Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bartblaze/php-backdoors
A collection of PHP backdoors. For educational or testing purposes only.
https://github.com/bartblaze/php-backdoors
php php-backdoor webshell
Last synced: about 1 month ago
JSON representation
A collection of PHP backdoors. For educational or testing purposes only.
- Host: GitHub
- URL: https://github.com/bartblaze/php-backdoors
- Owner: bartblaze
- License: cc0-1.0
- Created: 2016-05-06T14:26:24.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2024-03-09T18:03:18.000Z (9 months ago)
- Last Synced: 2024-10-28T20:38:20.613Z (about 1 month ago)
- Topics: php, php-backdoor, webshell
- Language: PHP
- Size: 14.8 MB
- Stars: 2,204
- Watchers: 149
- Forks: 465
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-security-collection - **1870**星
README
# PHP-backdoors
A collection of PHP backdoors. For educational and/or testing purposes only.### Notes
* The [deobfuscated folder](Deobfuscated) does not necessarily contain deobfuscated versions of the backdoors you can find in the [obfuscated folder](Obfuscated). To deobfuscate those and other tricks, Check out the [PHP tools](PHP%20tools.md) section.
* Always investigate malware in a secure environment. This means: separately from your network and in a virtual machine!
* Some backdoors may be backdoored *(yes, really)*. Don't ever use this for any malicious purposes.
* The backdoors follow the format: *Backdoorname_SHA1.php*, granted the name of the backdoor is known.### PHP tools
This includes links to tools for the following:
* Deobfuscators (online and offline)
* Beautifiers (online and offline)
* Testers (running the code - do this in a secure environment!)Access the links to these tools directly from [here](PHP%20tools.md).
#### Other repos
* [webshell](https://github.com/tennc/webshell) - *This is a webshell open source project.*
* [php-exploit-scripts](https://github.com/mattiasgeniar/php-exploit-scripts/) - *A collection of PHP exploit scripts, found when investigating hacked servers.*
* [php-webshells](https://github.com/JohnTroony/php-webshells) - *Common php webshells.*
* [WebShell](https://github.com/tdifg/WebShell) - *WebShell Collect.*
* [webshellSample](https://github.com/tanjiti/webshellSample) - *Webshell sample for WebShell Log Analysis.*#### Other information
Read my blog post on '[C99Shell not dead](https://bartblaze.blogspot.com/2015/03/c99shell-not-dead.html)' for more information about PHP backdoors (and in particular *c99Shell*, which you can also find in this repository). You can also follow me on [Twitter](https://twitter.com/bartblaze).#### Detection
If you're trying to detect webshells like the ones mentioned in this repository, you may want to use [Yara](https://github.com/VirusTotal/yara) and scan your web server with the following Yara rules specifically for webshells:
[Yara-Rules/webshells](https://github.com/Yara-Rules/rules/tree/master/webshells)Alternatively, have a look at the [disinfection tips](https://bartblaze.blogspot.com/2015/03/c99shell-not-dead.html#disinfection) provided in my blog post.
# License
[![License](http://i.imgur.com/9811oXC.png?2)](https://creativecommons.org/publicdomain/zero/1.0/)To the extent possible under law, [bartblaze](https://github.com/bartblaze) has waived all copyright and related or neighboring rights to this work. He makes no warranties about the work, and disclaims liability for all uses of the work.