Displaying 1 to 14 from 14 results

Scanners-Box - The toolbox of open source scanners - 安全行业从业者自研开源扫描器合辑


Scanners Box is a collection of open source scanners which are from the github platform, including subdomain enumeration, database vulnerability scanners, weak passwords or information leak scanners, port scanners, fingerprint scanners, and other large scale scanners, modular scanner etc. For other Well-known scanning tools, such as: awvs,nmap,w3af will not be included in the scope of collection. The purpose of this collection is to provide various types of opensource security scanning tool that can help Internet companies to be more safer.

Mitigating-Web-Shells - Guidance for mitigation web shells. #nsacyber

  •    YARA

This repository houses a number of tools and signatures to help defend networks against web shell malware. More information about web shells and the analytics used by the tools here is available in NSA and ASD web shell mitigation guidance Detect and Prevent Web Shell Malware. Web shells are malicious files or code snippets that attackers put on compromised web servers to perform arbitrary, attacker-specified actions on the system or return requested data to which the system has access. Web shells are a well-known attacker technique, but they are often difficult to detect because of their proficiency in blending in with an existing web application.

php-malware-finder - Detect potentially malicious PHP files

  •    PHP

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. Of course it's trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for PMF, you likely belong to one (or both) category, and should re-read the previous statement.

rtty - Access your terminals from anywhere via the web(在任何地方通过web访问您的终端)

  •    C

It is composed of a client and a server. The client is written in pure C. The server is written in go language and the front-end interface is written in iview & Vue. You can access your terminals from anywhere via the web. Differentiate your different terminals by device ID(If the ID is not set, the MAC address of your device is used).

webshell-sample - 收集自网络各处的 webshell 样本,用于测试 webshell 扫描器检测率。

  •    PHP

收集自网络各处的 webshell 样本,用于测试 webshell 扫描器检测率。

nano - Nano is a family of PHP web shells which are code golfed for stealth.

  •    PHP

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient. Put it on watch maybe, I will continue to upload more webshells in here. This one a bit complex. Lets say you want to run system(ls) so write it as system~ls and then base64 encode it i.e. c3lzdGVtKGxzKQ== Now add any 1 character at the start of it. Let say 'x' so it will be xc3lzdGVtKGxzKQ== Now open your terminal and type the following command curl -H 'x: xc3lzdGVtKGxzKQ==' http://example.com/backdoored.php Too much work? You can use the handler instead.

novahot - A webshell framework for penetration testers.

  •    Javascript

novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements "virtual commands" that make it possible to upload, download, edit, and view remote files locallly using your preferred applications.

SuperTerm - 利用 webshell 创建交互式终端(Create an interactive terminal with webshell.)

  •    Javascript

利用 webshell 创建交互式终端(Create an interactive terminal with webshell.)

Fastener - Web版webshell

  •    HTML


We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.