wsManager: Webshell Manager
wsManager (Webshell Manager) can be used to quickly execute commands on a server while pentesting a PHP application. The client interface is written in C#, which operate using a simple web-based backdoor implemented by...
Category: Web Maintaining Access
SharPyShell: tiny and obfuscated ASP.NET webshell for C# web applications
SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C# web applications that run on .NET Framework...
barq: The AWS Cloud Post Exploitation framework
barq barq: The AWS Cloud Post Exploitation framework! barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without...
FwdSh3ll v1.0.1-1 releases: Forward shell generation framework
FwdSh3ll FwdSh3ll is a tiny open source framework for crafting forward shells. What is a forward shell? Have you ever been caught in a situation when performing a pentest you discover an RCE vulnerability in a...
phpbash: semi-interactive PHP shell compressed into a single file
phpbash is a standalone, semi-interactive web shell. Its main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors,...
p0wny-shell: Single-file PHP shell
p0wny@shell:~# — Single-file PHP Shell p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this...
rtty v6.6.1 releases: Access your terminal behind a NAT or firewall over the web
rtty Access your terminal behind a NAT or firewall over the web-based on your terminal’s macaddr. It is composed of the client and the server. The server is written in go language and uses the vue+iview....
phpsploit v3.0 releases: Stealth post-exploitation framework
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web...
fsociety Hacking Tools Pack – A Penetration Testing Framework
Fsociety Hacking Tools Pack – A Penetration Testing Framework A Penetration Testing Framework, you will have the very script that a hacker needs Fsociety Contains All Tools Used In Mr. Robot Series Menu Information...
weevely3 v3.7.0 releases: Weaponized web shell
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules. It executes remote code via an obfuscated...
nano: stealth PHP web shells
nano Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient. Note: You may need to tweak some parts of the code if it doesn’t work out for...
pinky: The PHP mini Remote Administration Tool
pinky v2 Uploading a webshell is almost always the next step after exploiting a web vulnerability, but services like Cloudflare and the new generation of firewalls do a really good job preventing attackers to...
novahot v1.1.0 releases: A webshell framework for penetration testers
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, Ruby, and python. Image: malware...
WPForce: WordPress Attack Suite
WPForce – WordPress Attack Suite ABOUT: It is a suite of WordPress Attack tools. Currently, this contains 2 scripts – WPForce, which brute forces logins via the API, and Yertle, which uploads shells once...
