Search the Community

Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and is core is developed in Python. Kraken follows the principle of "avoiding command execution" by re-implementing it through the functionalities of the programming language in use. Kraken seeks to provide usability, scalability and improve the OPSEC of ongoing operations. Although its main use is focused on offensive purposes (e.g. red teams, internal pentest), it is possible to use it by blue teams to evaluate existing defensive tools and configurations. [hide][Hidden Content]]

Bypass Shell Backdoor 404 403 500 auto delete etc . [hide][Hidden Content]]

Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer, and Management Clients. Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical Interface Container Java Tomcat7 Tomcat8 Tomcat9 Tomcat10 Resin3 Resin4 WebSphere GlassFish WebLogic JBoss Spring Netty JVM* .NET IIS PHP Python *: Default support for Linux Tomcat 8/9, more versions can be adapted according to the advanced guide. WebShell / Proxy / Killer WebShell CMD / SH AntSword JSPJS Behinder Godzilla No need for modularity Decoder / Decryptor / Hasher Decoder Base64 Hex Decryptor XOR RC4 AES128 AES256 RSA Hasher MD5 SHA128 SHA256 [hide][Hidden Content]]

Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文 [hide][Hidden Content]]

Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer, and Management Clients. Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical Interface Container Java Tomcat7 Tomcat8 Tomcat9 Tomcat10 Resin3 Resin4 WebSphere GlassFish WebLogic JBoss Spring Netty JVM* .NET IIS PHP Python *: Default support for Linux Tomcat 8/9, more versions can be adapted according to the advanced guide. WebShell / Proxy / Killer WebShell CMD / SH AntSword JSPJS Behinder Godzilla No need for modularity Decoder / Decryptor / Hasher Decoder Base64 Hex Decryptor XOR RC4 AES128 AES256 RSA Hasher MD5 SHA128 SHA256 [hide][Hidden Content]]

WordPress webshell plugin for RCE A webshell plugin and interactive shell for pentesting a WordPress website. Features Webshell plugin for WordPress. Execute system commands via an API with ?action=exec. Download files from the remote system to your attacking machine with ?action=download. [hide][Hidden Content]]

PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server. Thanks to this, you can use different types of shells (aspx, php, jsp, sh, py...) both in Windows and Linux, with command history, upload and download files and even, moving through directories as if it were a standard shell. [hide][Hidden Content]]

Functions: File Manager (create dir/file; remove, delete, copy dir/file; zip dir; unzip; edit file) File Upload Eval - PHP SQL Query (only pgsql/mysql) Get Infos from uid/gid (only linux) Line Exec [hide][Hidden Content]]

Rome WebShell A powerful and delightful PHP WebShell This is a lightweight PHP webshell, using only vanilla JavaScript and CSS, no jQuery/Bootstrap bloat. Features Fully interactive file explorer, browser directories, and download files instantly Upload files directly from the browser Execute commands without having to ‘URL encode’ your payloads MD5 Password protection, handy to restrain access during a King of The Hill for exemple Fully CSS animated, responsive, and delightful FlatUI interface Easily customizable, usage of CSS variables makes it easy to use your favorite colors Obfuscated, this repository includes an already obfuscated version [hide][Hidden Content]]

php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file upload(yourself, in an educational environment) and a way to send http requests to this webshell. [hide][Hidden Content]]

About Carina Carina is a web application used to store webshell, Virtual Private Server (VPS) and cPanel data. Carina is made so that we don't need to store webshell, VPS or cPanel data in "strange places". [HIDE][Hidden Content]]

WSO php webshell New Design: most Beautiful php 7.x issue resolved Easy to use Password login protection Server Infection possibility Managing SQL Databases No Tracker More useful features... [HIDE][Hidden Content]]

[HIDE][Hidden Content]]

IndoXploit Webshell V.3 IndoXploit webshell V.3 is an PHP based webshell or backdoor with unique and usefull features. This webshell is originally coded by agussetyar from IndoXploit Coders Team. IndoXploit Shell has been mentioned repeatedly by the coder that it will make you easily bypass server security. With this shell you can comfortably bypass the server firewall from most secure servers. It is one of the hacker's most preferred backdoor shell. Usage of indoxploit shell for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program Screenshot login Default Password : IndoXploit interface Webshell Interface Features Mass Password Change Fake Root Cpanel Crack Mass Deface/Delete File Zone-H Mass Submit [HIDE][Hidden Content]]