YAPS – Yet Another PHP Shell As the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there. It is a single PHP file containing all its functions and you can control...
presshell – Quick & dirty WordPress Command Execution Shell Execute shell commands on your wordpress server. The uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php Download git clone https://github.com/scheatkode/presshell.git Installation To install the shell, we...
Opal Stealth post-exploitation framework for WordPress CMS What is it and why was it made? We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we...
Web Maintaining Access / WebApp PenTest
by do son · Published May 30, 2017 · Last modified October 10, 2021
There are multiple things that make DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs, etc) like Suhosin(uses up to 20 php functions just to get a command executed). Drops CGI...
phpbash is a standalone, semi-interactive web shell. Its main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors,...
Web Maintaining Access / WebApp PenTest
by do son · Published June 30, 2017 · Last modified October 10, 2021
PHP-backdoors A collection of PHP backdoors. For educational and/or testing purposes only. Notes The deobfuscated folder does not necessarily contain deobfuscated versions of the backdoors you can find in the obfuscated folder. To deobfuscate...
Rome WebShell A powerful and delightful PHP WebShell This is a lightweight PHP webshell, using only vanilla JavaScript and CSS, no jQuery/Bootstrap bloat. Features Fully interactive file explorer, browser directories, and download files instantly Upload files directly from...
slopShell php webshell For this shell to work, you need 2 things, a victim that allows php file upload(yourself, in an educational environment) and a way to send http requests to this webshell. How...
Gel4y Mini Shell Backdoor Gel4y Webshell is a backdoor built using the PHP programming language in a stealth mode that can bypass server security. Each function has been converted into hex code so that...
wsh wsh (pronounced woosh) is a web shell generator and command-line interface. This started off as just an http client since interacting with webshells is a pain. There’s a form, to send a command...
