{"id":13539730,"url":"https://github.com/bartblaze/php-backdoors","last_synced_at":"2025-04-02T06:31:24.601Z","repository":{"id":42459361,"uuid":"58212753","full_name":"bartblaze/PHP-backdoors","owner":"bartblaze","description":"A collection of PHP backdoors. For educational or testing purposes only.","archived":false,"fork":false,"pushed_at":"2024-03-09T18:03:18.000Z","size":15568,"stargazers_count":2221,"open_issues_count":1,"forks_count":470,"subscribers_count":150,"default_branch":"master","last_synced_at":"2025-03-24T01:35:44.272Z","etag":null,"topics":["php","php-backdoor","webshell"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bartblaze.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-06T14:26:24.000Z","updated_at":"2025-03-21T13:39:52.000Z","dependencies_parsed_at":"2024-10-28T20:34:31.910Z","dependency_job_id":"0d0e5713-c096-44f9-b316-53d7b9433f08","html_url":"https://github.com/bartblaze/PHP-backdoors","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bartblaze%2FPHP-backdoors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bartblaze%2FPHP-backdoors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bartblaze%2FPHP-backdoors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bartblaze%2FPHP-backdoors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bartblaze","download_url":"https://codeload.github.com/bartblaze/PHP-backdoors/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767937,"owners_count":20830578,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","php-backdoor","webshell"],"created_at":"2024-08-01T09:01:31.033Z","updated_at":"2025-04-02T06:31:19.583Z","avatar_url":"https://github.com/bartblaze.png","language":"PHP","readme":"# PHP-backdoors\nA collection of PHP backdoors. For educational and/or testing purposes only.\n\n\n### Notes\n* The [deobfuscated folder](Deobfuscated) does not necessarily contain deobfuscated versions of the backdoors you can find in the [obfuscated folder](Obfuscated). To deobfuscate those and other tricks, Check out the [PHP tools](PHP%20tools.md) section.\n* Always investigate malware in a secure environment. This means: separately from your network and in a virtual machine!\n* Some backdoors may be backdoored *(yes, really)*. Don't ever use this for any malicious purposes.\n* The backdoors follow the format: *Backdoorname_SHA1.php*, granted the name of the backdoor is known.\n\n### PHP tools\nThis includes links to tools for the following:\n* Deobfuscators (online and offline)\n* Beautifiers (online and offline)\n* Testers (running the code - do this in a secure environment!)\n\nAccess the links to these tools directly from [here](PHP%20tools.md).\n\n\n#### Other repos\n* [webshell](https://github.com/tennc/webshell) - *This is a webshell open source project.*\n* [php-exploit-scripts](https://github.com/mattiasgeniar/php-exploit-scripts/) - *A collection of PHP exploit scripts, found when investigating hacked servers.*\n* [php-webshells](https://github.com/JohnTroony/php-webshells) - *Common php webshells.*\n* [WebShell](https://github.com/tdifg/WebShell) - *WebShell Collect.*\n* [webshellSample](https://github.com/tanjiti/webshellSample) - *Webshell sample for WebShell Log Analysis.*\n\n\n\n#### Other information\nRead my blog post on '[C99Shell not dead](https://bartblaze.blogspot.com/2015/03/c99shell-not-dead.html)' for more information about PHP backdoors (and in particular *c99Shell*, which you can also find in this repository). You can also follow me on [Twitter](https://twitter.com/bartblaze).\n\n\n#### Detection\nIf you're trying to detect webshells like the ones mentioned in this repository, you may want to use [Yara](https://github.com/VirusTotal/yara) and scan your web server with the following Yara rules specifically for webshells:\n[Yara-Rules/webshells](https://github.com/Yara-Rules/rules/tree/master/webshells)\n\nAlternatively, have a look at the [disinfection tips](https://bartblaze.blogspot.com/2015/03/c99shell-not-dead.html#disinfection) provided in my blog post.\n\n\n\n# License\n[![License](http://i.imgur.com/9811oXC.png?2)](https://creativecommons.org/publicdomain/zero/1.0/)\n\nTo the extent possible under law, [bartblaze](https://github.com/bartblaze) has waived all copyright and related or neighboring rights to this work. He makes no warranties about the work, and disclaims liability for all uses of the work.\n","funding_links":[],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"783f861b9f822127dba99acb55687cbb\"\u003e\u003c/a\u003e工具","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":["\u003ca id=\"80301821d0f5d8ec2dd3754ebb1b4b10\"\u003e\u003c/a\u003ePayload\u0026\u0026远控\u0026\u0026RAT","\u003ca id=\"b5d99a78ddb383c208aae474fc2cb002\"\u003e\u003c/a\u003ePayload收集"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbartblaze%2Fphp-backdoors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbartblaze%2Fphp-backdoors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbartblaze%2Fphp-backdoors/lists"}