Kraken v1.2 releases: modular multi-language webshell
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken...
Maintaining Access / Web Maintaining Access
by do son · Published March 13, 2023 · Last modified June 30, 2023
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken...
by do son · Published February 28, 2019 · Last modified September 28, 2024
PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also...
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access...
Web Maintaining Access / WebApp PenTest
by do son · Published October 17, 2018 · Last modified March 9, 2024
Weevely is a web shell designed for remote server administration and penetration testing that can be extended over the network at runtime with more than 30 modules. It executes remote...
novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP,...
Web Maintaining Access / WebApp PenTest
by do son · Published March 8, 2018 · Last modified October 25, 2022
Altman3 Introduction Altman3 is a penetration testing software, which is web-hosted on Github Pages. Up to now, the software is capable of: Webshell module: the xml definition is adopted for customized script...
cmsPoc – A CMS Exploit Framework Download git clone https://github.com/CHYbeta/cmsPoc.git TYPE SCRIPT DESCRIPTION phpcms v960_sqlinject_getpasswd phpcmsv9.6.0 wap模块 sql注入 获取passwd icms v701_sqlinject_getadmin icmsv7.0.1 admincp.php sql Into the background any login admin permissions discuz...
Web Maintaining Access / WebApp PenTest
by do son · Published June 30, 2017 · Last modified October 10, 2021
PHP-backdoors A collection of PHP backdoors. For educational and/or testing purposes only. Notes The deobfuscated folder does not necessarily contain deobfuscated versions of the backdoors you can find in the...
Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web...
Maintaining Access / Network PenTest
by do son · Published June 27, 2017 · Last modified August 1, 2017
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. Summary In...
Maintaining Access / WebApp PenTest
by do son · Published June 23, 2017 · Last modified July 31, 2017
ReGeorg is an upgraded version of reDuh. . It uses webshell to create a socks proxy for intranet penetration. Download Usage Step 1. Upload tunnel.(aspx|ashx|jsp|php) to a webserver (How you...
Web Maintaining Access / WebApp PenTest
by do son · Published May 30, 2017 · Last modified October 10, 2021
There are multiple things that make DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs, etc) like Suhosin(uses up to 20 php functions just to get a...
Web Exploitation / Web Maintaining Access / WebApp PenTest
by do son · Published December 27, 2016 · Last modified September 1, 2017
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most...
Web Exploitation / WebApp PenTest
by do son · Published December 25, 2016 · Last modified October 10, 2021
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered...