A modern, feature-rich, and single-file web shell for penetration testers and security professionals.
Features • Installation & Usage • Disclaimer
CYSHELL is a powerful, self-contained PHP web shell designed for modern web environments. It packs a comprehensive suite of features into a single file, providing a clean, responsive, and intuitive interface for remote server management, post-exploitation, and privilege escalation.
CYSHELL comes equipped with a variety of tools to streamline your workflow on a target system.
| Feature | Description |
|---|---|
| 🔐 Auth Protected | Secure login page to prevent unauthorized access. Remember to change the default password! |
| 📂 File Explorer | A full-featured, AJAX-powered file manager to navigate, view, edit, and manage files and directories. Supports create, delete, and modify. |
| 💻 Command Execution | Execute shell commands directly on the target server with a persistent output terminal. |
| 🧠 System Information | Gathers detailed system, user, and network information for both Linux/Unix and Windows targets. |
| 🚀 Privesc Tools Hub | One-click downloader for popular privilege escalation scripts like linPEAS, winPEAS, and PowerSploit. Also supports custom URLs. |
| 📝 Built-in Editor | Edit files on the fly with a CodeMirror-powered editor featuring syntax highlighting. |
| 💅 Modern UI | Built with TailwindCSS and Alpine.js for a responsive, single-page application experience without page reloads. |
| 📦 Single File | All functionality is packed into a single, easy-to-deploy PHP file. |
Getting started with CYSHELL is incredibly simple.
-
Change Password: Open
CYSHELL.phpand change the default password on line 7:const APP_PASSWORD = 'YOUR_NEW_PASSWORD_HERE';
-
Permissions: Change file permission for execution rights (optional).
-
Upload: Place the
CYSHELL.phpfile onto your target web server. -
Access: Navigate to the script's URL in your web browser (e.g.,
http://target-server.com/CYSHELL.php). -
Login: Use the password you set to log in and access the shell's features.
This tool is intended for authorized security testing and educational purposes only. Unauthorized use of this tool on systems you do not own or have explicit permission to test is illegal. The author is not responsible for any misuse or damage caused by this script. Always act ethically and responsibly.