Awesome

所有收集类项目:

收集的所有开源工具: sec-tool-list: 超过18K, 包括Markdown和Json两种格式
逆向资源: awesome-reverse-engineering: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/...
网络相关的安全资源: awesome-network-stuff: 代理/GFW/反向代理/隧道/VPN/Tor/I2P，以及中间人/PortKnocking/嗅探/网络分析/网络诊断等
攻击性网络安全资源: awesome-cyber-security: 漏洞/渗透/物联网安全/数据渗透/Metasploit/BurpSuite/KaliLinux/C&C/OWASP/免杀/CobaltStrike/侦查/OSINT/社工/密码/凭证/威胁狩猎/Payload/WifiHacking/无线攻击/后渗透/提权/UAC绕过/...
开源远控和恶意远控分析报告: awesome-rat: 开源远控工具: Windows/Linux/macOS/Android; 远控类恶意恶意代码的分析报告等

webshell

English Version

<a id="bad06ceb38098c26b1b8b46104f98d25"></a>工具

<a id="faa91844951d2c29b7b571c6e8a3eb54"></a>新添加

[1782星][4m] [Py] epinna/weevely3 用于后渗透的Web Shell，可以在运行时通过网络对其进行扩展
[1770星][2y] [CSS] b374k/b374k a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc.
[1059星][1m] [Py] yzddmr6/webshell-venom 免杀webshell无限生成工具(利用随机异或无限免杀D盾)
[617星][1y] [Shell] wireghoul/htshells 自包含的Web Shell和通过.htaccess文件进行的其他攻击。
[538星][3y] [PHP] dotcppfile/daws Advanced Web Shell
[441星][4y] [C#] keepwn/altman the cross platform webshell tool in .NET
[434星][1y] [Py] shmilylty/cheetah a very fast brute force webshell password tool
[354星][8m] [PHP] s0md3v/nano PHP Webshell家族
[321星][2y] [PHP] tanjiti/webshellsample webshell sample for WebShell Log Analysis
[282星][1y] [JS] chrisallenlane/novahot Webshell框架，实现了基于Json的API，可与任何语言编写的后门（默认支持PHP/Ruby/Python）进行通信。
[245星][9m] [Py] antoniococo/sharpyshell ASP.NET webshell，小型，混淆，针对C# Web App
[209星][7m] [PHP] samdark/yii2-webshell Web shell allows to run yii console commands using a browser
[206星][3m] [JS] yzddmr6/as_webshell_venom 免杀webshell无限生成工具蚁剑版
[203星][6m] [Py] ares-x/awd-predator-framework AWD攻防赛webshell批量利用框架
[189星][2y] [Java] rebeyond/memshell a webshell resides in the memory of java web server
[181星][2y] [PHP] lcatro/php-webshell-bypass-waf 分享PHP WebShell 绕过WAF 的一些经验
[173星][12m] [Java] joychou93/webshell 入侵分析时发现的Webshell后门
[167星][7y] [PHP] secrule/falcon 基于inotify-tools 开发的Web服务器文件监控平台能够实时监控Web目录文件变化(新增，修改，删除)，判断文件内容是否包含恶意代码，自动隔离常见Webshell，保证Web目录文件安全
[133星][10m] [PHP] k4mpr3t/b4tm4n Php webshell
[124星][8y] evilcos/python-webshell webshell writen in python
[121星][3y] malwares/webshell WebShell Dump
[106星][3y] [JS] boy-hack/webshellmanager w8ay 一句话WEB端管理工具
[99星][1y] [Py] wonderqs/blade A webshell connection tool with customized WAF bypass payloads
[98星][2y] [Java] securityriskadvisors/cmd.jsp A super small jsp webshell with file upload capabilities.
[96星][2y] [Java] tengzhangchao/pycmd python+php+jsp WebShell（一句话木马）
[82星][5y] [Py] xypiie/webshell a web-based ssh shell.
[78星][3y] [PHP] secwiki/webshell-2 Webshell
[77星][2y] [Py] wofeiwo/webshell-find-tools 分析web访问日志以及web目录文件属性，用于根据查找可疑后门文件的相关脚本。
[76星][8m] [PHP] s9mf/s9mf-php-webshell-bypass 为方便WAF入库的项目 | 分享PHP免杀大马 | 菜是原罪 | 多姿势(假的就一个)
[76星][3y] [C#] zcgonvh/cve-2017-7269-tool CVE-2017-7269 to webshell or shellcode loader
[73星][4y] [PHP] phith0n/b374k PHP Webshell with handy features
[68星][2y] [Py] 3xp10it/xdump Drag database with "one sentence" webshell
[61星][8m] [PHP] michyamrane/wso-webshell php webshell
[47星][2y] [PHP] whitewinterwolf/wwwolf-php-webshell WhiteWinterWolf's PHP web shell
[47星][5y] [PHP] cloudsec/aioshell A php webshell run under linux based webservers. v0.05
[45星][3y] [Py] threatexpress/subshell a python command shell used to control and execute commands through HTTP requests to a webshell.
[40星][5y] evi1m0/webshell This is a webshell open source project
[40星][4y] [PHP] wso-shell/wso WSO SHELL , wso shell , WSO.php , wso.php , webshell , wso-shell веб-шелл , шелл , WSO2.5 , WSO2.5.1 , WSO2.php , Shell download, C99 , r57 , bypass shell , P.A.S. (php web-shell) , PPS 4.0 , Скачать WSO Web Shell , Скачать wso.php , Скачать Web Shell
[39星][5y] [PHP] ridter/webshell This is a webshell open source project
[36星][2m] [PHP] linuxsec/indoxploit-shell IndoXploit Webshell V.3
[32星][5y] jgor/php-jpeg-shell Simple PHP webshell with a JPEG header to bypass weak image verification checks
