{"id":13537735,"url":"https://github.com/flozz/p0wny-shell","last_synced_at":"2025-05-15T02:07:43.930Z","repository":{"id":37733539,"uuid":"73319562","full_name":"flozz/p0wny-shell","owner":"flozz","description":"Single-file PHP shell","archived":false,"fork":false,"pushed_at":"2024-05-16T10:22:11.000Z","size":123,"stargazers_count":2348,"open_issues_count":2,"forks_count":657,"subscribers_count":42,"default_branch":"master","last_synced_at":"2025-04-13T23:55:45.650Z","etag":null,"topics":["pentesting","php-shell"],"latest_commit_sha":null,"homepage":"https://blog.flozz.fr/2020/01/21/p0wny-shell-un-shell-php-simple-mais-trop-efficace/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flozz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"flozz","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://www.paypal.me/0xflozz","https://www.buymeacoffee.com/flozz"]}},"created_at":"2016-11-09T20:41:01.000Z","updated_at":"2025-04-12T04:50:20.000Z","dependencies_parsed_at":"2024-01-13T16:25:23.420Z","dependency_job_id":"f9960209-8d75-4da3-b1ae-c2cee78efb2f","html_url":"https://github.com/flozz/p0wny-shell","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flozz%2Fp0wny-shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flozz%2Fp0wny-shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flozz%2Fp0wny-shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flozz%2Fp0wny-shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flozz","download_url":"https://codeload.github.com/flozz/p0wny-shell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254259383,"owners_count":22040820,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pentesting","php-shell"],"created_at":"2024-08-01T09:01:02.983Z","updated_at":"2025-05-15T02:07:43.912Z","avatar_url":"https://github.com/flozz.png","language":"PHP","funding_links":["https://github.com/sponsors/flozz","https://www.paypal.me/0xflozz","https://www.buymeacoffee.com/flozz"],"categories":["PHP","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","Table of Contents"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的","Penetration Testing Tools"],"readme":"# p0wny@shell:~# -- Single-file PHP Shell\n\n[![Discord](https://img.shields.io/badge/chat-Discord-8c9eff?logo=discord\u0026logoColor=ffffff)](https://discord.gg/P77sWhuSs4)\n\np0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.\n\n**Features:**\n\n* Command history (using arrow keys `↑` `↓`)\n* Auto-completion of command and file names (using `Tab` key)\n* Navigate on the remote file-system (using `cd` command)\n* Upload a file to the server (using `upload \u003cdestination_file_name\u003e` command)\n* Download a file from the server (using `download \u003cfile_name\u003e` command)\n\n**WARNING:** THIS SCRIPT IS A SECURITY HOLE. **DO NOT** UPLOAD IT ON A SERVER UNLESS YOU KNOW WHAT YOU ARE DOING!\n\n![Screenshot](./screenshot.png)\n\n\n**Demo with Docker:**\n\n        docker build -t p0wny .\n        docker run -it -p 8080:80 -d p0wny\n        # open with your browser http://127.0.0.1:8080/shell.php\n\n\n## Contributing\n\n### Questions\n\nIf you have any question, you can:\n\n* [Open an issue](https://github.com/flozz/p0wny-shell/issues) on GitHub\n* [Ask on Discord](https://discord.gg/P77sWhuSs4) (I am not always available to chat, but I try to answer to everyone)\n\n\n### Bugs\n\nPlease [open an issue](https://github.com/flozz/p0wny-shell/issues) on GitHub with as much information as possible if you found a bug:\n\n* Your operating system / Linux distribution (and its version)\n* The PHP version you are using (example: `PHP-FPM 8.1`, `Apache mod_php 7.4`,...)\n* The Web server you are using and its version (example: `Nginx 1.23`, `Apache 2.4.55`,...)\n* All the logs and message outputted by the software\n* etc.\n\n\n### Pull requests\n\nPlease consider [filing a bug](https://github.com/flozz/p0wny-shell/issues) before starting to work on a new feature; it will allow us to discuss the best way to do it. It is obviously unnecessary if you just want to fix a typo or small errors in the code.\n\n\n## Support this project\n\nWant to support this project?\n\n* [☕️ Buy me a coffee](https://www.buymeacoffee.com/flozz)\n* [💵️ Give me a tip on PayPal](https://www.paypal.me/0xflozz)\n* [❤️ Sponsor me on GitHub](https://github.com/sponsors/flozz)\n\n\n## Changelog\n\n* **v2023.08.10:**\n  * Make p0wny@shell compatible with PHP 5.3 (@FrancoisCapon, #38)\n* **v2023.05.28:**\n  * Encode all data fields as base64 to avoid encoding errors, especially on Windows (@cli-ish, #8, #35)\n* **v2023.05.22:**\n  * Display the username and the hostname in the prompt (@cli-ish, #33, #7)\n* **v2023.05.10:**\n  * Try different execution functions (`exec`, `shell_exec`, `system`, `passthru`, `popen`, `proc_open`) to run commands to bypass disabled functions (@cli-ish, #31, #32)\n* **v2023.02.27:**\n  * Make terminal window resizable (@FrancoisCapon, #27)\n* **v2023.02.13:**\n  * Larger terminal size on large screens (@psyray, #26)\n  * No more horozontal scrolling on small screens (@flozz)\n* **v2022.09.19:**\n  * Expand path in `cd` command (`cd ~`, `cd ~username`,...)\n  * Go home when running cd withoud argument.\n  * → Thanks @FrancoisCapon for the suggestion (#25)\n* **v2021.01.24:**\n  * Style improvements:\n    * Better-looking scrollbar on webkit (@nakamuraos)\n    * Display a smaller logo on mobile (@nakamuraos)\n  * Ergonomic improvements:\n    * Focus the command field when clicking the page (@nakamuraos)\n    * Put the cursor at the end of the command field while navigating the history (@nakamuraos)\n* **v2019.06.07:**\n  * Adds the `clear` command to clear the terminal (@izharaazmi #12)\n* **v2018.12.15:**\n  * File upload and download feature (@Oshawk #5)\n* **v2018.06.01:**\n  * Auto-completion of command and file names (@lo001 #2)\n  * Adaptation to mobile devices (responsive) (@lo001 #2)\n  * Improved handling of stderr (@lo001 #2)\n* **v2018.05.30:**\n  * ES5 compatibility (@lo00l #1)\n  * Dependency to JQuery removed (@lo00l #1)\n  * Command history using arrow keys (@lo00l #1)\n  * Keep the command field focused when pressing the tab key\n* **v2017.10.30:**\n  * CSS: invalid color fixed\n* **v2016.11.10:**\n  * Initial release\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflozz%2Fp0wny-shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflozz%2Fp0wny-shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflozz%2Fp0wny-shell/lists"}