Security Training Share
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, Ruby, and python. Image: malware...
As a penetration tester, I know that you usually choose to use Kali Linux like penetration testing distribution. Kali Linux is a powerful distribution. It includes many, many pentesting tools. If you are Ubuntu/...
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules. It executes remote code via an obfuscated...
rtty Access your terminal behind a NAT or firewall over the web based on your terminal’s macaddr. It is composed of the client and the server. The server is written in go language and uses...
Jok3r is a python CLI application which is aimed at simplifying first phases of network infrastructure and web penetration testing. It provides the following features: Manage toolbox (install & update), organized by service ;...
nano Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient. Note: You may need to tweak some parts of the code if it doesn’t work out for...
WPForce – WordPress Attack Suite ABOUT: It is a suite of WordPress Attack tools. Currently, this contains 2 scripts – WPForce, which brute forces logins via the API, and Yertle, which uploads shells once...
There are multiple things that make DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs, etc) like Suhosin(uses up to 20 php functions just to get a command executed). Drops CGI...
gshark-framework This framework can perform web post exploitation, with this you can interact with multiple web backdoor and execute custom module, script. Check all your backdoors with only one telegram messenger account! Connect web...
poly A python script that generates polymorphic webshells. Use it to encode your favorite shell and make it practically undetectable. If no shell is specified with the -p argument, the default shell in the...
LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features. Features Works with Windows, Linux and OS X Automatic...
Cheetah is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey. Cheetah’s working principle is that it can submit a large number of detection passwords based on...
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface....
Altman3 Introduction Altman3 is a penetration testing software, which is web-hosted on Github Pages. Up to now, the software is capable of: Webshell module: the xml definition is adopted for customized script type and function, as...