[32星][4y] [PHP] wstart/webshell This is a webshell open source project
[31星][2y] [Py] bwsw/webshell Docker container which includes Shellinabox and enables SSH connections to arbitrary (not where installed) servers
[30星][9m] [Py] 3xp10it/xupload A tool for automatically testing whether the upload function can upload webshell
[30星][4y] [PHP] fuzzdb-project/webshell This is a webshell open source project
[27星][11d] [JS] onrik/django-webshell Django application for running python code in your project's environment from django admin.
[21星][3y] [Py] l-codes/oneshellcrack a very very fast brute force webshell password tool
[21星][4y] [PHP] secwiki/webshell This is a webshell open source project
[18星][2y] [ASP] grcod/poly polymorphic webshells
[18星][2y] [PHP] incredibleindishell/php-web-shells when i started web application security testing, i fall in love with web shell development and designed some PHP based web shells. This repository contains all my codes which i released in public.
[17星][4y] [PHP] abcdlzy/webshell-manager 一句话木马管理工具，重复造轮子项目
[16星][2y] [PHP] the404hacking/b374k-mini PHP Webshell with handy features.
[15星][2y] [PHP] abdilahrf/kerang Kerang is a Another Webshell Backdoor, For Educational Purposes!
[15星][5y] [ASP] le4f/aspexec asp命令执行webshell
[14星][7m] [PHP] tengzhangchao/maskfindshell linux下webshell查杀工具
[14星][3y] [Py] wangyihang/webshellcracker WebShell密码爆破工具
[13星][7y] [PHP] lordwolfer/webshells This is a compilation of various shells that I had found in the wild.
[11星][3y] [PHP] linuxsec/shu-shell Webshell Jumping Edition
[11星][4y] [JS] maestrano/webshell-server Web based shell with configurable authentication
[11星][3y] [C#] niemand-sec/razorsyntaxwebshell Webshell for Razor Syntax (C#)
[10星][2y] [ASP] grcod/webshells php - asp - aspx
[9星][1y] [PHP] itskindred/php-web-shell A Simple PHP Web Shell used for Remote Code Execution.
[8星][2y] [C++] euphrat1ca/hatchet cknife（webshell manager）
[8星][3y] [PHP] magicming200/evil-koala-php-webshell 邪恶考拉php webshell。
[8星][2y] dubfr33/atlassian-webshell-plugin Webshell plugin that works on any Atlassian product employing their plugin framework
[7星][8m] [PHP] chrissy-morgan/php-webshell-deobfuscator A Tool written in Python to help de-obfuscate the $GLOBALS type malware.
[7星][2y] [PHP] josexv1/wso-webshell Copy of WSO-Webshell made by @Hardlinux
[6星][1y] [PHP] evil7/webshell Some webshell useful like spy udf silic chatroom
[4星][4y] [PHP] blackhalt/webshells An list of webshell vulnerability injection.
[4星][12m] [PHP] brianwrf/priwebshell For Webshell downloading
[4星][2y] [Java] 0x4e0x650x6f/pwn4jshell Java Web shell project
[3星][4y] [JS] mhelwig/wp-webshell-xss A simple wordpress webshell injector
[3星][3m] [PHP] tulungagungcyberlink/webshellbackdoor WebShell Backdoor. Use at your own risk.
[2星][2y] [PHP] blue-bird1/webshell webshell
[2星][2y] [PHP] thepacketbender/webshells webshells written with malice
[2星][6m] [Py] cbiu/rsawebshell 主要用于AWD的RSA加密WebShell
[2星][2y] [Py] mperlet/pomsky lightweight webshell
[1星][3y] [Py] doyler/rwsh Ray's Web SHell
[1星][6y] ettack/webshellccl A python script help with webshell bypassing.
[1星][2y] [C++] pikeman20/webshell
[1星][2y] [Py] tincho9/webshell-protector A small POC of defense from webshells
[1星][2y] [Ruby] lolwaleet/rubshell A simple (and ugly) ruby-based webshell.
[1星][2y] [Py] jubal-r/tinywebshell A small, simple php web shell with an interactive console
[1星][2y] [Swift] wdg/webshell-builder A WebShell application builder (no use of Xcode)
[1星][2y] [ASP] badc0d3/webshellcreator Simple Python script to create webshells
[0星][3y] aaspky/webshell
[0星][3y] dinamsky/webshell
[0星][2y] [PHP] kap0k/caidao_encrypt In order to bypass waf, we use a php server, as a proxy, to encrypt the data flow between the China Chopper and the webshell. This tool is just for study and research.
[0星][4y] [PHP] kuniasahi/mpshell my php webshell
[0星][3y] tghosth/webshelljar
[0星][3y] zh3feng/php-webshell-checker PHP-WebShell-Checker

