A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.
☆865Feb 26, 2024Updated 2 years ago
Alternatives and similar repositories for php-exploit-scripts
Users that are interested in php-exploit-scripts are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A collection of PHP backdoors. For educational or testing purposes only.☆2,269Mar 9, 2024Updated 2 years ago
- Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!☆1,949Mar 3, 2021Updated 5 years ago
- Detect potentially malicious PHP files☆1,475Oct 20, 2023Updated 2 years ago
- WebShell Collect☆393Sep 14, 2016Updated 9 years ago
- Automated Linux evil maid attack☆436Dec 22, 2015Updated 10 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Miscellaneous exploit code☆1,573Oct 6, 2023Updated 2 years ago
- linux rootkit☆162Feb 12, 2018Updated 8 years ago
- webshell sample for WebShell Log Analysis☆418Feb 24, 2022Updated 4 years ago
- A Ruby framework designed to aid in the penetration testing of WordPress systems.☆1,047Nov 24, 2019Updated 6 years ago
- Chromebackdoor is a PoC of pentest tool, this tool use a MITB technique for generate a windows executable ".exe" after launch run a malic…☆514Jan 8, 2017Updated 9 years ago
- Script to steal passwords from ssh.☆489Dec 19, 2018Updated 7 years ago
- A Python Framework For NoSQL Scanning and Exploitation☆604Dec 6, 2024Updated last year
- Weaponized web shell☆3,532Oct 1, 2025Updated 9 months ago
- Nashorn Post Exploitation☆32Feb 12, 2018Updated 8 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor☆2,480May 6, 2024Updated 2 years ago
- A collection of curated Java Deserialization Exploits☆594May 16, 2021Updated 5 years ago
- A tool that can scan php vulnerabilities automatically using static analysis methods☆489Mar 20, 2018Updated 8 years ago
- Exploitation for XSS☆736Aug 5, 2021Updated 4 years ago
- Next Generation Firewall Audit and Bypass Tool☆266Apr 24, 2017Updated 9 years ago
- Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective wa…☆313Sep 10, 2018Updated 7 years ago
- Post Exploitation Collection☆1,582May 1, 2020Updated 6 years ago
- Stealing CSRF tokens with CSS injection (without iFrames)☆323Feb 7, 2018Updated 8 years ago
- WAFNinja is a tool which contains two functions to attack Web Application Firewalls.☆828Dec 6, 2017Updated 8 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Advanced Web Shell☆580May 1, 2017Updated 9 years ago
- Recon, Subdomain Bruting, Zone Transfers☆230Aug 2, 2016Updated 9 years ago
- This is a webshell open source project☆10,741Dec 24, 2024Updated last year
- PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container☆408Feb 27, 2023Updated 3 years ago
- Command line utility for searching and downloading exploits☆1,813Sep 10, 2025Updated 9 months ago
- A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network☆575Dec 9, 2017Updated 8 years ago
- Collection of tools for web recon and enumeration.☆57Jun 3, 2015Updated 11 years ago
- Malware exploits☆567Aug 22, 2025Updated 10 months ago
- online port scan scraper☆1,121Aug 7, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- a fast domain brute tool☆413Mar 2, 2018Updated 8 years ago
- Vulnerability Labs for security analysis☆1,166Mar 10, 2021Updated 5 years ago
- Find exploits in local and online databases instantly☆1,836Sep 27, 2021Updated 4 years ago
- Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective wa…☆725Nov 19, 2017Updated 8 years ago
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner☆1,947Apr 13, 2022Updated 4 years ago
- Your interpreter isn’t safe anymore — The PHP module backdoor☆222Mar 25, 2019Updated 7 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆426Feb 18, 2020Updated 6 years ago