This is a simple script to infect images with PHP Backdoors for local file inclusion attacks.
2417fa7ba59a45f47d8610a1495111a59f039bd586605208288ef92ac36d8906
Xingyiquan rootkit for Linux kernel versions 2.6.x and 3.x. It hides processes, files, directories, processes, network connections, adds backdoors, and more.
c3816e8c416c9c40735117ccf83f8351a2162575c9b07aadde2d98735b710d92
bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.
17bb28d0c4a3e2058cf728936b45586915c671f6cadd0920f2e695332adabeb7
PoisonShell is a simple PHP shell that has several options.
1177aa0f4865f3d1e5e984496bebd9fb296ac647af1d140d40bd1a04998ca97a
wtmpClean is a tool for Unix which clears a given user from the wtmp database.
10f1c941b82e5c32941825b7f59e6704592032f477faeac4c08b3c40729717cb
Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.
ec98508fc4cdf0112e94528e07c54147f753faa6a4210d9ea336d8c58a2140de
wtmpClean is a tool for Unix which clears a given user from the wtmp database.
1e123dcaf681799dd910481339b5c9c5af25e91925706c616b8b98668460f766
Web-Spa is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated operating system (O/S) command on it.
a947eaea9219435522452e5998b2815a6bc802c2c9c0ccc0d1d38e524c6b022e
This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.
0db5bc9774ba0b32ffa49115373f366cf35e5d084ff60d03694a15a033162885
This code is a shell sniffer that logs keystrokes for bash 3.0.
9b35fdfae427711f593e60b66dab25db64fbb15c2814f7d9219d9aed5f0ee9e0
This is a PHP shell that provides the ability to connect back, grab files, perform exploit searches for local roots and compile and run them, and much more.
9a58a31ca500190b10953b45211f622c7f926cd4e939781b4f99fae0213fad96
This code is a backdoor for nginx. It provides remote shell access, SOCKS5 tunneling, and HTTP password sniffing and logging.
8f754357b61c73fe20efc8dd28b52d222feb812bbaf36bebdfee47e30d0ddfb1
This is a simple PHP web shell backdoor.
aaad39e328e8da519232f1d7feb60cfd3c991f2aa486739cdba8df7d746a8994
This is a reverse shell over SCTP implemented in Python. Currently it does not use SSL, but may evade most firewalls and IDS devices as many of them seemingly have no rules in place to check SCTP traffic.
6743f69ce173275310d5f2ffe1d1a49e6786c7abd202da271f4e6f25bd156590
This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.
397d3f851a08bef7d13138eedf2b87ab8e732b35f14514f58a2162c103188aab
Hackersh ("Hacker Shell") is a free and open source shell (command interpreter) written in Python with built-in security commands, and out-of-the-box wrappers for various security tools, using Pythonect as its scripting engine. Pythonect is a new, experimental, general-purpose high-level dataflow programming language based on Python. It aims to combine the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python.
c188aaa57fe58d3d722bde76e26f37d182dad24c2a123c3691f08b71d8849d85
Usernamer is a penetration testing tool to generate a list of possible usernames/logins (ex: John Doe Doeson) for user enumeration or bruteforcing. This tool also supports text-files with one name per line as input.
75f2d3ac161fa0569232e5ce8b802ea530d7b3e34e503645d5c1cf8301c9a8ec
PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().
9ae6f1db9ff8c94146491368c999d0b4d6a0a9cfe7316a6f72a899025250bf36
This is a simple utility for exploiting command injection vulnerabilities in web applications. Supports POST and GET requests. Can deliver an "inline shell" or a (python) reverse shell.
2c82dcde1a7835fac49946c2d7c022271f0105c0e8c280133632994e909508cd
PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().
3078b9daa99d887414dbe12584cdafa91a5f3554f05f8ad34cdf5d3ffe218a26
PHPkit is a simple PHP based backdoor, leveraging include() and php:// input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include(). Includes a simple python client that gives a "shell" on the server.
a0b89f7413840636a73320699e779bec747d2127f4e7880708cb96dae4596056
This is a mini-php backdoor shell. It has a PHP encoder/decoder, mail bombing functionality, reverse shell, cPanel cracker, and more.
27ad339a1514e347e845b24923cfcd49b2242e7c4f4111ce61e4b88048eb9c3e
This is a mini-php backdoor shell.
5ca862943a56fca9733eed2540342a6875fffe6804949d6179595f4a6df1aeea
Last Door is a utility written to wipe specific entries in arbitrary log files and if setuid, will also execute arbitrary commands without logging any history.
c77d9cd0a6f0cecd8e0186eae6512b85a7e83701893271954a6e51376756c1d1
Unix/Darbe-A is a new kernel rootkit backdoor based in the /proc file system.
e25b0997b5091f37ef98994f27fe8bbbd761dbb249f79ecc16ff5c73bf2ba57e