Skip to content

My webshells with autofocus, output escaping, shell history, stealth password, file operations, ...

License

Notifications You must be signed in to change notification settings

exploide/webshells

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Webshells

This repository contains my webshells written due to my dissatisfaction with many existing webshells, which usually lack the one or another feature. Feel free to use them during CTFs or pentests.

Often, a minimalist web shell would be sufficient and only be used to fire up a reverse shell. But in uncomfortable environments, e.g. when network traffic is blocked, a feature-equipped webshell like this comes in handy to examine the situation.

Features

  • Large input field with autofocus
  • Shows stdout and also stderr when possible
  • Escapes HTML special characters in output when possible
  • Shows exit code when possible
  • Simple shell history with / utilizing JavaScript's session storage
  • File download
  • Optionally, restrict access by setting a stealth password (?pw=...), will return 404 if not given
  • No external dependencies
  • Aims to offer most useful features without being overly bloated (at least I tried...)

ASP

  • Passes commands to cmd.exe /c

ASPX

  • Passes commands to cmd.exe /c
  • Multi file upload

JSP / WAR

  • Detects OS and uses cmd.exe /c on Windows and /bin/sh -c on Unix-like
  • On Windows, detects codepage and decodes output accordingly
  • Multi file upload
  • Makefile creates WAR file out of JSP webshell

PHP / PHAR

  • Supports multiple execution functions, in case some are disabled
  • Multi file upload
  • Show phpinfo()
  • Makefile creates PHAR file out of PHP webshell

About

My webshells with autofocus, output escaping, shell history, stealth password, file operations, ...

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published