Awesome
所有收集类项目:
- 收集的所有开源工具: sec-tool-list: 超过18K, 包括Markdown和Json两种格式
- 逆向资源: awesome-reverse-engineering: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/...
- 网络相关的安全资源: awesome-network-stuff: 代理/GFW/反向代理/隧道/VPN/Tor/I2P,以及中间人/PortKnocking/嗅探/网络分析/网络诊断等
- 攻击性网络安全资源: awesome-cyber-security: 漏洞/渗透/物联网安全/数据渗透/Metasploit/BurpSuite/KaliLinux/C&C/OWASP/免杀/CobaltStrike/侦查/OSINT/社工/密码/凭证/威胁狩猎/Payload/WifiHacking/无线攻击/后渗透/提权/UAC绕过/...
- 开源远控和恶意远控分析报告: awesome-rat: 开源远控工具: Windows/Linux/macOS/Android; 远控类恶意恶意代码的分析报告等
webshell
目录
<a id="bad06ceb38098c26b1b8b46104f98d25"></a>工具
<a id="faa91844951d2c29b7b571c6e8a3eb54"></a>新添加
- [1782星][4m] [Py] epinna/weevely3 用于后渗透的Web Shell,可以在运行时通过网络对其进行扩展
- [1770星][2y] [CSS] b374k/b374k a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc.
- [1059星][1m] [Py] yzddmr6/webshell-venom 免杀webshell无限生成工具(利用随机异或无限免杀D盾)
- [617星][1y] [Shell] wireghoul/htshells 自包含的Web Shell和通过.htaccess文件进行的其他攻击。
- [538星][3y] [PHP] dotcppfile/daws Advanced Web Shell
- [441星][4y] [C#] keepwn/altman the cross platform webshell tool in .NET
- [434星][1y] [Py] shmilylty/cheetah a very fast brute force webshell password tool
- [354星][8m] [PHP] s0md3v/nano PHP Webshell家族
- [321星][2y] [PHP] tanjiti/webshellsample webshell sample for WebShell Log Analysis
- [282星][1y] [JS] chrisallenlane/novahot Webshell框架,实现了基于Json的API,可与任何语言编写的后门(默认支持PHP/Ruby/Python)进行通信。
- [245星][9m] [Py] antoniococo/sharpyshell ASP.NET webshell,小型,混淆,针对C# Web App
- [209星][7m] [PHP] samdark/yii2-webshell Web shell allows to run yii console commands using a browser
- [206星][3m] [JS] yzddmr6/as_webshell_venom 免杀webshell无限生成工具蚁剑版
- [203星][6m] [Py] ares-x/awd-predator-framework AWD攻防赛webshell批量利用框架
- [189星][2y] [Java] rebeyond/memshell a webshell resides in the memory of java web server
- [181星][2y] [PHP] lcatro/php-webshell-bypass-waf 分享PHP WebShell 绕过WAF 的一些经验
- [173星][12m] [Java] joychou93/webshell 入侵分析时发现的Webshell后门
- [167星][7y] [PHP] secrule/falcon 基于inotify-tools 开发的Web服务器文件监控平台 能够实时监控Web目录文件变化(新增,修改,删除),判断文件内容是否包含恶意代码,自动隔离常见Webshell,保证Web目录文件安全
- [133星][10m] [PHP] k4mpr3t/b4tm4n Php webshell
- [124星][8y] evilcos/python-webshell webshell writen in python
- [121星][3y] malwares/webshell WebShell Dump
- [106星][3y] [JS] boy-hack/webshellmanager w8ay 一句话WEB端管理工具
- [99星][1y] [Py] wonderqs/blade A webshell connection tool with customized WAF bypass payloads
- [98星][2y] [Java] securityriskadvisors/cmd.jsp A super small jsp webshell with file upload capabilities.
- [96星][2y] [Java] tengzhangchao/pycmd python+php+jsp WebShell(一句话木马)
- [82星][5y] [Py] xypiie/webshell a web-based ssh shell.
