PHPSploit

PHPSploit is a stealth-focused post-exploitation command and control framework that maintains persistent remote access through a single-line PHP backdoor planted on a compromised web server. It tunnels all communication through standard HTTP requests to the PHP backdoor, making its traffic appear as normal web browsing and evading most network-level detection mechanisms. Red team operators and penetration testers use PHPSploit to maintain access to web servers during authorized engagements, executing system commands, browsing the filesystem, pivoting to internal networks, and exfiltrating data through the HTTP tunnel. The framework features a Metasploit-inspired modular architecture with plugins for privilege escalation, environment enumeration, and data extraction, and its minimal backdoor footprint makes it particularly difficult for defenders to detect through file integrity monitoring.