New source will be available soon.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Moved to


PHP Command Injection exploitation tool

  1. Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection).
  2. Execute the controller to exploit the command injection vulnerability. The controller is simply a command injection exploitation tool, and can therefore with a few adjustments be rewritten to exploit allready existing vulnerabilities without the need for uploading the 'simple-shell.php'.

Featuers (so far)

  1. File upload
  2. File download
  3. Normal terminal commands (excluding prompts e.g. password)
  4. Meterpreter reverse shell injection


You shall not misuse this tool to gain unauthorized access. This tool should only be used to expand knowledge, and not for causing malicious or damaging attacks. Performing any attacks without written permission from the owner of the system is illegal.