{"id":30825766,"url":"https://github.com/bhanunamikaze/wordpress_reverseshell","last_synced_at":"2026-05-14T22:39:28.191Z","repository":{"id":308910982,"uuid":"1034545022","full_name":"Bhanunamikaze/Wordpress_ReverseShell","owner":"Bhanunamikaze","description":"A stealth WordPress plugin designed for penetration testing and authorized security assessments. Masquerades as a legitimate \"System Health Monitor\" while providing reverse shell capabilities through multiple connection methods.","archived":false,"fork":false,"pushed_at":"2025-08-08T15:06:53.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-08T17:26:19.948Z","etag":null,"topics":["reverse-shell","wordpress","wordpress-plugin"],"latest_commit_sha":null,"homepage":"https://www.hackingdream.net/2024/04/wordpress-penetration-testing.html","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Bhanunamikaze.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-08T15:04:14.000Z","updated_at":"2025-08-08T15:11:47.000Z","dependencies_parsed_at":"2025-08-08T17:27:01.996Z","dependency_job_id":null,"html_url":"https://github.com/Bhanunamikaze/Wordpress_ReverseShell","commit_stats":null,"previous_names":["bhanunamikaze/wordpress_reverseshell"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Bhanunamikaze/Wordpress_ReverseShell","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bhanunamikaze%2FWordpress_ReverseShell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bhanunamikaze%2FWordpress_ReverseShell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bhanunamikaze%2FWordpress_ReverseShell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bhanunamikaze%2FWordpress_ReverseShell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Bhanunamikaze","download_url":"https://codeload.github.com/Bhanunamikaze/Wordpress_ReverseShell/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bhanunamikaze%2FWordpress_ReverseShell/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273900645,"owners_count":25187814,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-06T02:00:13.247Z","response_time":2576,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reverse-shell","wordpress","wordpress-plugin"],"created_at":"2025-09-06T12:10:31.254Z","updated_at":"2026-05-14T22:39:28.128Z","avatar_url":"https://github.com/Bhanunamikaze.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wordpress_ReverseShell\n\nA **stealth WordPress plugin** designed for penetration testing and authorized security assessments. Masquerades as a legitimate \"System Health Monitor\" while providing reverse shell capabilities through multiple connection methods.\n\n## ⚠️ **DISCLAIMER**\nThis tool is intended for **authorized penetration testing and security research ONLY**. Use only on systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical.\n\n## 🎯 **Features**\n\n### **Stealth Design**\n- **Legitimate appearance**: Looks like a professional WordPress health monitoring plugin\n- **Clean admin interface**: Professional WordPress-style dashboard\n- **Normal plugin behavior**: Follows WordPress development standards\n- **No suspicious file names**: Uses standard WordPress naming conventions\n\n### **Multiple Connection Methods**\n1. **fsockopen** - Standard PHP socket connection\n2. **stream_socket_client** - Alternative PHP socket method  \n3. **Bash /dev/tcp** - Direct bash redirection method\n4. **Try All Methods** - Sequential fallback testing\n\n### **Advanced Capabilities**\n- **Full shell session handling** with command execution logging\n- **Real-time command logging** with timestamps and execution metrics\n- **Session management** with timeout protection\n- **Input validation** for hosts/IPs and ports\n- **Comprehensive error handling** and diagnostics\n- **Log export functionality** for forensic analysis\n\n\n## 🚀 **Installation Guide**\n\n### **Method 1: Direct File Upload**\n\n1. **Download the plugin file**:\n   ```bash\n   wget https://github.com/bhanunamikaze/Wordpress_ReverseShell/raw/main/system-health-monitor.php\n   ```\n\n2. **Upload to WordPress**:\n   - Access your WordPress server via FTP/SSH\n   - Navigate to `/wp-content/plugins/`\n   - Create directory: `mkdir system-health-monitor`\n   - Upload file: `system-health-monitor.php` to the new directory\n\n3. **Activate the plugin**:\n   - Log into WordPress admin panel\n   - Go to **Plugins** → **Installed Plugins**\n   - Find \"System Health Monitor\"\n   - Click **Activate**\n\n### **Method 2: ZIP Upload (Recommended)**\n\n1. **Create plugin package**:\n   ```bash\n   # Create directory structure\n   mkdir system-health-monitor\n   cp system-health-monitor.php system-health-monitor/\n   zip -r system-health-monitor.zip system-health-monitor/\n   ```\n\n2. **Upload via WordPress admin**:\n   - Login to WordPress admin panel\n   - Navigate to **Plugins** → **Add New**\n   - Click **Upload Plugin**\n   - Choose `system-health-monitor.zip`\n   - Click **Install Now**\n   - Click **Activate Plugin**\n\n### **Method 3: Manual Installation**\n\n1. **Server access required**:\n   ```bash\n   # SSH into WordPress server\n   ssh user@your-wordpress-server.com\n   \n   # Navigate to plugins directory\n   cd /var/www/html/wp-content/plugins/\n   \n   # Create plugin directory\n   sudo mkdir system-health-monitor\n   sudo chown www-data:www-data system-health-monitor\n   \n   # Upload and set permissions\n   sudo cp /path/to/system-health-monitor.php system-health-monitor/\n   sudo chown www-data:www-data system-health-monitor/system-health-monitor.php\n   sudo chmod 644 system-health-monitor/system-health-monitor.php\n   ```\n\n\n## 📝 **Legal Notice**\n\nThis tool is provided for educational and authorized testing purposes only. Users are responsible for:\n\n- **Obtaining proper authorization** before use\n- **Complying with all applicable laws** and regulations\n- **Using only on owned or explicitly authorized systems**\n- **Responsible disclosure** of any vulnerabilities found\n\n**The authors assume no liability for misuse of this tool.**\n\n\n## 📄 **License**\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhanunamikaze%2Fwordpress_reverseshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbhanunamikaze%2Fwordpress_reverseshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhanunamikaze%2Fwordpress_reverseshell/lists"}