3 repositorios
Runs system commands on a compromised server through a script embedded in a web page for remote control.
Distinct from Web-Based Command Interfaces: Distinct from Web-Based Command Interfaces: focuses specifically on post-exploitation web shells for command execution on compromised servers, not general web-based admin interfaces.
Explore 3 awesome GitHub repositories matching development tools & productivity · Web Shell Executions. Refine with filters or upvote what's useful.
K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabili
Runs system commands on a compromised server through a script embedded in a web page for remote control.
AntSword is a cross-platform web manager and penetration testing framework designed for the centralized administration of multiple remote website environments. It functions as a remote website administration tool and a web shell management tool, allowing users to organize and control diverse web servers from a single interface. The project provides a toolkit for security researchers to perform authorized security audits and identify vulnerabilities. It supports web penetration testing and security research workflows to analyze web application behavior and discover potential exploits. The sys
Provides a centralized interface for deploying and managing web shells to execute commands on remote servers.
Exphub es una librería de scripts de exploits CVE y una suite de vulnerabilidades de software empresarial diseñada para verificar y explotar fallas de seguridad conocidas en entornos de servidor como WebLogic, Struts2, Tomcat y JBoss. Funciona como un kit de herramientas de ejecución remota de código y un framework de despliegue de web shells para activar la ejecución no autorizada de comandos y establecer acceso persistente en sistemas remotos. El proyecto incluye utilidades especializadas para el reconocimiento de redes internas, específicamente utilizando falsificación de solicitudes del lado del servidor (SSRF) para escanear puertos y servicios abiertos. Además, proporciona mecanismos para eludir controles de acceso y realizar lecturas y subidas de archivos no autorizadas. La suite cubre áreas de capacidad amplias, incluyendo evaluación de vulnerabilidades, pruebas de penetración y la ejecución de scripts de prueba de concepto para confirmar la presencia de vulnerabilidades de seguridad.
Deploys scripts on compromised servers to create permanent HTTP interfaces for remote command execution.