$

ls -la ~/shells

ALL

PHP SHELL

BACKDOOR SHELL

BYPASS SHELL

MINI SHELL

WEBSHELL

FILE MANAGER

ROOTKIT

48 results · page 1/3

D7net Web Shell Bypass — 'D7net Web Shell Bypass' is a specialized tool designed for penetration testing and security auditing, enabling users to test and bypass web security mechanisms effectively. This tool is integral for authorized security assessments and enhancing cybersecurity defenses.
2025-12-19|#1010|86
PHP Shell
1337 Bypass Shell — '1337 Bypass Shell' is a PHP web shell designed for penetration testing and security auditing, enabling users to bypass standard security measures to test system vulnerabilities responsibly. Ideal for authorized security professionals seeking to enhance defense mechanisms.
2025-09-14|#995|23
Bypass Shell
Backdoor File Manager Shell — 'Backdoor File Manager Shell' is a PHP tool designed for penetration testing and security auditing, enabling users to manage files remotely and bypass standard access controls. Ideal for authorized security assessments to strengthen network defenses.
2025-07-18|#1002|23
Backdoor Shell
BypassServ Mini Shell — BypassServ Mini Shell is a specialized PHP web shell designed for penetration testing and security auditing, enabling users to bypass server restrictions efficiently. Ideal for authorized cybersecurity assessments to enhance system defenses.
2025-06-16|#992|120
Backdoor Shell
Adminer Mysql Php — Adminer Mysql Php is a potent web shell tool designed for penetration testing and security auditing, enabling users to bypass standard access controls to assess database vulnerabilities effectively.
2025-05-15|#1025|99
PHP Shell
b374k Shell — The b374k Shell is a PHP web shell designed for penetration testing and security auditing, enabling users to manage remote servers and bypass standard access controls. Ideal for authorized security professionals to assess vulnerabilities effectively.
2025-05-09|#1029|107
PHP Shell
Alfa File Manager Hidden — 'Alfa File Manager Hidden' is a PHP web shell tool designed for security auditing and penetration testing, enabling users to manage files discreetly and bypass standard access controls. Ideal for authorized cybersecurity assessments and educational purposes.
2025-04-22|#980|116
PHP Shell
Invisio Backdoor Shell – Hidden Backdoor Bypass Shell 2025 — Invisio Backdoor Shell – Hidden Backdoor Bypass Shell 2025 is a cutting-edge PHP web shell designed for security auditing and penetration testing, enabling users to bypass standard security protocols. This tool facilitates comprehensive testing and safeguarding of web applications.
2025-02-25|#999|74
Backdoor Shell
Indrajith Web Shell Symlink Bypass Tools — 'Indrajith Web Shell Symlink Bypass Tools' is specifically designed for security professionals to enhance penetration testing and security auditing capabilities, offering advanced features to bypass symlink protections efficiently. Ideal for authorized cybersecurity assessments.
2025-02-23|#1009|114
PHP Shell
C99 Shell v2025 (bypass, anti WAF) — C99 Shell v2025, designed for advanced penetration testing and security auditing, enables users to bypass Web Application Firewalls (WAF) effectively. This tool is essential for authorized cybersecurity assessments, offering deep server interactions and comprehensive testing capabilities.
2025-01-13|#971|63
Bypass Shell
Advanced File Manager Bypass — 'Advanced File Manager Bypass' is a PHP web shell tool designed for penetration testing and security auditing, enabling users to bypass standard file management restrictions to assess system vulnerabilities effectively.
2025-01-01|#1006|92
PHP Shell
Bypass 2024 Priv8 Shell — 'Bypass 2024 Priv8 Shell' is a cutting-edge PHP web shell designed for penetration testing and security auditing, enabling users to bypass standard security protocols. Ideal for authorized cybersecurity enhancements and in-depth network testing.
2024-12-24|#1007|52
Bypass Shell
Mrj Haxcore Bypass 403 Shell — 'Mrj Haxcore Bypass 403 Shell' optimizes penetration testing and security auditing by enabling users to bypass HTTP 403 errors, facilitating deeper system analysis. Designed for authorized security professionals, this tool enhances vulnerability assessment capabilities.
2024-12-04|#1008|25
PHP Shell
Ribel Cyber Team Simple File Manager — 'Ribel Cyber Team Simple File Manager' is a PHP web shell tool designed for security auditing and penetration testing, enabling users to manage files remotely and bypass standard access controls effectively. Perfect for authorized cybersecurity assessments and infrastructure testing.
2024-09-06|#1014|24
PHP Shell
index attacker symlink bypass 404 shell — 'Index Attacker Symlink Bypass 404 Shell' is a PHP web shell designed for security auditing and penetration testing, enabling users to bypass symlink restrictions efficiently. This tool is pivotal for authorized vulnerability assessment and defensive cybersecurity strategy enhancement.
2024-08-31|#1019|55
PHP Shell
Back Hack Bypass Shell — Back Hack Bypass Shell is a PHP web shell designed for advanced penetration testing and security auditing, enabling users to bypass standard access controls efficiently. This tool is crafted for authorized cybersecurity professionals to enhance system defenses.
2024-08-28|#990|18
Bypass Shell
HaxorSec V2 Shell — 'HaxorSec V2 Shell' is a PHP web shell designed for penetration testing and security auditing, enabling users to bypass standard access controls. This tool facilitates a deeper understanding of server vulnerabilities, exclusively for ethical hacking and authorized security assessments.
2024-07-07|#975|52
Bypass Shell
pHpmyadmin Shell — 'Phpmyadmin Shell' enables advanced penetration testing and security auditing by facilitating server control and environment manipulation to bypass standard access controls. This tool is designed for authorized security professionals to enhance system defenses.
2024-07-02|#982|76
Bypass Shell
privdayz v1 shell (bypass, auto root linux/win, symlink, cgi, 40+ tool) — Privdayz v1 Shell excels in advanced penetration testing and security auditing, offering features like bypass capabilities, auto-root for both Linux and Windows, and over 40 integrated tools, including symlink and CGI support.
2024-04-29|#970|68
Backdoor Shell
403WebShell Bypass — '403WebShell Bypass' is a PHP web shell tool designed for penetration testing and security auditing, enabling users to bypass server restrictions effectively. Ideal for authorized cybersecurity assessments, it enhances testing precision and access capabilities.
2024-04-16|#1011|32
PHP Shell
$