- [78星][3y] [PHP] secwiki/webshell-2 Webshell
- [77星][2y] [Py] wofeiwo/webshell-find-tools 分析web访问日志以及web目录文件属性,用于根据查找可疑后门文件的相关脚本。
- [76星][8m] [PHP] s9mf/s9mf-php-webshell-bypass 为方便WAF入库的项目 | 分享PHP免杀大马 | 菜是原罪 | 多姿势(假的就一个)
- [76星][3y] [C#] zcgonvh/cve-2017-7269-tool CVE-2017-7269 to webshell or shellcode loader
- [73星][4y] [PHP] phith0n/b374k PHP Webshell with handy features
- [68星][2y] [Py] 3xp10it/xdump Drag database with "one sentence" webshell
- [61星][8m] [PHP] michyamrane/wso-webshell php webshell
- [47星][2y] [PHP] whitewinterwolf/wwwolf-php-webshell WhiteWinterWolf's PHP web shell
- [47星][5y] [PHP] cloudsec/aioshell A php webshell run under linux based webservers. v0.05
- [45星][3y] [Py] threatexpress/subshell a python command shell used to control and execute commands through HTTP requests to a webshell.
- [40星][5y] evi1m0/webshell This is a webshell open source project
- [40星][4y] [PHP] wso-shell/wso WSO SHELL , wso shell , WSO.php , wso.php , webshell , wso-shell веб-шелл , шелл , WSO2.5 , WSO2.5.1 , WSO2.php , Shell download, C99 , r57 , bypass shell , P.A.S. (php web-shell) , PPS 4.0 , Скачать WSO Web Shell , Скачать wso.php , Скачать Web Shell
- [39星][5y] [PHP] ridter/webshell This is a webshell open source project
- [36星][2m] [PHP] linuxsec/indoxploit-shell IndoXploit Webshell V.3
- [32星][5y] jgor/php-jpeg-shell Simple PHP webshell with a JPEG header to bypass weak image verification checks
- [32星][4y] [PHP] wstart/webshell This is a webshell open source project
- [31星][2y] [Py] bwsw/webshell Docker container which includes Shellinabox and enables SSH connections to arbitrary (not where installed) servers
- [30星][9m] [Py] 3xp10it/xupload A tool for automatically testing whether the upload function can upload webshell
- [30星][4y] [PHP] fuzzdb-project/webshell This is a webshell open source project
- [27星][11d] [JS] onrik/django-webshell Django application for running python code in your project's environment from django admin.
- [21星][3y] [Py] l-codes/oneshellcrack a very very fast brute force webshell password tool
- [21星][4y] [PHP] secwiki/webshell This is a webshell open source project
- [18星][2y] [ASP] grcod/poly polymorphic webshells
- [18星][2y] [PHP] incredibleindishell/php-web-shells when i started web application security testing, i fall in love with web shell development and designed some PHP based web shells. This repository contains all my codes which i released in public.
- [17星][4y] [PHP] abcdlzy/webshell-manager 一句话木马管理工具,重复造轮子项目
- [16星][2y] [PHP] the404hacking/b374k-mini PHP Webshell with handy features.
- [15星][2y] [PHP] abdilahrf/kerang Kerang is a Another Webshell Backdoor, For Educational Purposes!
- [15星][5y] [ASP] le4f/aspexec asp命令执行webshell
- [14星][7m] [PHP] tengzhangchao/maskfindshell linux下webshell查杀工具
- [14星][3y] [Py] wangyihang/webshellcracker WebShell密码爆破工具
- [13星][7y] [PHP] lordwolfer/webshells This is a compilation of various shells that I had found in the wild.
- [11星][3y] [PHP] linuxsec/shu-shell Webshell Jumping Edition
- [11星][4y] [JS] maestrano/webshell-server Web based shell with configurable authentication
- [11星][3y] [C#] niemand-sec/razorsyntaxwebshell Webshell for Razor Syntax (C#)
- [10星][2y] [ASP] grcod/webshells php - asp - aspx
- [9星][1y] [PHP] itskindred/php-web-shell A Simple PHP Web Shell used for Remote Code Execution.
- [8星][2y] [C++] euphrat1ca/hatchet cknife(webshell manager)
- [8星][3y] [PHP] magicming200/evil-koala-php-webshell 邪恶考拉php webshell。
- [8星][2y] dubfr33/atlassian-webshell-plugin Webshell plugin that works on any Atlassian product employing their plugin framework
- [7星][8m] [PHP] chrissy-morgan/php-webshell-deobfuscator A Tool written in Python to help de-obfuscate the $GLOBALS type malware.
- [7星][2y] [PHP] josexv1/wso-webshell Copy of WSO-Webshell made by @Hardlinux
- [6星][1y] [PHP] evil7/webshell Some webshell useful like spy udf silic chatroom
- [4星][4y] [PHP] blackhalt/webshells An list of webshell vulnerability injection.
- [4星][12m] [PHP] brianwrf/priwebshell For Webshell downloading
- [4星][2y] [Java] 0x4e0x650x6f/pwn4jshell Java Web shell project
- [3星][4y] [JS] mhelwig/wp-webshell-xss A simple wordpress webshell injector
- [3星][3m] [PHP] tulungagungcyberlink/webshellbackdoor WebShell Backdoor. Use at your own risk.
