# This list contains patterns of various web shells, backdoors and similar # software written in PHP language. There is no way how to automatically update # this list, so it must be done by hand. Here is a recommended way how to add # new malicious software: # 1.) As patterns are matched against RESPONSE_BODY, you need to run a malicious # software (ideally in an isolated environment) and catch the output. # 2.) In the output, search for static pattern unique enough to match only # the software in question and to not do any FPs. The best pick is usually # a part of HTML code with software name. # 3.) Include software name and URL (if available) in the comment above # the pattern. # # Data comes from multiple places of which some doesn't work anymore. Few are # listed below: # - https://github.com/JohnTroony/php-webshells/tree/master/Collection # - https://www.localroot.net/shell/ # - Google search (keywords like webshells, php backdoor and similar) # 1n73ction web shell =[ 1n73ct10n privat shell ]= # Ajax/PHP Command Shell web shell >Ajax/PHP Command Shell< # AK-74 Security Team Web-shell .:: :[ AK-74 Security Team Web-shell ]: ::. # ALFA-SHELL web shell (https://github.com/solevisible) ~ ALFA TEaM Shell - # Andela Yuwono Priv8 Shell web shell --==[[ Andela Yuwono Priv8 Shell ]]==-- # Ani-Shell web shell (http://ani-shell.sourceforge.net/) Ani-Shell | India # AnonymousFox PHP web shell AnonymousFox # Antichat Shell web shell - Antichat Shell # AYT web shell Ayyildiz Tim | AYT # b374k web shell (https://github.com/b374k/b374k) # BloodSecurity Hackers Shell web shell BloodSecurity Hackers Shell # Bypass Attack Shell web shell Bypass Attack Shell # c0derz shell web shell title='.::[c0derz shell]::.'> # C99Shell + N3tShell web shell ! # Con7ext Shell V.2 web shell Con7ext Shell V.2 # Crystal shell web shell yCrystal shell v. # CWShell web shell ~ CWShell ~ # dC3 Security Crew web shell &dir&pic=o.b height= width=> # Defacing Tool Pro web shell [ Defacing Tool Pro v # Dive Shell web shell Dive Shell - Emperor Hacking Team # easy simple php web shell # ex0 shell web shell color=DeepSkyBlue size=6> ## ex0 shell # FaTaLSheLL web shell

FaTaLSheLL v # G-Security Webshell G-Security Webshell # h4ntu shell web shell h4ntu shell [powered by tsoi] # IDBTEAM SHELLS file manager

-=[+] IDBTEAM SHELLS # IndoXploit web shell IndoXploit # KA_uShell web shell | # Lifka Shell web shell >LIFKA SHELL # Loader'z web shell Loader'z WEB shell # Locus7Shell web shell b>--[ x2300 Locus7Shell v. # Lolipop web shell Lolipop.php - Edited By KingDefacer - # MARIJUANA web shell (https://0x5a455553.github.io/MARIJUANA/) <link rel="icon" href="//0x5a455553.github.io/MARIJUANA/icon.png" /> # Matamu Mat web shell <title> Matamu Mat # MyShell web shell MyShell ©2001 Digitart Producciones # NCC Shell web shell

.:NCC:. Shell v # PHPShell by Macker web shell PHPShell by Macker - Version # PHPShell by MAX666 web shell PHPShell by MAX666, Private Exploit, For Server Hacking # qsd web shell
Execute Shell Command (safe mode is off):
# Rootshell web shell

Rootshell v # rusuh web shell ./rusuh # Safe0ver web shell ##Safe0ver## # Shany's web shell

Watch Your system Shany was here.

Linux Shells



# Simple PHP backdoor web shell