Information Security
phpbash is a standalone, semi-interactive web shell. Its main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors,...
p0wny@shell:~# — Single-file PHP Shell p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this...
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web...
nano Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient. Note: You may need to tweak some parts of the code if it doesn’t work out for...
pinky v2 Uploading a webshell is almost always the next step after exploiting a web vulnerability, but services like Cloudflare and the new generation of firewalls do a really good job preventing attackers to...
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, Ruby, and python. Image: malware...
WPForce – WordPress Attack Suite ABOUT: It is a suite of WordPress Attack tools. Currently, this contains 2 scripts – WPForce, which brute forces logins via the API, and Yertle, which uploads shells once...
There are multiple things that make DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs, etc) like Suhosin(uses up to 20 php functions just to get a command executed). Drops CGI...
gshark-framework This framework can perform web post exploitation, with this you can interact with multiple web backdoor and execute custom module, script. Check all your backdoors with only one telegram messenger account! Connect web...
poly A python script that generates polymorphic webshells. Use it to encode your favorite shell and make it practically undetectable. If no shell is specified with the -p argument, the default shell in the...
Suggested Reading