Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bartblaze/php-backdoors

A collection of PHP backdoors. For educational or testing purposes only.
https://github.com/bartblaze/php-backdoors

php php-backdoor webshell

Last synced: 8 days ago
JSON representation

A collection of PHP backdoors. For educational or testing purposes only.

Host: GitHub
URL: https://github.com/bartblaze/php-backdoors
Owner: bartblaze
License: cc0-1.0
Created: 2016-05-06T14:26:24.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2024-03-09T18:03:18.000Z (8 months ago)
Last Synced: 2024-10-28T20:38:20.613Z (13 days ago)
Topics: php, php-backdoor, webshell
Language: PHP
Size: 14.8 MB
Stars: 2,204
Watchers: 149
Forks: 465
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

awesome-security-collection - **1870**星

README

        # PHP-backdoors

A collection of PHP backdoors. For educational and/or testing purposes only.

### Notes

* The [deobfuscated folder](Deobfuscated) does not necessarily contain deobfuscated versions of the backdoors you can find in the [obfuscated folder](Obfuscated). To deobfuscate those and other tricks, Check out the [PHP tools](PHP%20tools.md) section.

* Always investigate malware in a secure environment. This means: separately from your network and in a virtual machine!

* Some backdoors may be backdoored *(yes, really)*. Don't ever use this for any malicious purposes.

* The backdoors follow the format: *Backdoorname_SHA1.php*, granted the name of the backdoor is known.

### PHP tools

This includes links to tools for the following:

* Deobfuscators (online and offline)

* Beautifiers (online and offline)

* Testers (running the code - do this in a secure environment!)

Access the links to these tools directly from [here](PHP%20tools.md).

#### Other repos

* [webshell](https://github.com/tennc/webshell) - *This is a webshell open source project.*

* [php-exploit-scripts](https://github.com/mattiasgeniar/php-exploit-scripts/) - *A collection of PHP exploit scripts, found when investigating hacked servers.*

* [php-webshells](https://github.com/JohnTroony/php-webshells) - *Common php webshells.*

* [WebShell](https://github.com/tdifg/WebShell) - *WebShell Collect.*

* [webshellSample](https://github.com/tanjiti/webshellSample) - *Webshell sample for WebShell Log Analysis.*

#### Other information

Read my blog post on '[C99Shell not dead](https://bartblaze.blogspot.com/2015/03/c99shell-not-dead.html)' for more information about PHP backdoors (and in particular *c99Shell*, which you can also find in this repository). You can also follow me on [Twitter](https://twitter.com/bartblaze).

#### Detection

If you're trying to detect webshells like the ones mentioned in this repository, you may want to use [Yara](https://github.com/VirusTotal/yara) and scan your web server with the following Yara rules specifically for webshells:

[Yara-Rules/webshells](https://github.com/Yara-Rules/rules/tree/master/webshells)

Alternatively, have a look at the [disinfection tips](https://bartblaze.blogspot.com/2015/03/c99shell-not-dead.html#disinfection) provided in my blog post.

# License

[![License](http://i.imgur.com/9811oXC.png?2)](https://creativecommons.org/publicdomain/zero/1.0/)

To the extent possible under law, [bartblaze](https://github.com/bartblaze) has waived all copyright and related or neighboring rights to this work. He makes no warranties about the work, and disclaims liability for all uses of the work.