awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
Back to pentestmonkey/php-reverse-shell

Open-source alternatives to Php Reverse Shell

30 open-source projects similar to pentestmonkey/php-reverse-shell, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Php Reverse Shell alternative.

  • samratashok/nishangAvatar de samratashok

    samratashok/nishang

    9,951Voir sur GitHub↗

    Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a

    PowerShellactivedirectoryhackinginfosec
    Voir sur GitHub↗9,951
  • hackerschoice/thc-tips-tricks-hacks-cheat-sheetAvatar de hackerschoice

    hackerschoice/thc-tips-tricks-hacks-cheat-sheet

    3,853Voir sur GitHub↗

    This project is a comprehensive command-line reference and toolkit designed for Linux system administration and network security assessment. It provides a collection of technical snippets and operational guides focused on managing remote environments, orchestrating shell sessions, and executing administrative tasks through native terminal utilities. The repository distinguishes itself by offering specialized techniques for stealthy operations and infrastructure manipulation. It covers methods for establishing encrypted tunnels to bypass firewalls, obfuscating process identities and command hi

    Shell
    Voir sur GitHub↗3,853
  • trickster0/offensiverustAvatar de trickster0

    trickster0/OffensiveRust

    2,984Voir sur GitHub↗

    OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs. The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID s

    Rust
    Voir sur GitHub↗2,984

Recherche par IA

Explorez plus de dépôts awesome

Décrivez vos besoins en langage naturel — l'IA classe des milliers de projets open source sélectionnés par pertinence.

Find more with AI search
  • t3l3machus/hoaxshellAvatar de t3l3machus

    t3l3machus/hoaxshell

    3,421Voir sur GitHub↗

    Hoaxshell is a command and control system for Windows remote command execution. It provides a framework for generating and managing reverse shell payloads that utilize an HTTP beaconing protocol, where victim clients periodically poll a handler to receive and execute instructions. The project distinguishes itself through its ability to bypass PowerShell Constrained Language Mode using specialized payload generation. It supports encrypted command and control via TLS certificate injection and provides mechanisms for remote session recovery, allowing a handler to reestablish control over active

    Pythonhackingopen-sourcepenetration-testing
    Voir sur GitHub↗3,421
  • joaomatosf/jexbossAvatar de joaomatosf

    joaomatosf/jexboss

    2,512Voir sur GitHub↗

    jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra

    Pythondeserializationexploitexploiting-vulnerabilities
    Voir sur GitHub↗2,512
  • rebeyond/behinderAvatar de rebeyond

    rebeyond/Behinder

    6,133Voir sur GitHub↗
    Voir sur GitHub↗6,133
  • pyinfra-dev/pyinfraAvatar de pyinfra-dev

    pyinfra-dev/pyinfra

    5,779Voir sur GitHub↗

    pyinfra is a Python-based infrastructure automation framework that turns Python code into shell commands for managing servers, Docker containers, and local machines. It operates as a declarative, idempotent deployment tool, applying desired system states by comparing target configurations against current states and making only the necessary changes. The framework provides a connector-based transport abstraction that unifies SSH, Docker, and local execution behind a common interface, with a parallel execution engine that manages concurrent operations across hosts. The tool distinguishes itself

    Pythoncloud-managementconfiguration-managementhigh-performance
    Voir sur GitHub↗5,779
  • j3ssie/osmedeusAvatar de j3ssie

    j3ssie/Osmedeus

    6,425Voir sur GitHub↗

    Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp

    Go
    Voir sur GitHub↗6,425
  • agent-infra/sandboxAvatar de agent-infra

    agent-infra/sandbox

    2,569Voir sur GitHub↗

    This project provides secure, containerized infrastructure designed for autonomous agents, remote code execution, and cloud development. It functions as a sandboxed environment where AI agents and external processes can execute code, run shell commands, and manage files while remaining isolated from the host system. The system distinguishes itself by implementing the Model Context Protocol, allowing it to act as a standardized tool server that exposes browser and filesystem capabilities to compatible clients. It further integrates headless browser automation, enabling programmatic web navigat

    Pythonagentall-in-onebrowser
    Voir sur GitHub↗2,569
  • bc-security/empireAvatar de BC-SECURITY

    BC-SECURITY/Empire

    5,045Voir sur GitHub↗

    Empire is a post-exploitation command-and-control (C2) framework designed for red team operations. It deploys and manages agents written in PowerShell, Python, C#, Go, and C across Windows, Linux, and macOS, using encrypted communication channels over HTTP, HTTPS, and SMB. The framework executes over 400 built-in modules for reconnaissance, privilege escalation, credential theft, and lateral movement, and provides a modular engine for authoring custom attack modules. What sets Empire apart is its multi-language agent deployment system, which allows operators to choose implants that suit each