- [2星][2y] [PHP] blue-bird1/webshell webshell
- [2星][2y] [PHP] thepacketbender/webshells webshells written with malice
- [2星][6m] [Py] cbiu/rsawebshell 主要用于AWD的RSA加密WebShell
- [2星][2y] [Py] mperlet/pomsky lightweight webshell
- [1星][3y] [Py] doyler/rwsh Ray's Web SHell
- [1星][6y] ettack/webshellccl A python script help with webshell bypassing.
- [1星][2y] [C++] pikeman20/webshell
- [1星][2y] [Py] tincho9/webshell-protector A small POC of defense from webshells
- [1星][2y] [Ruby] lolwaleet/rubshell A simple (and ugly) ruby-based webshell.
- [1星][2y] [Py] jubal-r/tinywebshell A small, simple php web shell with an interactive console
- [1星][2y] [Swift] wdg/webshell-builder A WebShell application builder (no use of Xcode)
- [1星][2y] [ASP] badc0d3/webshellcreator Simple Python script to create webshells
- [0星][3y] aaspky/webshell
- [0星][3y] dinamsky/webshell
- [0星][2y] [PHP] kap0k/caidao_encrypt In order to bypass waf, we use a php server, as a proxy, to encrypt the data flow between the China Chopper and the webshell. This tool is just for study and research.
- [0星][4y] [PHP] kuniasahi/mpshell my php webshell
- [0星][3y] tghosth/webshelljar
- [0星][3y] zh3feng/php-webshell-checker PHP-WebShell-Checker
<a id="e08366dcf7aa021c6973d9e2a8944dff"></a>Webshell收集
- [22055星][27d] [PHP] danielmiessler/seclists 多种类型资源收集:用户名、密码、URL、敏感数据类型、Fuzzing Payload、WebShell等
- [5181星][24d] [PHP] tennc/webshell webshell收集
- [2307星][30d] [PS] k8gege/k8tools K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
- [1392星][4y] [PHP] johntroony/php-webshells Common php webshells. Do not host the file(s) on your server!
- [682星][3y] [PHP] xl7dev/webshell Webshell && Backdoor Collection
- [428星][1y] [PHP] ysrc/webshell-sample 收集自网络各处的 webshell 样本,用于测试 webshell 扫描器检测率。
- [369星][1m] [PHP] blackarch/webshells Various webshells. We accept pull requests for additions to this collection.
- [289星][13d] [Java] mr-xn/penetration_testing_poc 渗透测试有关的POC、EXP、脚本、提权、小工具等
- [244星][3y] [PHP] tdifg/webshell WebShell Collect
- [156星][2y] [ASP] testsecer/webshell 这是一个WebShell收集项目
- [150星][2y] [Py] vduddu/malware Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools
- [145星][3y] [PHP] webshellpub/awsome-webshell webshell样本大合集。收集各种webshell用于webshell分析与发现
- [50星][3y] 0xhjk/caidao 中国菜刀及其衍生版本的Webshell管理工具收集
- [48星][2y] [PHP] backlion/webshell 这是一些常用的webshell
- [37星][4m] [PHP] x-o-r-r-o/php-webshells-collection Most Wanted Private and Public PHP Web Shells Can Be Downloaded Here. (Educational Purpose Only)
- [23星][3y] [PHP] 3xp10it/xwebshell 免杀webshell集合
- [23星][2y] [PHP] xiaoxiaoleo/xiao-webshell a collection of webshell
- [7星][3y] [Py] shewey/webshell 各种漏洞PoC、ExP的收集或编写
- [4星][3m] [PHP] suryamaulana/webshellbackdoor WebShell Backdoor Collection.
- [1星][2y] [PHP] 12345bt/webshell webshell收集项目
<a id="3d555f25d9775b58890a8f82bc8c2a0b"></a>Webshell管理
- [310星][9m] [Py] wangyihang/webshell-sniper webshell管理器,命令行工具
- [232星][5y] [PHP] smaash/quasibot complex webshell manager, quasi-http botnet.
- [50星][3m] [C#] guillac/wsmanager Webshell Manager
<a id="39e5bd43766abbdbc518390d86b3a0a5"></a>Webshell检测
- [637星][4y] [PHP] emposha/php-shell-detector a php script that helps you find and identify php/cgi(perl)/asp/aspx shells.