<a id="e08366dcf7aa021c6973d9e2a8944dff"></a>Webshell收集

[22055星][27d] [PHP] danielmiessler/seclists 多种类型资源收集：用户名、密码、URL、敏感数据类型、Fuzzing Payload、WebShell等
[5181星][24d] [PHP] tennc/webshell webshell收集
[2307星][30d] [PS] k8gege/k8tools K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
[1392星][4y] [PHP] johntroony/php-webshells Common php webshells. Do not host the file(s) on your server!
[682星][3y] [PHP] xl7dev/webshell Webshell && Backdoor Collection
[428星][1y] [PHP] ysrc/webshell-sample 收集自网络各处的 webshell 样本，用于测试 webshell 扫描器检测率。
[369星][1m] [PHP] blackarch/webshells Various webshells. We accept pull requests for additions to this collection.
[289星][13d] [Java] mr-xn/penetration_testing_poc 渗透测试有关的POC、EXP、脚本、提权、小工具等
[244星][3y] [PHP] tdifg/webshell WebShell Collect
[156星][2y] [ASP] testsecer/webshell 这是一个WebShell收集项目
[150星][2y] [Py] vduddu/malware Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools
[145星][3y] [PHP] webshellpub/awsome-webshell webshell样本大合集。收集各种webshell用于webshell分析与发现
[50星][3y] 0xhjk/caidao 中国菜刀及其衍生版本的Webshell管理工具收集
[48星][2y] [PHP] backlion/webshell 这是一些常用的webshell
[37星][4m] [PHP] x-o-r-r-o/php-webshells-collection Most Wanted Private and Public PHP Web Shells Can Be Downloaded Here. (Educational Purpose Only)
[23星][3y] [PHP] 3xp10it/xwebshell 免杀webshell集合
[23星][2y] [PHP] xiaoxiaoleo/xiao-webshell a collection of webshell
[7星][3y] [Py] shewey/webshell 各种漏洞PoC、ExP的收集或编写
[4星][3m] [PHP] suryamaulana/webshellbackdoor WebShell Backdoor Collection.
[1星][2y] [PHP] 12345bt/webshell webshell收集项目

<a id="3d555f25d9775b58890a8f82bc8c2a0b"></a>Webshell管理

[310星][9m] [Py] wangyihang/webshell-sniper webshell管理器，命令行工具
[232星][5y] [PHP] smaash/quasibot complex webshell manager, quasi-http botnet.
[50星][3m] [C#] guillac/wsmanager Webshell Manager

