Shell-Finder.php

md5: 46da915b4430d630e5d464264e851103

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
error_reporting (Deobfuscated, Original, Traces)
phpinfo (Deobfuscated, Original)

Input
_POST (Deobfuscated, Original)

URLs
ftp.txt (Deobfuscated, Original)
https://onedetermination.com/ (Deobfuscated, HTML, Original)
www.php (Deobfuscated, Original)

Deobfuscated PHP code

<?php 
$judul = @Shell_Finder;
include 'sec.php';
error_reporting(0);
?>
<div class="container">
  <div class="row">
  <div class="col">
  <div class="card">
    <div class="card-header"><p><?php 
echo "Shell Finder";
?></p></div>
    <div class="card-body">
      <div class="table-responsive">
          
          <form method="POST" action="<?php 
$PHP_SELF;
?>">
<label>Url</label><br><input type="text" class="form-control text-primary"  name="url"  autocomplete="off" placeholder="https://onedetermination.com/"></font><br>
    <input type="submit" class="btn btn-outline-primary" name="submit" value="Start"/>
</form><br>
<p>Result:</p>
<?php 
function xss_protect($data, $strip_tags = false, $allowed_tags = "")
{
    if ($strip_tags) {
        $data = strip_tags($data, $allowed_tags . "<b>");
    }
    if (stripos($data, "script") !== false) {
        $result = str_replace("script", "scr<b></b>ipt", htmlentities($data, ENT_QUOTES));
    } else {
        $result = htmlentities($data, ENT_QUOTES);
    }
    return $result;
}
function urlExist($url)
{
    $handle = curl_init($url);
    if (false === $handle) {
        return false;
    }
    curl_setopt($handle, CURLOPT_HEADER, false);
    curl_setopt($handle, CURLOPT_FAILONERROR, true);
    curl_setopt($handle, CURLOPT_HTTPHEADER, array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15"));
    // request as if Firefox
    curl_setopt($handle, CURLOPT_NOBODY, true);
    curl_setopt($handle, CURLOPT_RETURNTRANSFER, false);
    $connectable = curl_exec($handle);
    curl_close($handle);
    return $connectable;
}
if (isset($_POST['submit']) && isset($_POST['url'])) {
    $url = htmlentities(xss_protect($_POST['url']));
    if (filter_var($url, FILTER_VALIDATE_URL)) {
        $trying = array('/madspot.php', '/mad.php', '/404.php', '/anon.php', '/anonymous.php', '/shell.php', '/sh3ll.php', '/madspotshell.php', '/b374k.php', '/c100.php', '/priv8.php', '/private.php', '/cp.php', '/cpbrute.php', '/themes/404/404.php', '/templates/atomic/index.php', '/templates/beez5/index.php', '/hacked.php', '/r57.php', '/wso.php', '/WSO.php', '/wso24.php', '/wso26.php', '/wso404.php', '/sym.php', '/symsa2.php', '/sym3.php', '/whmcs.php', '/whmcskiller.php', '/cracker.php', '/1.php', '/2.php', '/sql.php', '/gaza.php', '/database.php', '/a.php', '/d.php', '/dz.php', '/cpanel.php', '/system.php', '/um3r.php', '/zone-h.php', '/c22.php', '/root.php', '/r00t.php', '/doom.php', '/dam.php', '/killer.php', '/user.php', '/wp-content/plugins/disqus-comment-system/disqus.php', '/cpn.php', '/shelled.php', '/uploader.php', '/up.php', '/xd.php', '/d00.php', '/h4xor.php', '/tmp/mad.php', '/tmp/1.php', '/wp-content/plugins/akismet/akismet.php', '/images/stories/w.php', '/w.php', '/downloads/dom.php', '/templates/ja-helio-farsi/index.php', '/wp-admin/m4d.php', '/d.php', 'WSO.php', 'alfashell.php', 'alfa.php', 'shell.php', 'mini.php', 'mini.phtml', 'minishell.phtml', 'dz.php', 'xxx.php', 'x.php', 'heker.php', 'indosec.php', 'sec.php', '0x.php', 'memek.php', 'sym.php', 'sym403.php', 'tolol.php', 'x.php', 'r99.php', 'lol.php', 'jo.php', 'nikung.php', 'whmcs.php', 'shellz.php', 'd0main.php', 'd0mains.php', 'users.php', 'Cgishell.php', 'killer.php', 'changeall.php', '2.php', 'Sh3ll.php', 'dz0.php', 'dam.php', 'user.php', 'dom.php', 'whmcs.php', 'vb.zip', 'evil.php', 'eviltwin.php', 'zx.php', 'kntl.php', 'kuntul.php', 'r00t.php', 'c99.php', 'gaza.php', '1.php', 'wp.zip', 'd00.php', 