- [501星][8m] [ASP] landgrey/webshell-detect-bypass 绕过专业工具检测的Webshell研究文章和免杀的Webshell
- [298星][4y] [Py] emposha/shell-detector a application that helps you find and identify php/cgi(perl)/asp/aspx shells.
- [189星][1y] [Py] he1m4n6a/findwebshell 基于python开发的webshell检测工具。
- [106星][3y] [Py] lingerhk/fshell 基于机器学习的分布式webshell检测系统
- [92星][2y] [Py] lcatro/webshell-detect-by-machine-learning 使用机器学习识别WebShell
- [85星][2y] [Py] hi-wenr0/mlcheckwebshell 机器学习检测Webshell
- [33星][3y] [Py] jkkj93/mint-webshell-defender 薄荷WEBSHELL防御系统,是一款WEBSHELL查杀/防御软件,采用PYTHON编写
- [33星][2y] [Java] mindawei/aliyun-safe-match Webshell和钓鱼网站检测(阿里云安全算法挑战赛 第29名)
- [21星][6m] [Py] manhnho/shellsum A defense tool - detect web shells in local directories via md5sum
- [15星][5m] [Java] wh1t3p1g/monitorclient 网站实时监控文件变动及webshell检测查杀工具
- [12星][2y] [Py] mylamour/oops-webshell Oops, It's funny to detect a webshell. Temporarily not maintained
- [10星][4y] [PHP] k0u5uk3/obfuscated-php-webshell-detector obfuscated-php-webshell-detector - Detect PHP Webshell in obfusucation
- [10星][7m] [PHP] th1k404/unishell A piece of php webshell which are using khmer unicode and yak obfuscator to be undetectable and silently.
- [8星][2y] [Py] mrfk/webshellcheck Webshell Detection Based on Deep Learning
- [8星][7m] [YARA] mxi4oyu/riskdetect 恶意软件以及webshell检测
- [7星][2y] [Py] grayddq/codeinspect 以代码发布的方式,从根本上实现WEBShell、网马或恶意链接等安全方面的检测。
- [2星][2y] [Py] zhl2008/webshell_detector webshell detector for iqiyi
- [1星][2y] [Py] zhl2008/webshell_detector_haozi
<a id="b92430134aad35583d8470fb260406ed"></a>Webshell扫描
- [99星][3y] [Py] ym2011/scanbackdoor Webshell扫描工具,通过各种规则和算法实现服务器脚本后门查杀
- [46星][2y] [Py] erevus-cn/scan_webshell 很简单的webshell扫描
- [46星][4y] [Py] secwiki/scaing-backdoor 新一代Webshell扫描工具
- [31星][5y] [Py] jofpin/fuckshell Simple Webshell Scanner
- [31星][2y] ysrc/shelldaddy 跨平台 webshell 静态扫描器
- [10星][17d] [PHP] cvar1984/sqlscan Quick SQL Scanner, Dorker, Webshell injector PHP
- [4星][6y] followboy1999/webshell-scanner The Web Shell Scanner
- [2星][3y] [Py] junyu1991/webshellscanner A jsp webshell scanner,based on regex .
<a id="e89361c3ac1f1c35355f57601fb2f6e0"></a>其他
- [33星][3m] [JS] medicean/superterm 利用 webshell 创建交互式终端
- [4星][1y] [Py] jincon/killshell a webshell Killer write by python
<a id="55572950f807e9e7c079edd49eab3dd0"></a>文章
<a id="00afa6c71cbb358ba1c2b16fc8539112"></a>新添加
- 2019.12 [freebuf] 冰蝎动态二进制加密WebShell基于流量侧检测方案
- 2019.11 [aliyun] 绕过WebShell检测的总结之文件免杀
- 2019.10 [aliyun] 记一次webshell的获取
- 2019.10 [aliyun] 红蓝对抗——加密Webshell“冰蝎”攻防
- 2019.10 [nsfocus] 冰蝎动态二进制加密WebShell的检测
- 2019.09 [hackingarticles] Web Shells Penetration Testing
- 2019.09 [freebuf] 冰蝎动态二进制加密WebShell特征分析
- 2019.08 [aliyun] 基于机器学习的jsp/jspx webshell检测
- 2019.08 [aliyun] 基于AST的Webshell检测
- 2019.07 [aliyun] 一道题回顾php异或webshell
- 2019.06 [aliyun] PHP Webshell下绕过disable_function的方法
- 2019.05 [detectify] How-to Tutorial: PHP Webshell De-Obfuscation
- 2019.05 [detectify] Investigation of PHP Web Shell Hexedglobals.3793 Variants
- 2019.05 [aliyun] 对于asp免杀webshell的一些总结
- 2019.05 [aliyun] 对于php免杀webshell的一些总结
- 2019.05 [freebuf] 聊聊安全测试中如何快速搞定Webshell
