorer, browser directories, and download files...
slopShell: php webshell
slopShell php webshell For this shell to work, you need 2 things, a victim that allows php file upload(yourself, in an educational environment) and a way to send http requests...
Gel4y Mini Shell Backdoor: webshell that can bypass some system security
Gel4y Mini Shell Backdoor Gel4y Webshell is a backdoor built using the PHP programming language in a stealth mode that can bypass server security. Each function has been converted into...
wsh: Web shell generator and command line interface
wsh wsh (pronounced woosh) is a web shell generator and command-line interface. This started off as just an http client since interacting with webshells is a pain. There’s a form,...
bantam: advanced PHP backdoor management tool to bypass WAF, IDS, SIEM systems
Bantam bantam is an advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with...
IIS Raid: A native backdoor module for Microsoft IIS
IIS Raid IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the webserver and carry out custom actions defined by an attacker. Documentation When...
