Ray's Web SHell
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
client.py
shell.php

README.md

RWSH - Ray's Web SHell

A PHP web shell and its Python based client

Features

  • Encoded communication
  • Pseudo-interactive shell

Execution

  • Cleaner output formatting than PHP passthru
  • Hostname and username (whoami) detection
  • (Mostly) Clean exiting
  • Ability to still interact with via a browser
  • Support for GET and POST methods

Browser

TODO

  • Add ability to easily obfuscate shell.php
  • Add client specific functionality similar to meterpreter (upload, download, etc.)
  • Include randomly generated filenames for server.php (similar to Metasploit payloads)
  • Look into better methods of encryption or encoding for the traffic
  • Handle all exit cases better
  • Perform OS detection and better prompt displays
  • Look into the ability to change directories (change the prompt, prepend the current directory to any requests?)
  • Pseudo random key for forward-secrecy
  • Better encoded version to avoid detection (grep, AI-Bolit)
  • Clean up and add more methods
  • Add support for more HTTP verbs as well as headers (cookies, arbitrary, etc.)