p0wny@shell:~# — Single-file PHP Shell p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this...
Maintaining Access / Web Maintaining Access
by do son · Published March 13, 2023 · Last modified June 30, 2023
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken agents are supported: PHP...
What is Hiphp? The HIPHP BackDoor is an open-source tool that allows for remote control of websites utilizing the PHP programming language via the HTTP/HTTPS protocol. By utilizing the POST/GET method on port 80,...
ModSecurity Backdoor This is a proof-of-concept of malicious software running inside of ModSecurity WAF. The software has two main functions: Retrieving the content of files. Running commands and retrieving output (remote shell). Additionally, it...
MSMAP Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer, and Management Clients. Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical Interface Container Java Tomcat7 Tomcat8...
Web Maintaining Access / WebApp PenTest
by do son · Published March 8, 2018 · Last modified October 25, 2022
Altman3 Introduction Altman3 is a penetration testing software, which is web-hosted on Github Pages. Up to now, the software is capable of: Webshell module: the xml definition is adopted for customized script type and function, as...
DFShell D3Ext’s Forwarded Shell it’s a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the created fifos. You can...
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin for Apache Tomcat. Execute system commands via an API with ?action=exec. Download files from the...
WordPress webshell plugin for RCE A webshell plugin and interactive shell for pentesting a WordPress website. Features Webshell plugin for WordPress. Execute system commands via an API with ?action=exec. Download files from the remote system...
SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C# web applications that run on .NET Framework...
