30 open-source projects similar to pentestmonkey/php-reverse-shell, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Php Reverse Shell alternative.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs. The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID s
Hoaxshell is a command and control system for Windows remote command execution. It provides a framework for generating and managing reverse shell payloads that utilize an HTTP beaconing protocol, where victim clients periodically poll a handler to receive and execute instructions. The project distinguishes itself through its ability to bypass PowerShell Constrained Language Mode using specialized payload generation. It supports encrypted command and control via TLS certificate injection and provides mechanisms for remote session recovery, allowing a handler to reestablish control over active
jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra
pyinfra is a Python-based infrastructure automation framework that turns Python code into shell commands for managing servers, Docker containers, and local machines. It operates as a declarative, idempotent deployment tool, applying desired system states by comparing target configurations against current states and making only the necessary changes. The framework provides a connector-based transport abstraction that unifies SSH, Docker, and local execution behind a common interface, with a parallel execution engine that manages concurrent operations across hosts. The tool distinguishes itself
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
This project provides secure, containerized infrastructure designed for autonomous agents, remote code execution, and cloud development. It functions as a sandboxed environment where AI agents and external processes can execute code, run shell commands, and manage files while remaining isolated from the host system. The system distinguishes itself by implementing the Model Context Protocol, allowing it to act as a standardized tool server that exposes browser and filesystem capabilities to compatible clients. It further integrates headless browser automation, enabling programmatic web navigat
Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag
Asterinas is a memory-safe operating system kernel designed to prevent data races and memory corruption. It functions as a Linux-ABI compatible kernel, enabling the execution of existing Linux binaries and container workloads while providing a declarative operating system distribution model. The project distinguishes itself by acting as a virtual machine container host and a confidential computing guest OS, allowing it to run within hardware-isolated Trusted Execution Environments such as Intel TDX. It implements a minimal trusted computing base by isolating unsafe low-level operations and se
DesktopCommanderMCP is a Model Context Protocol (MCP) server that gives AI agents direct access to local files, shell commands, and system processes through natural language instructions. It acts as a unified bridge between conversational commands and desktop operations, enabling an AI to translate plain English into file management, code editing, system command execution, data analysis, and software scaffolding tasks without needing its own API. The server exposes these capabilities as structured tools via the MCP protocol, so any compatible agent can interact with the local environment in a
Empire is a post-exploitation command-and-control (C2) framework designed for red team operations. It deploys and manages agents written in PowerShell, Python, C#, Go, and C across Windows, Linux, and macOS, using encrypted communication channels over HTTP, HTTPS, and SMB. The framework executes over 400 built-in modules for reconnaissance, privilege escalation, credential theft, and lateral movement, and provides a modular engine for authoring custom attack modules. What sets Empire apart is its multi-language agent deployment system, which allows operators to choose implants that suit each
NetExec is a framework for concurrent credential spraying and remote command execution across network protocols. It provides input sanitization and command parsing to reduce injection risks, a plugin-based protocol abstraction that dispatches credentials and commands uniformly regardless of transport, and session and token lifecycle management for long-running multi-command operations. Results from concurrent executions are collected and normalized through a result aggregation pipeline. The framework includes a concurrent job scheduler that manages worker threads for parallel execution across
This project is a technical guide and reference for internal network penetration testing. It serves as a collection of procedures for exploiting and navigating private corporate networks during security assessments. The repository provides specialized manuals and cheat sheets focused on active directory attacks, lateral movement, and privilege escalation. It includes a post-exploitation playbook for maintaining system persistence and clearing forensic traces. The documentation covers a broad range of security capabilities, including initial access, network pivoting and tunneling, and interna
Godzilla is a post-exploitation toolkit and webshell management framework designed for remote administration, credential extraction, and memory shell injection. It provides a centralized platform to deploy, control, and monitor encrypted remote access scripts across multiple server environments. The project differentiates itself through a memory shell injector that loads binaries and shellcode directly into server memory to avoid disk-based detection. It also employs polyglot payload injection, deploying encrypted scripts across various language environments to maintain persistent connections
