PHPsploit Logo

PHPsploit

0
Free
Visit Website

Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor: <?php @eval($_SERVER['HTTP_PHPSPL01T']); ?> Efficient: More than 20 plugins to automate privilege-escalation tasks. Run commands and browse filesystem, bypassing PHP security restrictions. Upload/Download files between client and target. Edit remote files through local text editor. Run SQL console on target system. Spawn reverse TCP shells. Stealth: The framework is made by paranoids, for paranoids. Nearly invisible by log analysis and NIDS signature detection. Safe-mode and common PHP security restrictions bypass. Communications are hidden in HTTP Headers. Loaded payloads are obfuscated to bypass NIDS. http/https/socks4/socks5 Proxy support. Convenient: A robust interface with many crucial features. Detailed help for any optio

FEATURES

ALTERNATIVES

Open-source project for building instrumented environments to simulate attacks and test detections.

An open source network penetration testing framework with automatic recon and scanning capabilities.

A PowerShell toolkit for attacking Azure environments

SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.

A tool for detecting and taking over subdomains with dead DNS records

A scripting engine for interacting with GraphQL endpoints for pentesting purposes.

An interactive multi-user web JS shell

Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.

PINNED