<a id="39e5bd43766abbdbc518390d86b3a0a5"></a>Webshell检测

[637星][4y] [PHP] emposha/php-shell-detector a php script that helps you find and identify php/cgi(perl)/asp/aspx shells.
[501星][8m] [ASP] landgrey/webshell-detect-bypass 绕过专业工具检测的Webshell研究文章和免杀的Webshell
[298星][4y] [Py] emposha/shell-detector a application that helps you find and identify php/cgi(perl)/asp/aspx shells.
[189星][1y] [Py] he1m4n6a/findwebshell 基于python开发的webshell检测工具。
[106星][3y] [Py] lingerhk/fshell 基于机器学习的分布式webshell检测系统
[92星][2y] [Py] lcatro/webshell-detect-by-machine-learning 使用机器学习识别WebShell
[85星][2y] [Py] hi-wenr0/mlcheckwebshell 机器学习检测Webshell
[33星][3y] [Py] jkkj93/mint-webshell-defender 薄荷WEBSHELL防御系统，是一款WEBSHELL查杀/防御软件，采用PYTHON编写
[33星][2y] [Java] mindawei/aliyun-safe-match Webshell和钓鱼网站检测（阿里云安全算法挑战赛第29名）
[21星][6m] [Py] manhnho/shellsum A defense tool - detect web shells in local directories via md5sum
[15星][5m] [Java] wh1t3p1g/monitorclient 网站实时监控文件变动及webshell检测查杀工具
[12星][2y] [Py] mylamour/oops-webshell Oops, It's funny to detect a webshell. Temporarily not maintained
[10星][4y] [PHP] k0u5uk3/obfuscated-php-webshell-detector obfuscated-php-webshell-detector - Detect PHP Webshell in obfusucation
[10星][7m] [PHP] th1k404/unishell A piece of php webshell which are using khmer unicode and yak obfuscator to be undetectable and silently.
[8星][2y] [Py] mrfk/webshellcheck Webshell Detection Based on Deep Learning
[8星][7m] [YARA] mxi4oyu/riskdetect 恶意软件以及webshell检测
[7星][2y] [Py] grayddq/codeinspect 以代码发布的方式，从根本上实现WEBShell、网马或恶意链接等安全方面的检测。
[2星][2y] [Py] zhl2008/webshell_detector webshell detector for iqiyi
[1星][2y] [Py] zhl2008/webshell_detector_haozi

<a id="b92430134aad35583d8470fb260406ed"></a>Webshell扫描

[99星][3y] [Py] ym2011/scanbackdoor Webshell扫描工具，通过各种规则和算法实现服务器脚本后门查杀
[46星][2y] [Py] erevus-cn/scan_webshell 很简单的webshell扫描
[46星][4y] [Py] secwiki/scaing-backdoor 新一代Webshell扫描工具
[31星][5y] [Py] jofpin/fuckshell Simple Webshell Scanner
[31星][2y] ysrc/shelldaddy 跨平台 webshell 静态扫描器
[10星][17d] [PHP] cvar1984/sqlscan Quick SQL Scanner, Dorker, Webshell injector PHP
[4星][6y] followboy1999/webshell-scanner The Web Shell Scanner
[2星][3y] [Py] junyu1991/webshellscanner A jsp webshell scanner,based on regex .

<a id="e89361c3ac1f1c35355f57601fb2f6e0"></a>其他

[33星][3m] [JS] medicean/superterm 利用 webshell 创建交互式终端
[4星][1y] [Py] jincon/killshell a webshell Killer write by python