    PowerShellc2empirehacktoberfest
    Voir sur GitHub↗5,045
  • veeso/termscpAvatar de veeso

    veeso/termscp

    2,786Voir sur GitHub↗

    TermSCP is a multi-protocol terminal user interface file manager used for browsing and transferring files across SCP, SFTP, FTP, S3, and WebDAV. It functions as a secure remote connection manager and an SSH file transfer client, providing a keyboard-driven environment for remote server administration. The project features a dual-pane filesystem explorer with synchronized navigation to keep local and remote views in lockstep. It integrates an embedded terminal shell for executing local and remote commands without leaving the interface and employs a remote-file edit proxy to allow modifications

    Rustaws-s3command-line-toolcommand-line-utility
    Voir sur GitHub↗2,786
  • asterinas/asterinasAvatar de asterinas

    asterinas/asterinas

    4,678Voir sur GitHub↗

    Asterinas is a memory-safe operating system kernel designed to prevent data races and memory corruption. It functions as a Linux-ABI compatible kernel, enabling the execution of existing Linux binaries and container workloads while providing a declarative operating system distribution model. The project distinguishes itself by acting as a virtual machine container host and a confidential computing guest OS, allowing it to run within hardware-isolated Trusted Execution Environments such as Intel TDX. It implements a minimal trusted computing base by isolating unsafe low-level operations and se

    Rustkernelosrust
    Voir sur GitHub↗4,678
  • beichendream/godzillaAvatar de BeichenDream

    BeichenDream/Godzilla

    4,333Voir sur GitHub↗

    Godzilla is a post-exploitation toolkit and webshell management framework designed for remote administration, credential extraction, and memory shell injection. It provides a centralized platform to deploy, control, and monitor encrypted remote access scripts across multiple server environments. The project differentiates itself through a memory shell injector that loads binaries and shellcode directly into server memory to avoid disk-based detection. It also employs polyglot payload injection, deploying encrypted scripts across various language environments to maintain persistent connections

    Voir sur GitHub↗4,333
  • superradcompany/microsandboxAvatar de superradcompany

    superradcompany/microsandbox

    6,570Voir sur GitHub↗

    Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag

    Rust
    Voir sur GitHub↗6,570
  • pennyw0rth/netexecAvatar de Pennyw0rth

    Pennyw0rth/NetExec

    5,274Voir sur GitHub↗

    NetExec is a framework for concurrent credential spraying and remote command execution across network protocols. It provides input sanitization and command parsing to reduce injection risks, a plugin-based protocol abstraction that dispatches credentials and commands uniformly regardless of transport, and session and token lifecycle management for long-running multi-command operations. Results from concurrent executions are collected and normalized through a result aggregation pipeline. The framework includes a concurrent job scheduler that manages worker threads for parallel execution across

    Pythonactive-directoryhackinginfosec
    Voir sur GitHub↗5,274
  • wonderwhy-er/desktopcommandermcpAvatar de wonderwhy-er

    wonderwhy-er/DesktopCommanderMCP

    5,493Voir sur GitHub↗

    DesktopCommanderMCP is a Model Context Protocol (MCP) server that gives AI agents direct access to local files, shell commands, and system processes through natural language instructions. It acts as a unified bridge between conversational commands and desktop operations, enabling an AI to translate plain English into file management, code editing, system command execution, data analysis, and software scaffolding tasks without needing its own API. The server exposes these capabilities as structured tools via the MCP protocol, so any compatible agent can interact with the local environment in a

    TypeScriptagentaicode-analysis
    Voir sur GitHub↗5,493
  • ridter/intranet_penetration_tipsAvatar de Ridter

    Ridter/Intranet_Penetration_Tips

    4,606Voir sur GitHub↗

    This project is a technical guide and reference for internal network penetration testing. It serves as a collection of procedures for exploiting and navigating private corporate networks during security assessments. The repository provides specialized manuals and cheat sheets focused on active directory attacks, lateral movement, and privilege escalation. It includes a post-exploitation playbook for maintaining system persistence and clearing forensic traces. The documentation covers a broad range of security capabilities, including initial access, network pivoting and tunneling, and interna

    Voir sur GitHub↗4,606
  • gokcehan/lfAvatar de gokcehan

    gokcehan/lf

    9,340Voir sur GitHub↗

    lf is a terminal-based file manager and TUI file explorer that provides keyboard-driven navigation for browsing and organizing files and directories. It operates as a shell-integrated tool that synchronizes the current working directory with the calling shell and supports vi-style keybindings for filesystem operations. The project distinguishes itself through its ability to render images directly in the terminal via the SIXEL graphics protocol and its shell-driven execution model, which allows users to extend functionality using external shell scripts and commands. It also implements a server

    Gofile-managerterminal
    Voir sur GitHub↗9,340
  • frohoff/ysoserialAvatar de frohoff

    frohoff/ysoserial

    8,750Voir sur GitHub↗

    ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app

    Javadeserializationexploitgadget
    Voir sur GitHub↗8,750
  • empireproject/empireAvatar de EmpireProject

