Skip to content
A collection of PHP backdoors. For educational or testing purposes only.
Branch: master
Clone or download
bartblaze Add shells
Adds 2 unknown shells, simple PHP backdoor with several functionalities.
Latest commit dc1129a Feb 7, 2020
Type Name Latest commit message Commit time
Failed to load latest commit information.
Deobfuscated Add files via upload Feb 7, 2020
Obfuscated Add shells Feb 7, 2020
.gitignore Add shells + info May 16, 2016
.gitmodules Add shells + info May 16, 2016 Create May 16, 2016
PHP Update PHP Jul 27, 2016 Update Apr 8, 2018
composer.json Add shells + info May 16, 2016


A collection of PHP backdoors. For educational and/or testing purposes only.


  • The deobfuscated folder does not necessarily contain deobfuscated versions of the backdoors you can find in the obfuscated folder. To deobfuscate those and other tricks, Check out the PHP tools section.
  • Always investigate malware in a secure environment. This means: separately from your network and in a virtual machine!
  • Some backdoors may be backdoored (yes, really). Don't ever use this for any malicious purposes.
  • The backdoors follow the format: Backdoorname_SHA1.php, granted the name of the backdoor is known.

PHP tools

This includes links to tools for the following:

  • Deobfuscators (online and offline)
  • Beautifiers (online and offline)
  • Testers (running the code - do this in a secure environment!)

Access the links to these tools directly from here.

Other repos

Other information

Read my blog post on 'C99Shell not dead' for more information about PHP backdoors (and in particular c99Shell, which you can also find in this repository). You can also follow me on Twitter.


If you're trying to detect webshells like the ones mentioned in this repository, you may want to use Yara and scan your web server with the following Yara rules specifically for webshells: Yara-rules/Webshells

Alternatively, have a look at the disinfection tips provided in my blog post.



To the extent possible under law, bartblaze has waived all copyright and related or neighboring rights to this work. He makes no warranties about the work, and disclaims liability for all uses of the work.

You can’t perform that action at this time.