From ee612b97396dd09444cdcfb1855debaefcb04de1 Mon Sep 17 00:00:00 2001 From: nil0x42 Date: Wed, 26 Aug 2020 15:13:20 +0000 Subject: [PATCH] Add `phpsploit` (C2 framework via PHP oneliner) Add phpsploit tool (https://github.com/nil0x42/phpsploit): Full-featured C2 framework which silently persists on webserver via evil PHP oneliner, with a complete asrenal of post-exploitation & privesc features PhpSploit is a well-known advanced & stealth PHP backdoor for persistence & privesc --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2586cf5..51dd1b4 100644 --- a/README.md +++ b/README.md @@ -271,6 +271,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [ACSTIS](https://github.com/tijme/angularjs-csti-scanner) - ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability. - [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI. - [is-website-vulnerable](https://github.com/lirantal/is-website-vulnerable) - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries. +- [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features. ### Runtime Application Self-Protection