    EmpireProject/Empire

    7,813Voir sur GitHub↗

    Empire is a command and control framework and post-exploitation toolkit used for network penetration testing. It serves as a centralized platform for coordinating remote agent communication and automating the delivery of security testing payloads to target systems. The project provides a suite of modules for host reconnaissance, lateral movement, and credential harvesting across corporate environments. It functions as a remote administration tool to maintain persistence and execute commands on compromised hosts. The framework incorporates capabilities for agent orchestration and the executio

    PowerShell
    Voir sur GitHub↗7,813
  • fizzadar/pyinfraAvatar de Fizzadar

    Fizzadar/pyinfra

    5,793Voir sur GitHub↗

    pyinfra is an agentless infrastructure automation framework that turns declarative Python code into idempotent shell commands to manage servers, containers, and local machines over SSH without requiring any pre-installed software on target hosts. It operates by comparing the desired state of a system against its current state, using a dry-run simulation mode to preview changes and a fact-based conditional execution engine to gather host attributes at runtime and control which operations run. The tool compiles Python operations into optimized shell commands and executes them in parallel across

    Python
    Voir sur GitHub↗5,793
  • theporgs/exegolAvatar de ThePorgs

    ThePorgs/Exegol

    2,925Voir sur GitHub↗

    Exegol is an offensive security platform and containerized tooling orchestrator designed to deploy and manage isolated security operations environments. It functions as a workspace manager that provisions pre-configured security images and toolkits within Docker containers to protect host systems from malicious payloads. The platform distinguishes itself by integrating AI security workflow orchestration, allowing AI assistants to discover and trigger security tools through a standardized communication protocol. It further provides remote desktop gateway capabilities, enabling GUI access via X

    Pythonctfdockerhacking
    Voir sur GitHub↗2,925
  • k8gege/ladonAvatar de k8gege

    k8gege/Ladon

    5,297Voir sur GitHub↗

    Ladon is an internal network penetration scanner and vulnerability assessment tool designed to identify high-risk security flaws and assets across network segments. It operates as a fileless security scanner, executing its engine and modules directly in memory to avoid leaving a disk footprint on target systems. The project is distinguished by its integration as a plugin for command beacons, specifically within the Cobalt Strike framework. This allows for memory-resident network discovery and vulnerability detection. It further supports stealth operations through payload and script obfuscatio

    C#brute-forceexpexploit
    Voir sur GitHub↗5,297
  • rapid7/metasploit-frameworkAvatar de rapid7

    rapid7/metasploit-framework

    38,415Voir sur GitHub↗

    The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to

    Rubyhacktoberfest
    Voir sur GitHub↗38,415
  • rstacruz/cheatsheetsAvatar de rstacruz

    rstacruz/cheatsheets

    14,429Voir sur GitHub↗

    This project is a comprehensive collection of web development reference guides and technical cheat sheets. It provides a curated set of markdown-based documentation designed to help developers quickly locate syntax patterns and API examples for common web technologies and programming languages. The repository serves as a specialized reference library covering several distinct technical domains. It includes extensive guides for CSS, focusing on selectors, Flexbox, Grid, and responsive layout properties, as well as a DevOps command reference for Docker, Kubernetes, AWS, Ansible, and general she

    SCSS
    Voir sur GitHub↗14,429
  • trustedsec/social-engineer-toolkitAvatar de trustedsec

    trustedsec/social-engineer-toolkit

    14,984Voir sur GitHub↗

    The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br

    Python
    Voir sur GitHub↗14,984
  • docker-library/phpAvatar de docker-library

    docker-library/php

    4,026Voir sur GitHub↗

    This project provides a server-side language runtime and a standardized Docker image for deploying applications across different operating systems. It functions as an execution environment for generating dynamic HTML, JSON, and XML content, while also serving as a command line interface for automation scripts and background jobs. The runtime is designed for extensibility through a C-based extension architecture, allowing the loading of custom modules for specialized functionality. It supports multiple server application interfaces, including a FastCGI web interface for high-performance commun

    Dockerfile
    Voir sur GitHub↗4,026
  • webmin/webminAvatar de webmin

    webmin/webmin

    5,595Voir sur GitHub↗

    Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is

    HTML
    Voir sur GitHub↗5,595
  • xiaowenxia/embedded-notesAvatar de xiaowenxia

    xiaowenxia/embedded-notes

    3,998Voir sur GitHub↗

    embedded-notes is a collection of technical study guides and development notes focused on embedded Linux, Linux kernel internals, and C programming. It serves as a reference for embedded systems development and a preparation resource for technical interviews in the field. The project provides detailed documentation on writing device drivers, managing virtual memory, and understanding kernel internals. It also includes guides on IoT network protocols, such as MQTT and TCP/IP, and outlines the architectural details of chip architectures and hardware peripherals. The material covers a broad sur

    armcdriver
    Voir sur GitHub↗3,998
  • manisso/fsocietyAvatar de Manisso

    Manisso/fsociety

    12,136Voir sur GitHub↗

    fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram

    Pythonbrute-force-attacksdesktopexploitation
    Voir sur GitHub↗12,136