lf is a terminal-based file manager and TUI file explorer that provides keyboard-driven navigation for browsing and organizing files and directories. It operates as a shell-integrated tool that synchronizes the current working directory with the calling shell and supports vi-style keybindings for filesystem operations. The project distinguishes itself through its ability to render images directly in the terminal via the SIXEL graphics protocol and its shell-driven execution model, which allows users to extend functionality using external shell scripts and commands. It also implements a server
ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app
Empire is a command and control framework and post-exploitation toolkit used for network penetration testing. It serves as a centralized platform for coordinating remote agent communication and automating the delivery of security testing payloads to target systems. The project provides a suite of modules for host reconnaissance, lateral movement, and credential harvesting across corporate environments. It functions as a remote administration tool to maintain persistence and execute commands on compromised hosts. The framework incorporates capabilities for agent orchestration and the executio
pyinfra is an agentless infrastructure automation framework that turns declarative Python code into idempotent shell commands to manage servers, containers, and local machines over SSH without requiring any pre-installed software on target hosts. It operates by comparing the desired state of a system against its current state, using a dry-run simulation mode to preview changes and a fact-based conditional execution engine to gather host attributes at runtime and control which operations run. The tool compiles Python operations into optimized shell commands and executes them in parallel across
TermSCP is a multi-protocol terminal user interface file manager used for browsing and transferring files across SCP, SFTP, FTP, S3, and WebDAV. It functions as a secure remote connection manager and an SSH file transfer client, providing a keyboard-driven environment for remote server administration. The project features a dual-pane filesystem explorer with synchronized navigation to keep local and remote views in lockstep. It integrates an embedded terminal shell for executing local and remote commands without leaving the interface and employs a remote-file edit proxy to allow modifications
Exegol is an offensive security platform and containerized tooling orchestrator designed to deploy and manage isolated security operations environments. It functions as a workspace manager that provisions pre-configured security images and toolkits within Docker containers to protect host systems from malicious payloads. The platform distinguishes itself by integrating AI security workflow orchestration, allowing AI assistants to discover and trigger security tools through a standardized communication protocol. It further provides remote desktop gateway capabilities, enabling GUI access via X
Ladon is an internal network penetration scanner and vulnerability assessment tool designed to identify high-risk security flaws and assets across network segments. It operates as a fileless security scanner, executing its engine and modules directly in memory to avoid leaving a disk footprint on target systems. The project is distinguished by its integration as a plugin for command beacons, specifically within the Cobalt Strike framework. This allows for memory-resident network discovery and vulnerability detection. It further supports stealth operations through payload and script obfuscatio
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
This project is a comprehensive collection of web development reference guides and technical cheat sheets. It provides a curated set of markdown-based documentation designed to help developers quickly locate syntax patterns and API examples for common web technologies and programming languages. The repository serves as a specialized reference library covering several distinct technical domains. It includes extensive guides for CSS, focusing on selectors, Flexbox, Grid, and responsive layout properties, as well as a DevOps command reference for Docker, Kubernetes, AWS, Ansible, and general she
The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br
This project provides a server-side language runtime and a standardized Docker image for deploying applications across different operating systems. It functions as an execution environment for generating dynamic HTML, JSON, and XML content, while also serving as a command line interface for automation scripts and background jobs. The runtime is designed for extensibility through a C-based extension architecture, allowing the loading of custom modules for specialized functionality. It supports multiple server application interfaces, including a FastCGI web interface for high-performance commun
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
embedded-notes is a collection of technical study guides and development notes focused on embedded Linux, Linux kernel internals, and C programming. It serves as a reference for embedded systems development and a preparation resource for technical interviews in the field. The project provides detailed documentation on writing device drivers, managing virtual memory, and understanding kernel internals. It also includes guides on IoT network protocols, such as MQTT and TCP/IP, and outlines the architectural details of chip architectures and hardware peripherals. The material covers a broad sur
fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram
This project is a suite of tools for generating encoded shell commands and network listener configurations used in offensive security operations. It provides a collection of command generators for various shells and listeners to establish remote access during security penetration tests. The tool features a reverse shell payload generator that creates encoded command strings and a network listener command generator that produces the server-side syntax needed to accept incoming network connections. It includes a Base64 command encoder to transform shell commands into encoded strings to bypass s