- 2019.04 [360] Machine Learning Recognition of WebShell
- 2019.04 [secvul] 权限维持 - 如何优雅的隐藏你的Webshell
- 2019.03 [freebuf] SharPyShell:用于C# Web应用程序的小型混淆版WebShell
- 2019.02 [rsa] Web Shells and RSA NetWitness Part 3
- 2019.02 [freebuf] 通过Webshell远程导出域控ntds.dit的方法
- 2019.02 [rsa] Web Shells and NetWitness Part 2
- 2019.02 [rsa] Web Shells and RSA NetWitness
- 2019.01 [aliyun] 过D盾webshell分享
- 2019.01 [sans] Closing the Door on Web Shells
- 2019.01 [sans] Hunting Webshells on Microsoft Exchange Server
- 2019.01 [sans] Hunting Webshells: Tracking TwoFace
- 2018.12 [valeriyshevchenko] From basic User to full right Admin access on the server (via XSS, LFI, WebShell)
- 2018.12 [aliyun] 通过webshell导出域控ntds.dit文件
- 2018.11 [freebuf] 一次编码WebShell bypass D盾的分析尝试
- 2018.09 [freebuf] Webshell入侵检测初探(一)
- 2018.08 [aliyun] 利用tomcat的JMX端口上传webshell
- 2018.08 [nsfocus] 【事件分析】No.9 潘多拉魔盒般的Webshell上传
- 2018.08 [360] 利用php自包含特性上传webshell
- 2018.07 [4hou] 错误页面中隐藏webshell的骚思路
- 2018.07 [mazinahmed] Creating an Emojis PHP WebShell
- 2018.06 [aliyun] 正面绕过Xyntax 大佬用机器学习实现的PHP WEBSHELL检测
- 2018.06 [freebuf] 不包含数字字母的WebShell
- 2018.05 [freebuf] 利用“进程注入”实现无文件复活 WebShell
- 2018.04 [mitchmoser] Stapler pt. 2 — Webshells & Cronjobs
- 2018.04 [ironcastle] Webshell looking for interesting files, (Wed, Apr 18th)
- 2018.03 [aliyun] PHP反序列化漏洞与Webshell
- 2018.02 [360] 通过PHP扩展实现Webshell识别(一)
- 2018.02 [360] 一类混淆变形的Webshell分析
- 2018.02 [freebuf] TinyShop缓存文件获取WebShell之0day
- 2018.02 [venus] 初探机器学习检测 PHP Webshell
- 2018.02 [aliyun] 深度学习PHP webshell查杀引擎demo
- 2017.12 [freebuf] 一个比较好玩的WebShell上传检测绕过案例
- 2017.12 [freebuf] PHP WebShell变形技术总结
- 2017.12 [] 维持访问 WebShell
- 2017.09 [sans] Another webshell, another backdoor!
- 2017.09 [secist] 从getwebshell到绕过安全狗云锁提权再到利用matasploit进服务器
- 2017.09 [polaris] 利用sklearn检测webshell
- 2017.09 [freebuf] 挖洞经验 | 把PHP LFI漏洞变成Webshell的思路
- 2017.08 [secist] 我与网站的日常-webshell命令执行
- 2017.07 [paloaltonetworks] TwoFace Webshell: Persistent Access Point for Lateral
- 2017.07 [securityriskadvisors] A Smaller, Better JSP Web Shell
- 2017.07 [freebuf] 通过非数字和字符的方式实现PHP WebShell
- 2017.06 [aliyun] 如何优雅的维持一个Webshell
- 2017.05 [fuping] MSSQL DBA权限获取WEBSHELL的过程
- 2017.05 [aliyun] sa权限获取webshell思路
- 2017.05 [antonioparata] Hiding PHP Webshell in an effective way
- 2017.05 [evi1cg] Xsl Exec Webshell (aspx)
- 2017.05 [crowdstrike] How to Detect and Prevent Fileless Webshell Attacks with Falcon
- 2017.05 [niemand] From 404 and default pages to RCE via .cshtml webshell
- 2017.04 [freebuf] Webshell密码极速爆破工具 – cheetah
- 2017.04 [freebuf] Python安全运维实战:针对几种特定隐藏方式的Webshell查杀
- 2017.04 [rsa] From SQL Injection to WebShell
- 2017.03 [trustwave] Authentication and Encryption in PAS Web Shell Variant
- 2017.03 [freebuf] 一款好用的php webshell检测工具
- 2017.02 [secist] 一些不包含数字和字母的webshell
- 2017.02 [hackingarticles] Webshell to Meterpreter
- 2017.02 [hackingarticles] Web Shells Penetration Testing (Beginner Guide)
- 2017.02 [8090] 关于一句话webshell的隐藏(建议)
- 2017.01 [freebuf] 绕过网站安全狗拦截,上传Webshell技巧总结(附免杀PHP一句话)
- 2017.01 [secvul] 偶遇WEBSHELL老套路
- 2017.01 [4hou] 如何全面防御Webshell(下)?
