A collection of PHP backdoors. For educational and/or testing purposes only.
- The deobfuscated folder does not necessarily contain deobfuscated versions of the backdoors you can find in the obfuscated folder. To deobfuscate those and other tricks, Check out the PHP tools section.
- Always investigate malware in a secure environment. This means: separately from your network and in a virtual machine!
- Some backdoors may be backdoored (yes, really). Don’t ever use this for any malicious purposes.
- webshell – This is a webshell open source project.
- php-exploit-scripts – A collection of PHP exploit scripts, found when investigating hacked servers.
- php-webshells – Common php webshells.
- WebShell – WebShell Collect.
- webshellSample – Webshell sample for WebShell Log Analysis.
If you’re trying to detect webshells like the ones mentioned in this repository, you may want to use Yara and scan your web server with the following Yara rules specifically for webshells: Yara-rules/Webshells