Maintaining Access / Web Maintaining Access
by do son · Published March 13, 2023 · Last modified June 30, 2023
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken agents are supported: PHP...
PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator...
Web Maintaining Access / WebApp PenTest
by do son · Published March 8, 2018 · Last modified October 25, 2022
Altman3 Introduction Altman3 is a penetration testing software, which is web-hosted on Github Pages. Up to now, the software is capable of: Webshell module: the xml definition is adopted for customized script type and function, as...
Web Maintaining Access / WebApp PenTest
by do son · Published May 30, 2017 · Last modified October 10, 2021
There are multiple things that make DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs, etc) like Suhosin(uses up to 20 php functions just to get a command executed). Drops CGI...
Web Maintaining Access / WebApp PenTest
by do son · Published June 30, 2017 · Last modified October 10, 2021
PHP-backdoors A collection of PHP backdoors. For educational and/or testing purposes only. Notes The deobfuscated folder does not necessarily contain deobfuscated versions of the backdoors you can find in the obfuscated folder. To deobfuscate...
Web Exploitation / WebApp PenTest
by do son · Published December 25, 2016 · Last modified October 10, 2021
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered as a modified version...
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web...
Web Maintaining Access / WebApp PenTest
by do son · Published October 17, 2018 · Last modified January 6, 2020
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules. It executes remote code via an obfuscated...
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, Ruby, and python. Image: malware...
cmsPoc – A CMS Exploit Framework Download git clone https://github.com/CHYbeta/cmsPoc.git TYPE SCRIPT DESCRIPTION phpcms v960_sqlinject_getpasswd phpcmsv9.6.0 wap模块 sql注入 获取passwd icms v701_sqlinject_getadmin icmsv7.0.1 admincp.php sql Into the background any login admin permissions discuz v34_delete_arbitary_files discuz ≤ v3.4 Delete...