- 2016.12 [4hou] 如何全面防御Webshell(上)?
- 2016.12 [trustwave] Raiding the Piggy Bank: Webshell Secrets Revealed
- 2016.12 [sevagas] TVT DVR/CCTV webshell exploit
- 2016.12 [rapid7] Web Shells 101: Detection and Prevention
- 2016.12 [aliyun] Tomcat、Weblogic、JBoss、GlassFish、Resin、Websphere弱口令及拿webshell方法总结
- 2016.12 [8090] php webshell分析和绕过waf技巧
- 2016.12 [360] php webshell分析和绕过waf技巧
- 2016.12 [dfir] Webshells: Rise of the Defenders (Part 4)
- 2016.11 [] Winmail最新直达webshell 0day漏洞挖掘实录
- 2016.11 [securityintelligence] Ninety-Five Percent of Webshell Attacks Written in PHP
- 2016.11 [freebuf] 中国最大的Webshell后门箱子调查,所有公开大马全军覆没
- 2016.10 [threatexpress] Web shells as a covert channel – SubShell & TinyShell
- 2016.09 [venus] 渗透攻防 - 千变万化的WebShell
- 2016.08 [vanimpe] Exploring webshells on a WordPress site
- 2016.07 [freebuf] 中国新型Web Shell “菜刀-Cknife”遭国外安全公司曝光
- 2016.07 [360] 分析Cknife,一个类似China Chopper的webshell管理工具(第二部分)
- 2016.07 [sans] The Power of Web Shells
- 2016.07 [securityintelligence] The Webshell Game Continues
- 2016.07 [dfir] Webshells - Every Time the Same Story…(Part 3)
- 2016.07 [acunetix] Web Shells in Action – Introduction to Web-Shells – Part 4
- 2016.06 [acunetix] Keeping web shells under cover – An Introduction to Web Shells – Part 3
- 2016.06 [acunetix] Web-shells 101 using PHP – Introduction to Web Shells – Part 2
- 2016.06 [safebuff] Bypass imagecopyresampled and imagecopyresized generate PHP Webshell
- 2016.06 [fidelissecurity] Understanding the Web Shell Game
- 2016.06 [freebuf] 利用PHP 7中的OPcache来实现Webshell
- 2016.05 [freebuf] 看我如何绕过一个Webshell认证
- 2016.05 [sec] 从“TI(威胁情报)”到“IR(事件响应)”:从webshell的安全说开
- 2016.05 [sec] 威胁捕捉:推出针对webshell的“一手”情报feed
- 2016.05 [sec] 基于恶意行为的专项威胁情报Feed之:webshell-feed
- 2016.05 [] 利用 Java Binary Webshell 对抗静态检测
- 2016.05 [tencent] 利用 Java Binary Webshell 对抗静态检测
- 2016.04 [360] 利用PHP 7中的OPcache来实现Webshell
- 2016.04 [sec] 威胁情报Feed:Webshell之常用“路径&名字”字典
- 2016.04 [freebuf] C99 php webshell攻击加剧,大量WordPress站点遭受威胁
- 2016.04 [securityintelligence] Got WordPress? PHP C99 Webshell Attacks Increasing
- 2016.04 [sec] 由Webshell溯源攻击者的入侵途径
- 2016.03 [rsa] Detecting and Investigating Webshells – Another Reason for Deepening Your Security Visibility
- 2016.03 [sec] 线索、挖掘、预警—基于威胁情报的一起Webshell的安全分析
- 2016.03 [doyler] Introducing RWSH – Ray’s Web SHell
- 2016.03 [sec] webshell的隐藏、伪装技巧
- 2016.03 [caceriadespammers] Web Shell Detector
- 2016.03 [] Webshell清除-解决驱动级文件隐藏挂马
- 2016.03 [] 有趣的小技巧,Webshell的克星
- 2016.01 [dfir] Webshells - Every Time the Same Story…(Part 2)
- 2016.01 [rsa] Hunting Webshells with RSA ECAT
- 2016.01 [sec] Metasploit Webshell初探
- 2015.12 [] Webshell安全检测篇(2)-深入用户的内心
- 2015.12 [] Webshell安全检测篇(1)-基于流量的检测方式
- 2015.12 [] Webshell安全检测篇(3)-基于行为分析来发现“未知的Webshell”
- 2015.12 [] Webshell安全检测篇(4)-基于流量的Webshell分析样例
- 2015.12 [] Webshell系列(5)- webshell之“看见”的能力分析
- 2015.12 [sec] 结合威胁情报的Webshell事件处理谈(2)–攻击者画像与机读IOC
- 2015.12 [sec] 如何检测隐藏的Webshell(三) Weevely.img
- 2015.12 [toolswatch] [New Tool] quasiBot v0.3 Beta Complex Webshell Manager
- 2015.12 [] webshell检测-日志分析
