Webshells

Webshells is a Kali Linux package containing a curated set of web shells designed for simulating persistent access to compromised web servers. These shells support multiple scripting languages commonly found in web environments, enabling testers to upload and execute commands remotely via HTTP requests.

Use cases include post-exploitation scenarios where attackers maintain access after initial compromise, web application security assessments, and red team exercises. The collection is organized into directories by language, with files like cmdasp.asp for ASP and php-reverse-shell.php for PHP, facilitating quick deployment during engagements.

The tool draws from established sources like SecLists and Laudanum, integrated into Kali for convenience. It is referenced in OffSec training modules such as PEN-200 and WEB-200 for learning web shell deployment and detection methodologies.

Webshells operates as a static collection of scripts stored in /usr/share/webshells/, categorized by language (asp, aspx, cfm, jsp, perl, php). Each script functions as a backdoor that accepts HTTP parameters to execute system commands, open reverse shells, or provide command-line interfaces. For example, PHP shells like php-reverse-shell.php connect back to an attacker-specified host:port, while JSP shells like cmdjsp.jsp process GET/POST requests to run OS commands via Runtime.exec(). Symlinks to laudanum and seclists/Web-Shells extend the collection with additional payloads.