ls ~/categories

PHP SHELL0 shells
View collection
BACKDOOR SHELL0 shells
View collection
BYPASS SHELL0 shells
View collection
$

cat README.md

What Are PHP Shells?

A PHP shell is a server-side script that provides remote access to a web server through a browser interface. These tools are used by cybersecurity professionals, penetration testers, and security researchers to evaluate the security posture of web applications and server environments in authorized testing scenarios.

Types of PHP Shells

  • Full-Featured Shells — Comprehensive tools like c99 and r57 with file managers, database browsers, command execution, and network utilities.
  • Mini Shells — Lightweight scripts under 50KB for quick assessments with minimal footprint.
  • Bypass Shells — Designed to test WAF rules, disabled function restrictions, and security software detection.
  • Backdoor Shells — Persistent access tools with stealth features and encrypted communications for testing incident response.
  • Rootkit Shells — Deep system access tools for testing kernel-level security and privilege escalation defenses.

Key Features

File Management — browse, upload, download, edit server files
Command Execution — execute system commands across OS environments
Database Management — MySQL, PostgreSQL, MSSQL, SQLite connectivity
Network Tools — port scanning, reverse shells, proxy tunneling
Bypass Techniques — disabled functions, open_basedir, WAF testing
Encryption — AES/RSA payloads, obfuscation, anti-forensic features

Why Penetration Testers Choose PHP Shells

PHP powers approximately 77% of websites with known server-side languages, making PHP shells indispensable for security professionals. They demonstrate the potential impact of vulnerabilities like unrestricted file uploads, remote code execution (RCE), local file inclusion (LFI), and remote file inclusion (RFI) through controlled demonstrations that communicate risk and drive remediation.

$

cat FAQ.md

Frequently Asked Questions

What is a PHP web shell?

A PHP web shell is a server-side script providing remote access through a web browser. Security professionals use these during authorized penetration testing engagements to evaluate web application and server security posture.

Are PHP shells legal to download?

Downloading for educational purposes and authorized security testing is generally legal. Deploying on systems without explicit written authorization is illegal. Always ensure proper authorization.

What is the difference between shell types?

Mini shells are lightweight (<50KB) for quick assessments. Full-featured shells (100KB+) include database browsers, network scanners, and advanced file management. Bypass shells specialize in circumventing security restrictions. Backdoor shells focus on persistent stealth access.

Which PHP shell is best for penetration testing?

Depends on your needs. c99 and r57 are popular full-featured options. b374k offers encryption support. For quick assessments, p0wny or Mini Shell Pro provide essential functionality in a smaller footprint.