- 2015.12 [sec] 高隐藏性webshell分析:Weevely 3.2 Backdoor流量特征(一)
- 2015.12 [sec] Webshell安全检测(3): WeBaCoo网站后门特征分析
- 2015.12 [sec] Webshell安全检测(4):Weevely 样本后门特征分析
- 2015.12 [sec] 机读IOC文件下载–结合情报的Webshell分析
- 2015.12 [sec] 结合威胁情报的Webshell事件处理谈(1)–结合kill chain的攻击还原
- 2015.11 [sec] Webshell系列(5)- webshell之“看见”的能力分析
- 2015.11 [sec] Webshell安全检测篇(4)-基于流量的Webshell分析样例
- 2015.11 [] DZ6.x的UC_KEY getwebshell exploit
- 2015.11 [checkpoint] Check Point Threat Alert: Web Shells
- 2015.11 [sec] Webshell安全检测篇(3)-基于行为分析来发现“未知的Webshell”
- 2015.11 [ironcastle] TA15-314A: Compromised Web Servers and Web Shells – Threat Awareness and Guidance
- 2015.11 [sec] Webshell安全检测篇(2)-深入用户的内心
- 2015.11 [sec] Webshell安全检测篇(1)-基于流量的检测方式
- 2015.10 [freebuf] B374K PHP WEBSHELL:一款简单却功能强大的远程管理工具
- 2015.09 [evi1cg] Linux查webshell
- 2015.08 [] APT时代-窃密型WebShell检测方法的思考
- 2015.08 [dfir] Webshells - Every Time the Same Purpose, Every Time a Different Story… (Part 1)
- 2015.07 [freebuf] 窃密型WebShell检测方法
- 2015.07 [n0where] Stealthy PHP Web Shell Backdoor: Weevely
- 2015.06 [sec] APT时代-窃密型WebShell检测方法的思考
- 2015.05 [] MS15-051 修正版Exploit(Webshell可用)
- 2015.05 [] 另类Webshell:Xml Shell简介
- 2015.03 [crowdstrike] Chopping packets: Decoding China Chopper Web shell traffic over SSL
- 2015.02 [vxsecurity] [ Technical Teardown: PHP WebShell ]
- 2015.02 [freebuf] 技术分享:如何在PNG图片的IDAT CHUNKS中插入Webshell
- 2015.01 [s1gnalcha0s] SSJS Web Shell Injection
- 2015.01 [securityblog] A quick and dirty php web shell
- 2014.12 [freebuf] ModSecurity技巧:使用ssdeep检测Webshell
- 2014.12 [freebuf] 批量Webshell管理工具QuasiBot之后门代码分析
- 2014.12 [n0tr00t] 批量 Webshell 管理工具 QuasiBot 之后门代码分析
- 2014.12 [] 用Webshell直接杀入内网
- 2014.11 [] Webshell实现与隐藏探究
- 2014.09 [room362] OSX Persistence via PHP Webshell ·
- 2014.08 [3xp10it] 隐藏webshell的几条建议
- 2014.08 [3xp10it] 一句话webshell客户端脱库
- 2014.08 [3xp10it] unserialize免杀webshell
- 2014.08 [3xp10it] php中&引用免杀webshell
- 2014.08 [3xp10it] 自动测试上传功能是否可上传webshell
- 2014.08 [3xp10it] 自动测试上传功能是否可上传webshell
- 2014.08 [3xp10it] unserialize免杀webshell
- 2014.08 [3xp10it] php中&引用免杀webshell
- 2014.08 [3xp10it] 一句话webshell客户端脱库
- 2014.08 [3xp10it] 隐藏webshell的几条建议
- 2014.08 [n0where] php-webshells
- 2014.08 [freebuf] 揭秘渗透测试利器:Webshell批量管理工具QuasiBot
- 2014.08 [] PHPCMS后台低权限拿webSHELL
- 2014.06 [freebuf] 用搜索神器Everything定位Webshell木马后门
- 2014.06 [toolswatch] [New Tool] Antak WebShell – PowerShell Console Released
- 2014.05 [] 科讯KESION CMS最新版任意文件上传WEBSHELL
- 2014.04 [] [投稿]Webshell下命令执行限制及绕过方法
- 2014.04 [netspi] Executing MSF Payloads via PowerShell Webshellery
- 2014.04 [] [投稿]Webshell 远程提权
- 2014.03 [webroot] Commercial Windows-based compromised Web shells management application spotted in the wild – part two
- 2014.02 [crowdstrike] Mo’ Shells Mo’ Problems – Deep Panda Web Shells
- 2014.01 [freebuf] 浅谈webshell检测方法
- 2013.12 [webroot] Commercial Windows-based compromised Web shells management application spotted in the wild
- 2013.12 [freebuf] 《一个路径牵出连环血案》之三“向玩webshell的黑客钓鱼”(连载)
- 2013.11 [imperva] Threat Advisory: A JBoss AS Exploit, Web Shell code Injection.
