{
	"id": "7cb1a92e-aba2-4293-9277-698226acb3f2",
	"created_at": "2026-04-06T00:16:12.694696Z",
	"updated_at": "2026-04-10T03:20:45.349663Z",
	"deleted_at": null,
	"sha1_hash": "71726a205deef128a6b8eaab2ed11c6166ccd872",
	"title": "GitHub - flozz/p0wny-shell: Single-file PHP shell",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 139604,
	"plain_text": "GitHub - flozz/p0wny-shell: Single-file PHP shell\r\nBy flozz\r\nArchived: 2026-04-05 19:02:48 UTC\r\nchat DDiissccoorrdd\r\np0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server\r\nwhen pentesting a PHP application. Use it with caution: this script represents a security risk for the server.\r\nFeatures:\r\nCommand history (using arrow keys ↑ ↓ )\r\nAuto-completion of command and file names (using Tab key)\r\nNavigate on the remote file-system (using cd command)\r\nUpload a file to the server (using upload \u003cdestination_file_name\u003e command)\r\nDownload a file from the server (using download \u003cfile_name\u003e command)\r\nWARNING: THIS SCRIPT IS A SECURITY HOLE. DO NOT UPLOAD IT ON A SERVER UNLESS YOU\r\nKNOW WHAT YOU ARE DOING!\r\nhttps://github.com/flozz/p0wny-shell\r\nPage 1 of 4\n\nDemo with Docker:\r\ndocker build -t p0wny .\r\ndocker run -it -p 8080:8080 -d p0wny\r\n# open with your browser http://127.0.0.1:8080/shell.php\r\nContributing\r\nQuestions\r\nIf you have any question, you can:\r\nOpen an issue on GitHub\r\nAsk on Discord (I am not always available to chat, but I try to answer to everyone)\r\nBugs\r\nPlease open an issue on GitHub with as much information as possible if you found a bug:\r\nYour operating system / Linux distribution (and its version)\r\nThe PHP version you are using (example: PHP-FPM 8.1 , Apache mod_php 7.4 ,...)\r\nhttps://github.com/flozz/p0wny-shell\r\nPage 2 of 4\n\nThe Web server you are using and its version (example: Nginx 1.23 , Apache 2.4.55 ,...)\r\nAll the logs and message outputted by the software\r\netc.\r\nPull requests\r\nPlease consider filing a bug before starting to work on a new feature; it will allow us to discuss the best way to do\r\nit. It is obviously unnecessary if you just want to fix a typo or small errors in the code.\r\nSupport this project\r\nWant to support this project?\r\n☕️ Buy me a coffee\r\n️ Give me a tip on PayPal\r\n❤️ Sponsor me on GitHub\r\nChangelog\r\nv2023.08.10:\r\nMake p0wny@shell compatible with PHP 5.3 (@FrancoisCapon, #38)\r\nv2023.05.28:\r\nEncode all data fields as base64 to avoid encoding errors, especially on Windows (@cli-ish, #8,\r\n#35)\r\nv2023.05.22:\r\nDisplay the username and the hostname in the prompt (@cli-ish, #33, #7)\r\nv2023.05.10:\r\nTry different execution functions ( exec , shell_exec , system , passthru , popen ,\r\nproc_open ) to run commands to bypass disabled functions (@cli-ish, #31, #32)\r\nv2023.02.27:\r\nMake terminal window resizable (@FrancoisCapon, #27)\r\nv2023.02.13:\r\nLarger terminal size on large screens (@psyray, #26)\r\nNo more horozontal scrolling on small screens (@flozz)\r\nv2022.09.19:\r\nExpand path in cd command ( cd ~ , cd ~username ,...)\r\nGo home when running cd withoud argument.\r\n→ Thanks @FrancoisCapon for the suggestion (#25)\r\nv2021.01.24:\r\nStyle improvements:\r\nBetter-looking scrollbar on webkit (@nakamuraos)\r\nDisplay a smaller logo on mobile (@nakamuraos)\r\nErgonomic improvements:\r\nFocus the command field when clicking the page (@nakamuraos)\r\nhttps://github.com/flozz/p0wny-shell\r\nPage 3 of 4\n\nPut the cursor at the end of the command field while navigating the history (@nakamuraos)\r\nv2019.06.07:\r\nAdds the clear command to clear the terminal (@izharaazmi #12)\r\nv2018.12.15:\r\nFile upload and download feature (@Oshawk #5)\r\nv2018.06.01:\r\nAuto-completion of command and file names (@lo001 #2)\r\nAdaptation to mobile devices (responsive) (@lo001 #2)\r\nImproved handling of stderr (@lo001 #2)\r\nv2018.05.30:\r\nES5 compatibility (@lo00l #1)\r\nDependency to JQuery removed (@lo00l #1)\r\nCommand history using arrow keys (@lo00l #1)\r\nKeep the command field focused when pressing the tab key\r\nv2017.10.30:\r\nCSS: invalid color fixed\r\nv2016.11.10:\r\nInitial release\r\nSource: https://github.com/flozz/p0wny-shell\r\nhttps://github.com/flozz/p0wny-shell\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://github.com/flozz/p0wny-shell"
	],
	"report_names": [
		"p0wny-shell"
	],
	"threat_actors": [],
	"ts_created_at": 1775434572,
	"ts_updated_at": 1775791245,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/71726a205deef128a6b8eaab2ed11c6166ccd872.pdf",
		"text": "https://archive.orkl.eu/71726a205deef128a6b8eaab2ed11c6166ccd872.txt",
		"img": "https://archive.orkl.eu/71726a205deef128a6b8eaab2ed11c6166ccd872.jpg"
	}
}