<a id="55572950f807e9e7c079edd49eab3dd0"></a>文章

<a id="00afa6c71cbb358ba1c2b16fc8539112"></a>新添加

2019.12 [freebuf] 冰蝎动态二进制加密WebShell基于流量侧检测方案
2019.11 [aliyun] 绕过WebShell检测的总结之文件免杀
2019.10 [aliyun] 记一次webshell的获取
2019.10 [aliyun] 红蓝对抗——加密Webshell“冰蝎”攻防
2019.10 [nsfocus] 冰蝎动态二进制加密WebShell的检测
2019.09 [hackingarticles] Web Shells Penetration Testing
2019.09 [freebuf] 冰蝎动态二进制加密WebShell特征分析
2019.08 [aliyun] 基于机器学习的jsp/jspx webshell检测
2019.08 [aliyun] 基于AST的Webshell检测
2019.07 [aliyun] 一道题回顾php异或webshell
2019.06 [aliyun] PHP Webshell下绕过disable_function的方法
2019.05 [detectify] How-to Tutorial: PHP Webshell De-Obfuscation
2019.05 [detectify] Investigation of PHP Web Shell Hexedglobals.3793 Variants
2019.05 [aliyun] 对于asp免杀webshell的一些总结
2019.05 [aliyun] 对于php免杀webshell的一些总结
2019.05 [freebuf] 聊聊安全测试中如何快速搞定Webshell
2019.04 [360] Machine Learning Recognition of WebShell
2019.04 [secvul] 权限维持 - 如何优雅的隐藏你的Webshell
2019.03 [freebuf] SharPyShell：用于C# Web应用程序的小型混淆版WebShell
2019.02 [rsa] Web Shells and RSA NetWitness Part 3
2019.02 [freebuf] 通过Webshell远程导出域控ntds.dit的方法
2019.02 [rsa] Web Shells and NetWitness Part 2
2019.02 [rsa] Web Shells and RSA NetWitness
2019.01 [aliyun] 过D盾webshell分享
2019.01 [sans] Closing the Door on Web Shells
2019.01 [sans] Hunting Webshells on Microsoft Exchange Server
2019.01 [sans] Hunting Webshells: Tracking TwoFace
2018.12 [valeriyshevchenko] From basic User to full right Admin access on the server (via XSS, LFI, WebShell)
2018.12 [aliyun] 通过webshell导出域控ntds.dit文件
2018.11 [freebuf] 一次编码WebShell bypass D盾的分析尝试
2018.09 [freebuf] Webshell入侵检测初探（一）
2018.08 [aliyun] 利用tomcat的JMX端口上传webshell
2018.08 [nsfocus] 【事件分析】No.9 潘多拉魔盒般的Webshell上传
2018.08 [360] 利用php自包含特性上传webshell
2018.07 [4hou] 错误页面中隐藏webshell的骚思路
2018.07 [mazinahmed] Creating an Emojis PHP WebShell
2018.06 [aliyun] 正面绕过Xyntax 大佬用机器学习实现的PHP WEBSHELL检测
2018.06 [freebuf] 不包含数字字母的WebShell
2018.05 [freebuf] 利用“进程注入”实现无文件复活 WebShell
2018.04 [mitchmoser] Stapler pt. 2 — Webshells & Cronjobs
2018.04 [ironcastle] Webshell looking for interesting files, (Wed, Apr 18th)
2018.03 [aliyun] PHP反序列化漏洞与Webshell
2018.02 [360] 通过PHP扩展实现Webshell识别（一）
2018.02 [360] 一类混淆变形的Webshell分析
2018.02 [freebuf] TinyShop缓存文件获取WebShell之0day
2018.02 [venus] 初探机器学习检测 PHP Webshell
2018.02 [aliyun] 深度学习PHP webshell查杀引擎demo
2017.12 [freebuf] 一个比较好玩的WebShell上传检测绕过案例
2017.12 [freebuf] PHP WebShell变形技术总结
2017.12 [] 维持访问 WebShell
2017.09 [sans] Another webshell, another backdoor!
2017.09 [secist] 从getwebshell到绕过安全狗云锁提权再到利用matasploit进服务器
2017.09 [polaris] 利用sklearn检测webshell
2017.09 [freebuf] 挖洞经验 | 把PHP LFI漏洞变成Webshell的思路
2017.08 [secist] 我与网站的日常-webshell命令执行
2017.07 [paloaltonetworks] TwoFace Webshell: Persistent Access Point for Lateral
2017.07 [securityriskadvisors] A Smaller, Better JSP Web Shell
2017.07 [freebuf] 通过非数字和字符的方式实现PHP WebShell
2017.06 [aliyun] 如何优雅的维持一个Webshell
2017.05 [fuping] MSSQL DBA权限获取WEBSHELL的过程
2017.05 [aliyun] sa权限获取webshell思路
2017.05 [antonioparata] Hiding PHP Webshell in an effective way
