phpbash is a standalone, semi-interactive web shell. It's main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors, so pentesters should feel right at home.
Javascript must be enabled on the client browser for phpbash to work properly. The target machine must also allow execution of the shell_exec PHP function, although it is very simple to modify the script to use an alternate function.
- Requires only a single PHP file
- POST-based requests
- Support for current working directory
- Command history with arrow keys
- Upload files directly to target directory
Have a feature idea? Open an Issue.
cdReturn to default shell directorycd <path>Change directorycd -Return to previous directoryclearClears all outputuploadOpens the file browser and uploads selected file
Simply drop the phpbash.php file on the target and access it with any Javascript-enabled web browser.