A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.

Overview

Simple PHP Web Backdoor

A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.

It is handy if standard PHP web shells are restricted (e.g. system function disabled and such). I used this when performing penetration testing on security labs and Hack The Box, and it works great!

Features

Retrieve File/Scan Directory

Enter the path you want to explore.

If it's a directory, it will list all the items in the directory. Otherwise, it will show the content of the file.

Upload File From Your Local

Upload any file from your local computer. You can upload one or more files.

The backdoor will save the file in the same working directory.

Upload File From URL

Upload any file from a remote URL. You need to specify the output file name and the URL of the remote file.

Make sure the host can access the remote file.

Disclaimer

This script is only for permitted penetration testing and security research, and I will not be responsible if you use it for illegal activities.

You might also like...
CrimeFlare - This tools can help you to see the real IP behind CloudFlare protected websites
CrimeFlare - This tools can help you to see the real IP behind CloudFlare protected websites

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Web Shells that can bypass system firewalls
Web Shells that can bypass system firewalls

No System Is Safe Summary Tsayou web shell is a backdoor built using the PHP programming language and designed to bypass multiple system firewalls on

Web Application Firewall (WAF) package for Laravel

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

The new generation of famous WSO web shell. With perks included

wso-ng New generation of famous WSO web shell. With perks included default password is "root" changes can now hook password when loaded via stub ?php

sqlscan is quick web scanner for find an sql inject point
sqlscan is quick web scanner for find an sql inject point

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

WebVulScan - a web application vulnerability scanner
WebVulScan - a web application vulnerability scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities.

TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library

About TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto h

Simple Encryption in PHP.

php-encryption composer require defuse/php-encryption This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or new

Releases(untagged-1cfbc5f67aa38b26e24d)
Owner
Aqhmal Hafizi
Coder, Hacker, Geek.
Aqhmal Hafizi
SЁCU is a public API to store self-destructing data payloads with url shortener and handle anonymous chat-rooms.

SЁCU Introduction SЁCU is a public API to store self-destructing data payloads. This repository includes only backend part using Laravel framework. Fr

SЁCU 27 Nov 21, 2022
API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL)

SSH-PHP-API API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL) [Install on Ubuntu 20.04: apt install apache2 php php-fpm php-ssh

Вентокс 3 Sep 23, 2022
Obfuscate your data by generating reversible, non-sequential, URL-safe identifiers.

Laravel Hashid Laravel Hashid provides a unified API across various drivers such as Base62, Base64, Hashids and Optimus, with support for multiple con

Elf Sundae 390 Nov 16, 2022
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
AstraPay allows Algerian Stores to pay in CryptoCurrency or in Algerian Currency AstraToken

Accept payments in Bitcoin, AstraTokens, Bitcoin Cash, Litecoin, Ethereum, Monero and IOTA directly to your crypto wallet, without any sign-ups or lengthy processes. All you need is to provide your crypto address.

AstraSilicon 12 Apr 15, 2021
A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

Alan Woo 51 Nov 21, 2022
ChestRandomBP: This plugin generates chests in random places within a specific world. Where you can customize what each one of them contains, the time and the world of spawning.

ChestRandomBP ChestRandomBP: This plugin generates chests, it works PocketMine-MP and random places within a specific world. Where you can customize w

null 5 Sep 19, 2021
Web page performance/seo/security/accessibility analysis, browser-less for PHP

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Lightship 5 Dec 15, 2022
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022