Webshell-Sniper is a terminal-based webshell manager that enables remote control of PHP-based web servers for penetration testing and red teaming.
:hammer: Manage your website via terminal
This tool is primarily used by penetration testers and red teamers to manage and control compromised web servers via webshells through a command-line interface. It facilitates exploitation and security automation by allowing users to interact with webshells remotely, especially on PHP/MySQL servers running on Unix-like systems.
This tool requires a Unix-like operating system and Python 2.7 on the attacker's machine. It is designed specifically for managing PHP-based webshells and assumes the target server runs Apache 2.4 with PHP 7.0. Users should ensure legal authorization before using this tool to avoid unauthorized access violations.
git clone https://github.com/WangYihang/Webshell-Sniper
cd Webshell-Sniper
pip install -r requirements.txtpython webshell-sniper.py [URL] [METHOD] [AUTH]
Basic usage pattern to run the tool by specifying the target URL, HTTP method, and authentication parameter.
python webshell-sniper.py http://127.0.0.1/c.php POST c
Example command to connect to a webshell at the specified URL using POST method with 'c' as the authentication key.
python webshell-sniper.py http://victim.com/index.php POST s3cr3t
Example demonstrating usage with a PHP webshell that evaluates POST parameter 's3cr3t' for command execution.