https://github.com/bhanunamikaze/wordpress_reverseshell
A stealth WordPress plugin designed for penetration testing and authorized security assessments. Masquerades as a legitimate "System Health Monitor" while providing reverse shell capabilities through multiple connection methods.
https://github.com/bhanunamikaze/wordpress_reverseshell
reverse-shell wordpress wordpress-plugin
Last synced: about 2 months ago
JSON representation
A stealth WordPress plugin designed for penetration testing and authorized security assessments. Masquerades as a legitimate "System Health Monitor" while providing reverse shell capabilities through multiple connection methods.
- Host: GitHub
- URL: https://github.com/bhanunamikaze/wordpress_reverseshell
- Owner: Bhanunamikaze
- License: mit
- Created: 2025-08-08T15:04:14.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2025-08-08T15:06:53.000Z (11 months ago)
- Last Synced: 2025-08-08T17:26:19.948Z (11 months ago)
- Topics: reverse-shell, wordpress, wordpress-plugin
- Language: PHP
- Homepage: https://www.hackingdream.net/2024/04/wordpress-penetration-testing.html
- Size: 9.77 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Wordpress_ReverseShell
A **stealth WordPress plugin** designed for penetration testing and authorized security assessments. Masquerades as a legitimate "System Health Monitor" while providing reverse shell capabilities through multiple connection methods.
## ⚠️ **DISCLAIMER**
This tool is intended for **authorized penetration testing and security research ONLY**. Use only on systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical.
## 🎯 **Features**
### **Stealth Design**
- **Legitimate appearance**: Looks like a professional WordPress health monitoring plugin
- **Clean admin interface**: Professional WordPress-style dashboard
- **Normal plugin behavior**: Follows WordPress development standards
- **No suspicious file names**: Uses standard WordPress naming conventions
### **Multiple Connection Methods**
1. **fsockopen** - Standard PHP socket connection
2. **stream_socket_client** - Alternative PHP socket method
3. **Bash /dev/tcp** - Direct bash redirection method
4. **Try All Methods** - Sequential fallback testing
### **Advanced Capabilities**
- **Full shell session handling** with command execution logging
- **Real-time command logging** with timestamps and execution metrics
- **Session management** with timeout protection
- **Input validation** for hosts/IPs and ports
- **Comprehensive error handling** and diagnostics
- **Log export functionality** for forensic analysis
## 🚀 **Installation Guide**
### **Method 1: Direct File Upload**
1. **Download the plugin file**:
```bash
wget https://github.com/bhanunamikaze/Wordpress_ReverseShell/raw/main/system-health-monitor.php
```
2. **Upload to WordPress**:
- Access your WordPress server via FTP/SSH
- Navigate to `/wp-content/plugins/`
- Create directory: `mkdir system-health-monitor`
- Upload file: `system-health-monitor.php` to the new directory
3. **Activate the plugin**:
- Log into WordPress admin panel
- Go to **Plugins** → **Installed Plugins**
- Find "System Health Monitor"
- Click **Activate**
### **Method 2: ZIP Upload (Recommended)**
1. **Create plugin package**:
```bash
# Create directory structure
mkdir system-health-monitor
cp system-health-monitor.php system-health-monitor/
zip -r system-health-monitor.zip system-health-monitor/
```
2. **Upload via WordPress admin**:
- Login to WordPress admin panel
- Navigate to **Plugins** → **Add New**
- Click **Upload Plugin**
- Choose `system-health-monitor.zip`
- Click **Install Now**
- Click **Activate Plugin**
### **Method 3: Manual Installation**
1. **Server access required**:
```bash
# SSH into WordPress server
ssh user@your-wordpress-server.com
# Navigate to plugins directory
cd /var/www/html/wp-content/plugins/
# Create plugin directory
sudo mkdir system-health-monitor
sudo chown www-data:www-data system-health-monitor
# Upload and set permissions
sudo cp /path/to/system-health-monitor.php system-health-monitor/
sudo chown www-data:www-data system-health-monitor/system-health-monitor.php
sudo chmod 644 system-health-monitor/system-health-monitor.php
```
## 📝 **Legal Notice**
This tool is provided for educational and authorized testing purposes only. Users are responsible for:
- **Obtaining proper authorization** before use
- **Complying with all applicable laws** and regulations
- **Using only on owned or explicitly authorized systems**
- **Responsible disclosure** of any vulnerabilities found
**The authors assume no liability for misuse of this tool.**
## 📄 **License**
This project is licensed under the MIT License - see the LICENSE file for details.