# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/emposha/PHP-Shell-Detector

/120667kk.php
/1405674947.1405674947
/1n73ction.php
/420532shell.php
/629788tryag.php
/951078bij.php
/fatalisticz.php
/o0o.php
/azrail.php
/accept_language.php
/ahlisyurga_shell.php
/ajan.asp
/ajax_command_shell.php
/akatsuki.php
/al-marhum.php
/albanianshell.php
/andr3a.php
/antichat_shell.php
/antisecshell.php
/arab_black_hat.pl
/asmodeus.pl
/aspx-shell.aspx
/aspydrv.vb
/ayyildiz_tim.php
/b374k.php
/b64shell.php
/backdoor.php
/backdoorconnect.pl
/batavi4.php
/blindshell.c
/blood3rpriv8.php
/bogel_shell.php
/brute_force_tool.php
/buckethead.php
/c100.php
/c2007.php
/c99.php
/casus15.php
/cbot.php
/cfexec.cfm
/cgi-python.py
/cgi-shell.pl
/cgitelnet.pl
/cih.php
/clearshell.php
/cmd.asp
/cmd.aspx
/cmd.jsp
/cmd.php
/cmd.pl
/cmos_clr.php
/cocacola_shell.php
/coderz.php
/configspy.php
/connectback2.pl
/constance.php
/cpanel.php
/cristercorp_infocollector.php
/crystal.php
/cshell.php
/ctt_shell.php
/cybershell.php
/cyberspy5.asp
/darkshell.php
/dc3shell.php
/devil.php
/devilz0de.php
/devilzshell.php
/diveshell.php
/dtool.php
/dxshell.php
/efso2.asp
/egyspider.php
/ekin0x.php
/elmaliseker.asp
/elmaliseker.vbs
/empixcrew.pl
/empo.php
/entrika.php
/erne.php
/explore.asp
/extplorer.php
/fatalshell.php
/fenix.php
/filesman.php
/foreverpp.php
/fuckphpshell.php
/fx0.php
/g00nshell.php
/gammashell.pl
/gaulircbot.php
/getlinks.php
/gfs.php
/gnyshell.php
/gohack_powerserver.php
/goon.php
/gscshell.php
/h4ntu.php
/hacker.php
/hackerps.php
/harauku.php
/hiddenshell.php
/hostdevil.php
/hostdevil.pl
/hshell.php
/htaccess_shell.htaccess
/i47.php
/imhapftp.php
/includeshell.php
/indexer.asp
/indishell.php
/insomnia.aspx
/ipays777.php
/irc_bot.pl
/ironshell.php
/isko.php
/itsecteam_shell.php
/jackal.php
/javashell.py
/joomla_spam.php
/jspreverse.jsp
/jspwebshell.java
/kadotshell.php
/kaushell.php
/king511.pl
/klasvayv.asp
/kral.php
/lamashell.php
/lizozim.php
/loadshell.php
/locusshell.php
/lolipop.php
/lostdc.php
/lurm.cgi
/m1n1shell.php
/madspot.php
/mahkeme.php
/metasploit.php
/mildnet.php
/mm.php
/mohajer22.pl
/moroccan_spam.php
/mrtiger.php
/mulcishell.php
/myshell.php
/mysql.php
/mysql_adminer.php
/n3fa5t1ca.php
/nccshell.php
/networkfilemanager.php
/nexpl0rer.php
/nixshell.php
/nogrodpbot.php
/noname.php
/nshell.php
/nstview.php
/ntdaddy.asp
/obet.php
/onboomshell.php
/orbshell.php
/pas.php
/pbot.php
/perlbot.pl
/perlwebshell.pl
/phantasma.php
/php_mailer.php
/phpbackdoor.php
/phpemailer.php
/phpfilemanager.php
/phpmyadmin_exploit.php
/phpshell.php
/phpspy.php
/phvayv.php
/phytonshell.py
/postman.php
/powerdreamshell.asp
/priv8_scr.pl
/pwnshell.jsp
/pzadv.php
/qreyfurt.aspx
/r3laps3.php
/r57.php
/rader.asp
/remoteshell.php
/remoteview.php
/removexplorer.vb
/reverse_shell.php
/rhtool.asp
/rootshell.php
/s72shell.php
/safemode.php
/savefile.php
/scanner_jatimcrew.pl
/sec4ever.php
/sempak.php
/server_config.php
/shell_commander.php
/shell_exploit.php
/shell_uploader.php
/shellarchive.php
/shellatildi.php
/shellbot.pl
/simattacker.php
/simple_shell.php
/simshell.php
/sincap.php
/smartshell.asp
/smtpd.py
/snipershell.php
/spam.php
/spam_trustapp.php
/spyshell.php
/sroshell.php
/stakershell.php
/stressbypass.php
/stunshell.php
/symlink.php
/tbdsecurity.php
/tdshell.php
/teamps.php
/teamsql.php
/telnet.pl
/telnetd.pl
/troyan.php
/tryag.php
/udpflooder.php
/unitxshell.pl
/us3rspl.pl
/v0ld3m0r.php
/v0ld3m0rt.php
/variables.asp
/w3dshell.php
/wacking.php
/webadmin.php
/webmysql.php
/webroot.php
/webshell.php
/winx.php
/wordpress_exploit.php
/worse.php
/wso.php
/xinfo.php
/zaco.php
/zehir4.asp
/zehir4.php

# Reference: https://github.com/ismailtasdelen/shell-backdoor-list/tree/master/shell/asp

/aspcmd.asp
/kacak.asp
/newaspcmd.asp
/pouya.asp

# Reference: https://twitter.com/killamjr/status/1191923979549921280

/cxxz.php

# Reference: https://twitter.com/ANeilan/status/1232283590114840576
# Reference: https://pastebin.com/8LL4Hg9e
# Reference: https://pastebin.com/trRiwBKQ

/sh.php

# Reference: https://twitter.com/malwrhunterteam/status/1241318536280227844

/shellcode.php
/shellcode.txt

# Reference: https://securelist.com/energetic-bear-crouching-yeti/85345/

/code29.php
/proxy87.php

# Reference: https://paste.ee/r/v9aRR/0

/shell.php

# Reference: https://twitter.com/jstrosch/status/1255898007377231873

/cxz.php

# Reference: https://twitter.com/Marco_Ramilli/status/1315327238255116288

/shell202007281.php

# Reference: https://twitter.com/ecarlesi/status/1344217410052579328

/ARS.shell.php
/C99.shell.php
/R57.shell.php
/WSO2.shell.php

# Misc.

rst.void.ru
r57.gen.tr
r57.biz
xshellz.com
c99shellphp.com
r57c99.com
c99php.com
localroot.net
shells.altervista.org
podathon.org/shell/

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshell-with-ransomware-capabilities/

/webshell/shell.php

# Reference: https://twitter.com/jstrosch/status/1338891751285788672

/aboz.php
/ass.php
