phpsploit

Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor. Detailed help for any option (help command) Cross-platform on both client and server. CLI supports auto-completion & multi-command. Session saving/loading feature & persistent history. Multi-request support for large payloads (such as uploads) Provides a powerful, highly configurable settings engine. Each setting, such as user-agent has a polymorphic mode. Customizable environment variables for plugin interaction. Provides a complete plugin development API.

Features

Run commands and browse filesystem, bypassing PHP security restrictions
Upload/Download files between client and target
Edit remote files through local text editor
Run SQL console on target system
Spawn reverse TCP shells
Nearly invisible by log analysis and NIDS signature detection

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow phpsploit

phpsploit Web Site

Other Useful Business Software

Share your screen instantly while on a phone call with CrankWheel for an engaging presentation.

For salespeople and customer service agents who want to compliment their phone calls with visual elements.

Our 10x simpler screen sharing tool is designed for you if you spend your days on the phone with clients, and need to add a visual presentation to close sales. No more scheduling a follow-up meeting, or teaching them to use a complex tool. Send them a text message or email, and they see your screen in seconds.

Learn More

Rate This Project

User Reviews

Be the first to post a review of phpsploit!

Additional Project Details

Programming Language

Python

Related Categories

Python Post-Exploitation Frameworks

Registered

2023-06-07

Similar Business Software

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Carbide

Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform and expert services are tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous...

See Software
Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Silent Armor

Silent Armor is an AI-powered perimeter defense platform designed to predict and prevent cyber breaches before they occur. It continuously analyzes hundreds of security metrics across an organization’s attack surface to deliver real-time, intelligent protection. The platform combines predictive...

See Software
Pentest-Tools.com

Pentest-Tools.com helps security professionals find, validate, and communicate vulnerabilities faster and with greater confidence - whether they’re internal teams defending at scale, MSPs juggling clients, or consultants under pressure. With comprehensive coverage across network, web, API,...

See Software
HackenProof

We are a web3 bug bounty platform since 2017. We help to set a clear scope (or you can do it by yourself), agree on a budget for valid bugs (platform subscription is free), and make recommendations based on your company`s needs. We launch your program and reach out to our committed crowd of...

See Software