Jatayu – Stealthy Stand Alone PHP Web Shell

JATAYU Stealthy Stand Alone PHP Web Shell FEATURES Http Header Based Authentication. 100% Undetectable. Exec Function Changer. Nothing Fancy USAGE GET /test/jatayu.php?fn=1&&cmd=whoamiHost : http://test.comAuthtoken : bb3b1a1f-0447-42a6-955a-88681fb88499 FUNCTIONS PARAMETER FUNCTION fn=1 Calls function shell_exec() fn=2 Calls function system() cmd=id Executes command GENERATE AUTHTOKEN <?php$r = unpack(‘v*’, fread(fopen(‘/dev/random’, ‘r’),16));$apiKey = sprintf(‘%04x%04x-%04x-%04x-%04x-%04x%04x%04x’, $r[1], $r[2], $r[3], $r[4] & 0x0fffRead More

Php-Malware-Finder – Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator nano novahot phpencode tenncRead More

Bantam – A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems

An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation techniques to help prevent detection when encryptionRead More

Php-Jpeg-Injector – Injects Php Payloads Into Jpeg Images

Injects php payloads into jpeg images. Related to this post. Use Case You have a web application that runs a jpeg image through PHP’s GD graphics library. Description This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image. Make sure your input jpegRead More

Php_Code_Analysis – San your PHP code for vulnerabilities

This script will scan your code the script can find check_file_upload issues host_header_injection SQl injection insecure deserialization open_redirect SSRF XSS LFI command_injection features fast simple report usage: python code.py <file name> >>> this will scan one filepython code.py >>> this will scan full folder (.)python code.py <path> >>> scan full folder Download Php_Code_Analysis

Phpvuln – Audit Tool To Find Common Vulnerabilities In PHP Source Code

phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git repository: git clone https://github.com/ecriminal/phpvuln.git Install the required PIP packages:Read More