2017.05 [evi1cg] Xsl Exec Webshell (aspx)
2017.05 [crowdstrike] How to Detect and Prevent Fileless Webshell Attacks with Falcon
2017.05 [niemand] From 404 and default pages to RCE via .cshtml webshell
2017.04 [freebuf] Webshell密码极速爆破工具 – cheetah
2017.04 [freebuf] Python安全运维实战：针对几种特定隐藏方式的Webshell查杀
2017.04 [rsa] From SQL Injection to WebShell
2017.03 [trustwave] Authentication and Encryption in PAS Web Shell Variant
2017.03 [freebuf] 一款好用的php webshell检测工具
2017.02 [secist] 一些不包含数字和字母的webshell
2017.02 [hackingarticles] Webshell to Meterpreter
2017.02 [hackingarticles] Web Shells Penetration Testing (Beginner Guide)
2017.02 [8090] 关于一句话webshell的隐藏(建议)
2017.01 [freebuf] 绕过网站安全狗拦截，上传Webshell技巧总结（附免杀PHP一句话）
2017.01 [secvul] 偶遇WEBSHELL老套路
2017.01 [4hou] 如何全面防御Webshell（下）？
2016.12 [4hou] 如何全面防御Webshell（上）？
2016.12 [trustwave] Raiding the Piggy Bank: Webshell Secrets Revealed
2016.12 [sevagas] TVT DVR/CCTV webshell exploit
2016.12 [rapid7] Web Shells 101: Detection and Prevention
2016.12 [aliyun] Tomcat、Weblogic、JBoss、GlassFish、Resin、Websphere弱口令及拿webshell方法总结
2016.12 [8090] php webshell分析和绕过waf技巧
2016.12 [360] php webshell分析和绕过waf技巧
2016.12 [dfir] Webshells: Rise of the Defenders (Part 4)
2016.11 [] Winmail最新直达webshell 0day漏洞挖掘实录
2016.11 [securityintelligence] Ninety-Five Percent of Webshell Attacks Written in PHP
2016.11 [freebuf] 中国最大的Webshell后门箱子调查，所有公开大马全军覆没
2016.10 [threatexpress] Web shells as a covert channel – SubShell & TinyShell
2016.09 [venus] 渗透攻防 - 千变万化的WebShell
2016.08 [vanimpe] Exploring webshells on a WordPress site
2016.07 [freebuf] 中国新型Web Shell “菜刀-Cknife”遭国外安全公司曝光
2016.07 [360] 分析Cknife,一个类似China Chopper的webshell管理工具（第二部分）
2016.07 [sans] The Power of Web Shells
2016.07 [securityintelligence] The Webshell Game Continues
2016.07 [dfir] Webshells - Every Time the Same Story…(Part 3)
2016.07 [acunetix] Web Shells in Action – Introduction to Web-Shells – Part 4
2016.06 [acunetix] Keeping web shells under cover – An Introduction to Web Shells – Part 3
2016.06 [acunetix] Web-shells 101 using PHP – Introduction to Web Shells – Part 2
2016.06 [safebuff] Bypass imagecopyresampled and imagecopyresized generate PHP Webshell
2016.06 [fidelissecurity] Understanding the Web Shell Game
2016.06 [freebuf] 利用PHP 7中的OPcache来实现Webshell
2016.05 [freebuf] 看我如何绕过一个Webshell认证
2016.05 [sec] 从“TI（威胁情报）”到“IR（事件响应）”：从webshell的安全说开
2016.05 [sec] 威胁捕捉：推出针对webshell的“一手”情报feed
2016.05 [sec] 基于恶意行为的专项威胁情报Feed之：webshell-feed
2016.05 [] 利用 Java Binary Webshell 对抗静态检测
2016.05 [tencent] 利用 Java Binary Webshell 对抗静态检测
2016.04 [360] 利用PHP 7中的OPcache来实现Webshell
2016.04 [sec] 威胁情报Feed：Webshell之常用“路径&名字”字典
2016.04 [freebuf] C99 php webshell攻击加剧，大量WordPress站点遭受威胁
2016.04 [securityintelligence] Got WordPress? PHP C99 Webshell Attacks Increasing
2016.04 [sec] 由Webshell溯源攻击者的入侵途径
2016.03 [rsa] Detecting and Investigating Webshells – Another Reason for Deepening Your Security Visibility
2016.03 [sec] 线索、挖掘、预警—基于威胁情报的一起Webshell的安全分析
2016.03 [doyler] Introducing RWSH – Ray’s Web SHell
