GitHub - flozz/p0wny-shell: Single-file PHP shell By flozz Archived: 2026-04-05 19:02:48 UTC chat DDiissccoorrdd p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server. Features: Command history (using arrow keys ↑ ↓ ) Auto-completion of command and file names (using Tab key) Navigate on the remote file-system (using cd command) Upload a file to the server (using upload command) Download a file from the server (using download command) WARNING: THIS SCRIPT IS A SECURITY HOLE. DO NOT UPLOAD IT ON A SERVER UNLESS YOU KNOW WHAT YOU ARE DOING! https://github.com/flozz/p0wny-shell Page 1 of 4 Demo with Docker: docker build -t p0wny . docker run -it -p 8080:8080 -d p0wny # open with your browser http://127.0.0.1:8080/shell.php Contributing Questions If you have any question, you can: Open an issue on GitHub Ask on Discord (I am not always available to chat, but I try to answer to everyone) Bugs Please open an issue on GitHub with as much information as possible if you found a bug: Your operating system / Linux distribution (and its version) The PHP version you are using (example: PHP-FPM 8.1 , Apache mod_php 7.4 ,...) https://github.com/flozz/p0wny-shell Page 2 of 4 The Web server you are using and its version (example: Nginx 1.23 , Apache 2.4.55 ,...) All the logs and message outputted by the software etc. Pull requests Please consider filing a bug before starting to work on a new feature; it will allow us to discuss the best way to do it. It is obviously unnecessary if you just want to fix a typo or small errors in the code. Support this project Want to support this project? ☕️ Buy me a coffee ️ Give me a tip on PayPal ❤️ Sponsor me on GitHub Changelog v2023.08.10: Make p0wny@shell compatible with PHP 5.3 (@FrancoisCapon, #38) v2023.05.28: Encode all data fields as base64 to avoid encoding errors, especially on Windows (@cli-ish, #8, #35) v2023.05.22: Display the username and the hostname in the prompt (@cli-ish, #33, #7) v2023.05.10: Try different execution functions ( exec , shell_exec , system , passthru , popen , proc_open ) to run commands to bypass disabled functions (@cli-ish, #31, #32) v2023.02.27: Make terminal window resizable (@FrancoisCapon, #27) v2023.02.13: Larger terminal size on large screens (@psyray, #26) No more horozontal scrolling on small screens (@flozz) v2022.09.19: Expand path in cd command ( cd ~ , cd ~username ,...) Go home when running cd withoud argument. → Thanks @FrancoisCapon for the suggestion (#25) v2021.01.24: Style improvements: Better-looking scrollbar on webkit (@nakamuraos) Display a smaller logo on mobile (@nakamuraos) Ergonomic improvements: Focus the command field when clicking the page (@nakamuraos) https://github.com/flozz/p0wny-shell Page 3 of 4 Put the cursor at the end of the command field while navigating the history (@nakamuraos) v2019.06.07: Adds the clear command to clear the terminal (@izharaazmi #12) v2018.12.15: File upload and download feature (@Oshawk #5) v2018.06.01: Auto-completion of command and file names (@lo001 #2) Adaptation to mobile devices (responsive) (@lo001 #2) Improved handling of stderr (@lo001 #2) v2018.05.30: ES5 compatibility (@lo00l #1) Dependency to JQuery removed (@lo00l #1) Command history using arrow keys (@lo00l #1) Keep the command field focused when pressing the tab key v2017.10.30: CSS: invalid color fixed v2016.11.10: Initial release Source: https://github.com/flozz/p0wny-shell https://github.com/flozz/p0wny-shell Page 4 of 4