PHPSploit vs Weevely
GitHub Stats
About PHPSploit
PHPSploit is a stealth-focused post-exploitation command and control framework that maintains persistent remote access through a single-line PHP backdoor planted on a compromised web server. It tunnels all communication through standard HTTP requests to the PHP backdoor, making its traffic appear as normal web browsing and evading most network-level detection mechanisms. Red team operators and penetration testers use PHPSploit to maintain access to web servers during authorized engagements, executing system commands, browsing the filesystem, pivoting to internal networks, and exfiltrating data through the HTTP tunnel. The framework features a Metasploit-inspired modular architecture with plugins for privilege escalation, environment enumeration, and data extraction, and its minimal backdoor footprint makes it particularly difficult for defenders to detect through file integrity monitoring.
About Weevely
Weevely generates small, polymorphic PHP backdoors that blend into legitimate application code. Once deployed, the client connects to the shell over HTTP/HTTPS and provides over 30 post-exploitation modules including file management, command execution, database access, network pivoting, privilege escalation, and credential stealing. Communications are obfuscated within normal-looking HTTP parameters, making detection difficult. Weevely supports SQL console access, TCP tunneling through the compromised host, bruteforce attacks from the target, and system information gathering. It acts as a full post-exploitation framework through a single PHP file.
Platform Support
Tags
Shared
PHPSploit only
Weevely only