- 2013.10 [] 最新一种过安全狗的webshell
- 2013.10 [] php LFI读php文件源码以及直接post webshell
- 2013.10 [trustwave] Hiding Webshell Backdoor Code in Image Files
- 2013.10 [] 齐博CMS GETWEBSHELL 0day
- 2013.08 [] Webshell过安全狗的几种技巧[附特征免杀法]
- 2013.08 [] 高版本正方教务系统上传后缀过滤不严导致能直接上传Webshell
- 2013.08 [] PJ博客批量可以获取webshell
- 2013.08 [] 用ZendGuard 加密php webshell
- 2013.07 [] 打破MS13-046不能webshell执行问题
- 2013.06 [trustwave] [Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging
- 2013.05 [tencent] 浅谈变形PHP WEBSHELL检测
- 2013.05 [forcepoint] WebShells WebShells on the Web Server
- 2013.04 [netspi] Adding PowerShell to Web Shells to get Database Access
- 2013.04 [freebuf] 查找phpwebshell小工具
- 2013.03 [] 旁注虚拟主机IIS权限重分配跨目录得webshell
- 2013.03 [freebuf] 分离Weevely加密模块加密任意WebShell
- 2013.03 [] 解决Win下MySQL root导出Webshell换行符问题
- 2013.02 [] siteserver后台getwebshell 8种方法
- 2013.01 [freebuf] Metasploit之使用socket通信的webshell简单分析
- 2013.01 [] 解密php webshell后门
- 2012.12 [] Siteserver cms后台拿webshell另一种方法
- 2012.11 [freebuf] 反向Web Shell处理工具-Shell of the Future
- 2012.10 [freebuf] [笔记]PHP一句话Webshell变形总结
- 2012.10 [] 利用社工绕道突破安全狗直取webshell
- 2012.09 [] 帝国cms最新版本后台拿webshell方法
- 2012.08 [] [挖0day]羊驼CMS 注入及getwebshell
- 2012.08 [toolswatch] Web Shell Detector v1.62 – The Shell Scanner
- 2012.07 [] ShyPost企业网站管理系统V4.3注入XSS漏洞及后台拿webshell
- 2012.07 [] 直接给asp防注入getwebshell
- 2012.06 [freebuf] Webshell代码检测背后的数学应用
- 2012.06 [freebuf] 利用grep查找webshell
- 2012.06 [freebuf] Webshell扫描工具WebShellDetector V1.51
- 2012.06 [talosintelligence] Web Shell Poses As A GIF
- 2012.06 [idontplaydarts] Encoding Web Shells in PNG IDAT chunks
- 2012.05 [freebuf] 配置Apache防止webshell上传
- 2012.05 [] SiteEngine 7.1 会员上传漏洞拿WEBSHELL
- 2012.05 [] 91736cms Getip SQL Injection & 后台妙拿 WebShell
- 2011.11 [] WebShell的检测技术
- 2011.09 [] 突破VirtualWall上传webshell
- 2011.09 [toolswatch] XCode SQLi/LFI/XSS and Webshell Scanning tool
- 2011.08 [] access 导出webshell
- 2011.08 [] Webshell下命令行跨站
贡献
内容为系统自动导出, 有任何问题请提issue