A collection of PHP scripts useful for penetration testers working in a PHP environment.
MIT License
This repository serves as a collection of command line PHP scripts useful for penetration testers operating in a PHP environment.
Listen on port 8000 and return a command shell.
php netcat.php --listen-port 8000 -c
Listen on port 8000 locally and proxy requests made to this port to the remote host at 192.168.0.1:80.
php tcp-proxy.php --listen-port 8000 --remote-host 192.168.0.1 --remote-port 80
Connect to remote host via username:
php ssh-tunnel.php --remote-host 192.168.0.1 --remote-port 22 --username test
Connect to remote host via key:
php ssh-tunnel.php --remote-host 192.168.0.1 --remote-port 22 --key-path /path/to/private/key
Fuzz base url with word list and check for response codes 200 and 201:
php url-fuzzer.php --base-url http://localhost:3000/FUZZ.php --wordlist /path/to/wordlist --response-codes 200,201
Likewise, these scripts can be access via a browser, with query string parameters instead of command line arguments.