Kraken v1.2 releases: modular multi-language webshell
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken...
Tagged: webshell
php malware finder: Detect potentially malicious PHP files
PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also...
phpsploit v3.2 releases: Stealth post-exploitation framework
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access...
weevely3 v4.0.2 releases: Weaponized web shell
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules. It executes remote...
novahot v1.1.0 releases: A webshell framework for penetration testers
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP,...
Altman: the cross platform webshell tool in .NET
Altman3 Introduction Altman3 is a penetration testing software, which is web-hosted on Github Pages. Up to now, the software is capable of: Webshell module: the xml definition is adopted for customized script...
cmsPoc: CMS Exploit Framework
cmsPoc – A CMS Exploit Framework Download git clone https://github.com/CHYbeta/cmsPoc.git TYPE SCRIPT DESCRIPTION phpcms v960_sqlinject_getpasswd phpcmsv9.6.0 wap模块 sql注入 获取passwd icms v701_sqlinject_getadmin icmsv7.0.1 admincp.php sql Into the background any login admin permissions discuz...
PHP-backdoors: collection of PHP backdoors
PHP-backdoors A collection of PHP backdoors. For educational and/or testing purposes only. Notes The deobfuscated folder does not necessarily contain deobfuscated versions of the backdoors you can find in the...
Web Shell Detector: Find webshell on server
Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web...
Tunna: tunnel any TCP communication over HTTP
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. Summary In...
reGeorg: create a socks proxy for intranet penetration
ReGeorg is an upgraded version of reDuh. . It uses webshell to create a socks proxy for intranet penetration. Download Usage Step 1. Upload tunnel.(aspx|ashx|jsp|php) to a webserver (How you...
DAws: Advanced Web Shell
There are multiple things that make DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs, etc) like Suhosin(uses up to 20 php functions just to get a...
Some technique to bypass waf for uploading Shell on webserver
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most...
Exploiting PUT method for uploading WebShell
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered...