2016.03 [sec] webshell的隐藏、伪装技巧
2016.03 [caceriadespammers] Web Shell Detector
2016.03 [] Webshell清除-解决驱动级文件隐藏挂马
2016.03 [] 有趣的小技巧，Webshell的克星
2016.01 [dfir] Webshells - Every Time the Same Story…(Part 2)
2016.01 [rsa] Hunting Webshells with RSA ECAT
2016.01 [sec] Metasploit Webshell初探
2015.12 [] Webshell安全检测篇（2）-深入用户的内心
2015.12 [] Webshell安全检测篇（1）-基于流量的检测方式
2015.12 [] Webshell安全检测篇（3）-基于行为分析来发现“未知的Webshell”
2015.12 [] Webshell安全检测篇（4）-基于流量的Webshell分析样例
2015.12 [] Webshell系列（5）- webshell之“看见”的能力分析
2015.12 [sec] 结合威胁情报的Webshell事件处理谈（2）–攻击者画像与机读IOC
2015.12 [sec] 如何检测隐藏的Webshell（三） Weevely.img
2015.12 [toolswatch] [New Tool] quasiBot v0.3 Beta Complex Webshell Manager
2015.12 [] webshell检测－日志分析
2015.12 [sec] 高隐藏性webshell分析：Weevely 3.2 Backdoor流量特征（一）
2015.12 [sec] Webshell安全检测（3）： WeBaCoo网站后门特征分析
2015.12 [sec] Webshell安全检测（4）:Weevely 样本后门特征分析
2015.12 [sec] 机读IOC文件下载–结合情报的Webshell分析
2015.12 [sec] 结合威胁情报的Webshell事件处理谈（1）–结合kill chain的攻击还原
2015.11 [sec] Webshell系列（5）- webshell之“看见”的能力分析
2015.11 [sec] Webshell安全检测篇（4）-基于流量的Webshell分析样例
2015.11 [] DZ6.x的UC_KEY getwebshell exploit
2015.11 [checkpoint] Check Point Threat Alert: Web Shells
2015.11 [sec] Webshell安全检测篇（3）-基于行为分析来发现“未知的Webshell”
2015.11 [ironcastle] TA15-314A: Compromised Web Servers and Web Shells – Threat Awareness and Guidance
2015.11 [sec] Webshell安全检测篇（2）-深入用户的内心
2015.11 [sec] Webshell安全检测篇（1）-基于流量的检测方式
2015.10 [freebuf] B374K PHP WEBSHELL：一款简单却功能强大的远程管理工具
2015.09 [evi1cg] Linux查webshell
2015.08 [] APT时代-窃密型WebShell检测方法的思考
2015.08 [dfir] Webshells - Every Time the Same Purpose, Every Time a Different Story… (Part 1)
2015.07 [freebuf] 窃密型WebShell检测方法
2015.07 [n0where] Stealthy PHP Web Shell Backdoor: Weevely
2015.06 [sec] APT时代-窃密型WebShell检测方法的思考
2015.05 [] MS15-051 修正版Exploit(Webshell可用)
2015.05 [] 另类Webshell：Xml Shell简介
2015.03 [crowdstrike] Chopping packets: Decoding China Chopper Web shell traffic over SSL
2015.02 [vxsecurity] [ Technical Teardown: PHP WebShell ]
2015.02 [freebuf] 技术分享：如何在PNG图片的IDAT CHUNKS中插入Webshell
2015.01 [s1gnalcha0s] SSJS Web Shell Injection
2015.01 [securityblog] A quick and dirty php web shell
2014.12 [freebuf] ModSecurity技巧：使用ssdeep检测Webshell
2014.12 [freebuf] 批量Webshell管理工具QuasiBot之后门代码分析
2014.12 [n0tr00t] 批量 Webshell 管理工具 QuasiBot 之后门代码分析
2014.12 [] 用Webshell直接杀入内网
2014.11 [] Webshell实现与隐藏探究
2014.09 [room362] OSX Persistence via PHP Webshell ·
2014.08 [3xp10it] 隐藏webshell的几条建议
2014.08 [3xp10it] 一句话webshell客户端脱库
2014.08 [3xp10it] unserialize免杀webshell
2014.08 [3xp10it] php中&引用免杀webshell
2014.08 [3xp10it] 自动测试上传功能是否可上传webshell
2014.08 [3xp10it] 自动测试上传功能是否可上传webshell
2014.08 [3xp10it] unserialize免杀webshell
2014.08 [3xp10it] php中&引用免杀webshell
2014.08 [3xp10it] 一句话webshell客户端脱库
2014.08 [3xp10it] 隐藏webshell的几条建议
2014.08 [n0where] php-webshells
2014.08 [freebuf] 揭秘渗透测试利器：Webshell批量管理工具QuasiBot
2014.08 [] PHPCMS后台低权限拿webSHELL
2014.06 [freebuf] 用搜索神器Everything定位Webshell木马后门
2014.06 [toolswatch] [New Tool] Antak WebShell – PowerShell Console Released
