Category: Web Maintaining Access
JATAYU Stealthy Stand-Alone PHP Web Shell FEATURES Http Header Based Authentication. 100% Undetectable. Exec Function Changer. Nothing Fancy Download git clone https://github.com/SpiderMate/Jatayu.git Use FUNCTIONS PARAMETER FUNCTION fn=1 Calls function shell_exec() fn=2 Calls...
Opal Stealth post-exploitation framework for WordPress CMS What is it and why was it made? We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we...
wsManager (Webshell Manager) can be used to quickly execute commands on a server while pentesting a PHP application. The client interface is written in C#, which operate using a simple web-based backdoor implemented by...
SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C# web applications that run on .NET Framework...
barq barq: The AWS Cloud Post Exploitation framework! barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without...
phpbash is a standalone, semi-interactive web shell. Its main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors,...
p0wny@shell:~# — Single-file PHP Shell p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this...
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web...
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules. It executes remote code via an obfuscated...
nano Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient. Note: You may need to tweak some parts of the code if it doesn’t work out for...
pinky v2 Uploading a webshell is almost always the next step after exploiting a web vulnerability, but services like Cloudflare and the new generation of firewalls do a really good job preventing attackers to...
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, Ruby, and python. Image: malware...
poly A python script that generates polymorphic webshells. Use it to encode your favorite shell and make it practically undetectable. If no shell is specified with the -p argument, the default shell in the...
Altman3 Introduction Altman3 is a penetration testing software, which is web-hosted on Github Pages. Up to now, the software is capable of: Webshell module: the xml definition is adopted for customized script type and function, as...
PyShell – Shellify Your HTTP Command Injection! Did firewall get you down? Are your reverse-shell connection attempts being filtered? Are you stuck working solely over HTTP / HTTPS? Then this just might be just...