phpsploit

Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor. Detailed help for any option (help command) Cross-platform on both client and server. CLI supports auto-completion & multi-command. Session saving/loading feature & persistent history. Multi-request support for large payloads (such as uploads) Provides a powerful, highly configurable settings engine. Each setting, such as user-agent has a polymorphic mode. Customizable environment variables for plugin interaction. Provides a complete plugin development API.

Features

Run commands and browse filesystem, bypassing PHP security restrictions
Upload/Download files between client and target
Edit remote files through local text editor
Run SQL console on target system
Spawn reverse TCP shells
Nearly invisible by log analysis and NIDS signature detection

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow phpsploit

phpsploit Web Site

Other Useful Business Software

Keep company data safe with Chrome Enterprise

Protect your business with AI policies and data loss prevention in the browser

Make AI work your way with Chrome Enterprise. Block unapproved sites and set custom data controls that align with your company's policies.

Download Chrome

Rate This Project

User Reviews

Be the first to post a review of phpsploit!

Additional Project Details

Programming Language

Python

Related Categories

Python Post-Exploitation Frameworks

Registered

2023-06-07

Similar Business Software

PentestBox

PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System. PentestBox was developed to provide the best penetration testing environment for Windows users. By default PentestBox runs like a normal user, no administrative permission is...

See Software
Caido

Caido is a modern web security toolkit designed for pentesters, bug bounty hunters, and security teams who need an efficient and customizable solution for web application testing. Caido features a powerful intercept proxy for capturing and manipulating HTTP requests, replay functionality for...

See Software
Carbide

Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform and expert services are tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous...

See Software
Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Pentest-Tools.com

Pentest-Tools.com helps security professionals find, validate, and communicate vulnerabilities faster and with greater confidence - whether they’re internal teams defending at scale, MSPs juggling clients, or consultants under pressure. With comprehensive coverage across network, web, API,...

See Software
Detectify

Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. ProdSec and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous...

See Software

Report inappropriate content

phpsploit

Full-featured C2 framework which silently persists on webserver

Get an email when there's a new version of phpsploit

Features

Project Samples

Project Activity

Categories

License

Follow phpsploit

User Reviews

Additional Project Details

Programming Language

Related Categories

Registered