2014.05 [] 科讯KESION CMS最新版任意文件上传WEBSHELL
2014.04 [] [投稿]Webshell下命令执行限制及绕过方法
2014.04 [netspi] Executing MSF Payloads via PowerShell Webshellery
2014.04 [] [投稿]Webshell 远程提权
2014.03 [webroot] Commercial Windows-based compromised Web shells management application spotted in the wild – part two
2014.02 [crowdstrike] Mo’ Shells Mo’ Problems – Deep Panda Web Shells
2014.01 [freebuf] 浅谈webshell检测方法
2013.12 [webroot] Commercial Windows-based compromised Web shells management application spotted in the wild
2013.12 [freebuf] 《一个路径牵出连环血案》之三“向玩webshell的黑客钓鱼”（连载）
2013.11 [imperva] Threat Advisory: A JBoss AS Exploit, Web Shell code Injection.
2013.10 [] 最新一种过安全狗的webshell
2013.10 [] php LFI读php文件源码以及直接post webshell
2013.10 [trustwave] Hiding Webshell Backdoor Code in Image Files
2013.10 [] 齐博CMS GETWEBSHELL 0day
2013.08 [] Webshell过安全狗的几种技巧[附特征免杀法]
2013.08 [] 高版本正方教务系统上传后缀过滤不严导致能直接上传Webshell
2013.08 [] PJ博客批量可以获取webshell
2013.08 [] 用ZendGuard 加密php webshell
2013.07 [] 打破MS13-046不能webshell执行问题
2013.06 [trustwave] [Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging
2013.05 [tencent] 浅谈变形PHP WEBSHELL检测
2013.05 [forcepoint] WebShells WebShells on the Web Server
2013.04 [netspi] Adding PowerShell to Web Shells to get Database Access
2013.04 [freebuf] 查找phpwebshell小工具
2013.03 [] 旁注虚拟主机IIS权限重分配跨目录得webshell
2013.03 [freebuf] 分离Weevely加密模块加密任意WebShell
2013.03 [] 解决Win下MySQL root导出Webshell换行符问题
2013.02 [] siteserver后台getwebshell 8种方法
2013.01 [freebuf] Metasploit之使用socket通信的webshell简单分析
2013.01 [] 解密php webshell后门
2012.12 [] Siteserver cms后台拿webshell另一种方法
2012.11 [freebuf] 反向Web Shell处理工具-Shell of the Future
2012.10 [freebuf] [笔记]PHP一句话Webshell变形总结
2012.10 [] 利用社工绕道突破安全狗直取webshell
2012.09 [] 帝国cms最新版本后台拿webshell方法
2012.08 [] [挖0day]羊驼CMS 注入及getwebshell
2012.08 [toolswatch] Web Shell Detector v1.62 – The Shell Scanner
2012.07 [] ShyPost企业网站管理系统V4.3注入XSS漏洞及后台拿webshell
2012.07 [] 直接给asp防注入getwebshell
2012.06 [freebuf] Webshell代码检测背后的数学应用
2012.06 [freebuf] 利用grep查找webshell
2012.06 [freebuf] Webshell扫描工具WebShellDetector V1.51
2012.06 [talosintelligence] Web Shell Poses As A GIF
2012.06 [idontplaydarts] Encoding Web Shells in PNG IDAT chunks
2012.05 [freebuf] 配置Apache防止webshell上传
2012.05 [] SiteEngine 7.1 会员上传漏洞拿WEBSHELL
2012.05 [] 91736cms Getip SQL Injection & 后台妙拿 WebShell
2011.11 [] WebShell的检测技术
2011.09 [] 突破VirtualWall上传webshell
2011.09 [toolswatch] XCode SQLi/LFI/XSS and Webshell Scanning tool
2011.08 [] access 导出webshell
2011.08 [] Webshell下命令行跨站

贡献

内容为系统自动导出, 有任何问题请提issue

Awesome

所有收集类项目:

webshell

目录

<a id="bad06ceb38098c26b1b8b46104f98d25"></a>工具

<a id="faa91844951d2c29b7b571c6e8a3eb54"></a>新添加

<a id="e08366dcf7aa021c6973d9e2a8944dff"></a>Webshell收集

<a id="3d555f25d9775b58890a8f82bc8c2a0b"></a>Webshell管理

<a id="39e5bd43766abbdbc518390d86b3a0a5"></a>Webshell检测

<a id="b92430134aad35583d8470fb260406ed"></a>Webshell扫描

<a id="e89361c3ac1f1c35355f57601fb2f6e0"></a>其他

<a id="55572950f807e9e7c079edd49eab3dd0"></a>文章

<a id="00afa6c71cbb358ba1c2b16fc8539112"></a>新添加

贡献