explaingit

tennc/webshell

10,727PHPAudience · developerComplexity · 2/5LicenseSetup · easy

TLDR

A research collection of webshell scripts in PHP, ASP, JSP, and other server-side languages, intended for security professionals studying attack techniques and testing detection systems, restricted to educational use only.

Mindmap

mindmap
  root((repo))
    What It Is
      Webshell collection
      Research and testing
      Educational use only
    Languages Covered
      PHP scripts
      ASP and ASPX
      JSP and Python
      Perl scripts
    Who Uses It
      Security researchers
      Penetration testers
      Detection rule builders
    Related Resources
      20 similar GitHub projects
      Web management tools
      AntSword and Behinder
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Test your web application firewall or intrusion detection system against known webshell signatures

USE CASE 2

Study how webshells are structured across different server-side languages for security research

USE CASE 3

Use as reference material when building detection rules for a security monitoring system

USE CASE 4

Compare attack tool patterns across PHP, ASP, and JSP to understand how they differ by environment

Tech stack

PHPASPASPXJSPPythonPerl

Getting it running

Difficulty · easy Time to first run · 5min
Licensed under MIT, use freely including for research and testing, but any illegal use is the sole responsibility of the user, not the project maintainer.

In plain English

This repository is a collection of webshell scripts gathered for research and testing purposes. A webshell is a script uploaded to a web server that allows remote control of that server through a browser. Security professionals, penetration testers, and researchers use collections like this to study how such tools work, test detection systems, or understand attack techniques. The repository's README is primarily in Chinese, with English and Turkish translations linked. The collection covers scripts written in several common server-side languages: PHP, ASP, ASPX, JSP, Perl, and Python. Contributors have added shells from various sources over time. The project notes that it cannot guarantee any of the submitted scripts are free of hidden backdoors, though the author states they have not intentionally added any themselves. Anyone submitting scripts is asked not to add backdoors, and issues should be filed if any are discovered. The README also lists around twenty related webshell projects on GitHub, and a set of web management tools commonly used alongside webshells in security research contexts, including several Chinese-origin tools like AntSword and Behinder. The repository is explicitly restricted to testing and educational use. The author states that any illegal activity carried out using materials from this project is the sole responsibility of whoever carries it out, not the project maintainer. The project is licensed under MIT and releases are available as downloadable archives from the GitHub releases page.

Copy-paste prompts

Prompt 1
I'm building WAF detection rules and need to understand common PHP webshell code patterns. What are the key code signatures I should look for in this collection?
Prompt 2
I'm doing an authorized penetration test and want to verify my server-side detection is catching webshell uploads. Walk me through what a typical PHP webshell from this repo looks like.
Prompt 3
How do webshell scripts differ between PHP, ASP, and JSP in terms of how they accept and execute remote commands?
Prompt 4
I want to set up a honeypot that logs webshell upload attempts. Which signature patterns from this collection should I prioritize in my detection rules?
Open on GitHub → Explain another repo

← tennc on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.