git404hub

what is webshell fr?

tennc/webshell — explained in plain English

Analysis updated 2026-06-24

10,727PHPAudience · developerComplexity · 2/5LicenseSetup · easy

tl;dr

A research collection of webshell scripts in PHP, ASP, JSP, and other server-side languages, intended for security professionals studying attack techniques and testing detection systems, restricted to educational use only.

vibe map

mindmap
  root((repo))
    What It Is
      Webshell collection
      Research and testing
      Educational use only
    Languages Covered
      PHP scripts
      ASP and ASPX
      JSP and Python
      Perl scripts
    Who Uses It
      Security researchers
      Penetration testers
      Detection rule builders
    Related Resources
      20 similar GitHub projects
      Web management tools
      AntSword and Behinder

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Test your web application firewall or intrusion detection system against known webshell signatures

VIBE 2

Study how webshells are structured across different server-side languages for security research

VIBE 3

Use as reference material when building detection rules for a security monitoring system

VIBE 4

Compare attack tool patterns across PHP, ASP, and JSP to understand how they differ by environment

what's the stack?

PHPASPASPXJSPPythonPerl

how it stacks up fr

tennc/webshellmockery/mockeryserbanghita/mobile-detect
Stars10,72710,72410,682
LanguagePHPPHPPHP
Setup difficultyeasyeasyeasy
Complexity2/52/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min
Licensed under MIT, use freely including for research and testing, but any illegal use is the sole responsibility of the user, not the project maintainer.

in plain english

This repository is a collection of webshell scripts gathered for research and testing purposes. A webshell is a script uploaded to a web server that allows remote control of that server through a browser. Security professionals, penetration testers, and researchers use collections like this to study how such tools work, test detection systems, or understand attack techniques. The repository's README is primarily in Chinese, with English and Turkish translations linked. The collection covers scripts written in several common server-side languages: PHP, ASP, ASPX, JSP, Perl, and Python. Contributors have added shells from various sources over time. The project notes that it cannot guarantee any of the submitted scripts are free of hidden backdoors, though the author states they have not intentionally added any themselves. Anyone submitting scripts is asked not to add backdoors, and issues should be filed if any are discovered. The README also lists around twenty related webshell projects on GitHub, and a set of web management tools commonly used alongside webshells in security research contexts, including several Chinese-origin tools like AntSword and Behinder. The repository is explicitly restricted to testing and educational use. The author states that any illegal activity carried out using materials from this project is the sole responsibility of whoever carries it out, not the project maintainer. The project is licensed under MIT and releases are available as downloadable archives from the GitHub releases page.

prompts (copy fr)

prompt 1
I'm building WAF detection rules and need to understand common PHP webshell code patterns. What are the key code signatures I should look for in this collection?
prompt 2
I'm doing an authorized penetration test and want to verify my server-side detection is catching webshell uploads. Walk me through what a typical PHP webshell from this repo looks like.
prompt 3
How do webshell scripts differ between PHP, ASP, and JSP in terms of how they accept and execute remote commands?
prompt 4
I want to set up a honeypot that logs webshell upload attempts. Which signature patterns from this collection should I prioritize in my detection rules?

Frequently asked questions

what is webshell fr?

A research collection of webshell scripts in PHP, ASP, JSP, and other server-side languages, intended for security professionals studying attack techniques and testing detection systems, restricted to educational use only.

What language is webshell written in?

Mainly PHP. The stack also includes PHP, ASP, ASPX.

What license does webshell use?

Licensed under MIT, use freely including for research and testing, but any illegal use is the sole responsibility of the user, not the project maintainer.

How hard is webshell to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is webshell for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.