What is SecLists Web-Shells?

A curated subset of SecLists containing web shell samples for detection, analysis, and testing across multiple languages.

Is it legal to use these samples?

Only in authorized security testing with written permission. The collection is MIT licensed for legitimate, controlled use.

How do I access the files?

Visit the SecLists repository and navigate to the Web-Shells category: https://github.com/danielmiessler/SecLists with relevant language shells like PHP, ASP/ASPX, JSP, Python, and Perl.

SecLists Web-Shells

npx machina-cli add skill Eyadkelleh/awesome-claude-skills-security/web-shells --openclaw

Files (1)

SKILL.md

2.5 KB

SecLists Web-Shells

Description

Web shell samples for detection and analysis: PHP, ASP, ASPX, JSP, Python, Perl shells. Use for security research and detection system testing.

Source: SecLists/Web-Shells Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

Web shell detection testing
Security monitoring validation
Malware analysis
IDS/IPS signature testing
Forensics research

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

PHP shells - Common PHP web shells
ASP/ASPX shells - Microsoft web shells
JSP shells - Java server pages shells
Python shells - Python-based shells
Perl shells - Perl web shells

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Web-Shells"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

Authorized penetration testing with written permission
Bug bounty programs (within scope)
CTF competitions
Security research in controlled environments
Testing your own systems
Educational demonstrations

Prohibited Use Cases ❌

Unauthorized access attempts
Testing without permission
Malicious activities
Privacy violations
Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:

Full repository: https://github.com/danielmiessler/SecLists
Size: 4.5 GB with 6,000+ files
All categories: Passwords, Usernames, Discovery, Fuzzing, Payloads, Web-Shells, Pattern-Matching, AI, Miscellaneous

Generated by Skill Seeker | SecLists Web-Shells Collection License: MIT - Use responsibly with proper authorization

Source

git clone https://github.com/Eyadkelleh/awesome-claude-skills-security/blob/main/seclists-categories/web-shells/SKILL.mdView on GitHub

Overview

SecLists Web-Shells is a curated collection of web shell samples across PHP, ASP, ASPX, JSP, Python, and Perl. It supports security researchers in detection testing, malware analysis, and IDS/IPS signature validation in controlled environments.

How This Skill Works

The skill provides language-specific web shell payloads that can be loaded into safe lab setups to observe behavior and test detection rules. Use these samples to benchmark security tools, study shell capabilities, and validate response workflows while adhering to authorized testing practices.

When to Use It

Web shell detection testing to verify your monitoring and alerting coverage
Security monitoring validation for SOC workflows and SIEM rules
Malware analysis and behavior research across multiple scripting languages
IDS/IPS signature testing and rule validation against real-world shell patterns
Forensics research and incident response tabletop exercises in controlled environments

Quick Start

Step 1: Review the SecLists Web-Shells category and download relevant language shells (PHP, ASP, ASPX, JSP, Python, Perl).
Step 2: Set up a secure, isolated testing environment and load selected shell samples into your testing harness.
Step 3: Run your detection rules or signatures against the samples and analyze the results with logging enabled.

Best Practices

Obtain written authorization before using or testing any web-shell samples
Isolate testing in a controlled lab environment to prevent accidental exposure
Organize samples by language (PHP, ASP, ASPX, JSP, Python, Perl) and maintain metadata
Start with non-destructive payloads and enable comprehensive logging and rollback
Adhere to the MIT license and properly credit source; avoid unauthorized distribution

Example Use Cases

Pen-test teams use PHP/ASP/ASPX shells to validate WAF and IDS detections in a lab before production.
SOC engineers tune anomaly detection thresholds by running shell samples and verifying alert fidelity.
Malware analysts compare shell capabilities across languages to map threat actor techniques.
Forensic labs reconstruct intrusion timelines by correlating shell activity with file and process traces.
CTFs and security education programs employ SecLists Web-Shells in controlled environments for learning.

Frequently Asked Questions

Add this skill to your agents