'admins.php', 'admins.php', 'wp.zip', 'wso2.5.1', 'pasir.php', 'pasir2.php', 'up.php', 'cok.php', 'newfile.php', 'upl.php', '.php', 'a.php', 'crot.php', 'kontol.php', 'hmei7.php', 'jembut.php', 'memek.php', 'tai.php', 'rabit.php', 'indoxploit.php', 'a.php', 'hemb.php', 'hack.php', 'galau.php', 'HsH.php', 'indoXploit.php', 'asu.php', 'wso.php', 'lol.php', 'berandal.php', 'rabbit.php', '1n73ction.php', 'k.php', 'mailer.php', 'mail.php', 'temp.php', 'c.php', 'd.php', 'IDB.php', 'indo.php', 'indonesia.php', 'semvak.php', 'ndasmu.php', 'berandal.php', 'as.php', 'ad.php', 'aa.php', 'file.php', 'peju.php', 'sad.php', 'sadboy.php', 'wsa.php', 'z.php', 'min.php', 'alf4.php', 'priv.php', ' priv8.php', 'boyshell.php', 'evil.php', 'api.php', 'evilshell.php', 'uploader.php', 'r57.php', 'mini.php', 'ms.php', '404.php', 'c99.php', 'WSO.php', 'dz.php', 'w.php', 'w.php', '12..php', 'shell.php', 'cpanel.php', 'cpn.php', 'sql.php', 'mysql.php', 'config.php', 'configuration.php', 'madspot.php', 'Cgishell.plkiller.php', 'changeall.php', '2.php', 'Sh3ll.php', 'dz0.php', 'dam.phpuser.php', 'dom.phpwhmcs.php', 'r00t.php', '1.php', 'a.php', 'r0k.php', 'abc.php', 'egy.php', 'syrian_shell.php', 'xxx.php', 'settings.php', 'tmp.php', 'cyber.php', 'r57.php', 'gaza.php', '1.php', 'd4rk.php', 'index1.php', 'nkr.php', 'xd.php', 'M4r0c.php', 'Dz.php', 'sniper.php', 'ksa.php', 'okay.php', '4ever.php', 'b374k.php', 'bbb.php', 'includes/WSO.php', 'includes/r57.php', 'includes/b374k.php', 'includes/c99.php', 'includes/r00t.php', 'shell.php', 'images/3xp.php', 'images/WSO.php', 'images/b374k.php', 'images/r57.php', 'v4team.php', 'offline.php', 'p8.php', 'rr57.php', 'myshell.php', 'yourshell.php', 'sheller.php', 'mysheller.php', 'priv8.php', '911.php', 'madspotshell.php', 'madspot.php', 'c100.php', 'sym.php', 'cp.php', 'tmp/cpn.php', 'tmp/w.php', 'tmp/r57.php', 'tmp/king.php', 'tmp/sok.php', 'tmp/ss.php', 'tmp/as.php', 'tmp/dz.php', 'tmp/r1z.php', 'tmp/whmcs.php', 'tmp/root.php', 'tmp/r00t.php', 'tmp/uploads.php', 'tmp/upload.php', 'tmp/sa.php', 'sa.php', 'readme.php', 'tmp/readme.php', 'd0mains.php', 'madspotshell.php', 'info.php', 'egyshell.php', 'Sym.php', 'c22.php', 'c100.php', 'configuration.php', 'g.php', 'xx.pl', 'ls.php', 'Cpanel.php', 'k.phpzone-h.php', 'tmp/user.phptmp/Sym.php', 'cp.php', 'tmp/madspotshell.php', 'tmp/root.php', 'tmp/whmcs.php', 'tmp/index.php', 'tmp/2.php', 'tmp/dz.php', 'tmp/cpn.php', 'tmp/changeall.php', 'tmp/Cgishell.pl', 'tmp/sql.php', '0day.php', 'tmp/admin.php', 'cliente/downloads/h4xor.php', 'whmcs/downloads/dz.php', 'L3b.php', 'd.php', 'tmp/d.php', 'tmp/L3b.php', 'sado.php', 'admin1.php', 'upload.php', 'up.php', 'vb.zipvb.rar', 'admin2.asp', 'uploads.php', 'sa.php', 'sysadmins/admin1/sniper.php', 'administration/Sym.php', 'images/Sym.php', 'r57.php', 'gzaa_spyslsql-new.php', 'shell.php', 'sa.php', 'admin.php', 'sa2.php', '2.php', 'gaza.php', 'up.php', 'upload.php', 'uploads.php', 'shell.php', 'amad.php', 't00.php', 'dz.php', 'site.rar', 'Black.php', 'BlackMass.asp', 'test.txt', 'ftp.txt', 'user.txt', 'vb.sql', 'forum.sqlr00t-s3c.php', 'c.php', 'backup.sql', 'back.sql', 'data.sql', 'tmp/vaga.php', 'tmp/killer.php', 'whmcs.php', 'abuhlail.php', 'tmp/killer.php', 'tmp/domaine.pl', 'tmp/domaine.php', 'tmp/d0maine.php', 'd0maine.php', 'tmp/sql.php', 'X.php', '123.php', 'm.php', 'b.php', 'tmp/dz1.php', 'dz1.php', 'forum.zip', 'Symlink.php', 'Symlink.pl', 'forum.rarjoomla.zipjoomla.rar', 'wp.php', 'buck.sql', 'sysadmin.php', 'images/c99.php', 'xd.php', 'c100.php', 'spy.aspxxd.phptmp/xd.php', 'sym/root/home/billing/killer.php', 'tmp/upload.phptmp/admin.php', 'Server.php', 'tmp/uploads.php', 'tmp/up.php', 'Server/wp-admin/c99.php', 'tmp/priv8.php', 'priv8.php', 'cgi.pl', 'tmp/cgi.pl', 'downloads/dom.php', 'webadmin.html', 'admins.php', 'bluff.php', 'admins.php', 'a.php', 'z.php', 'e.php', 'r.php', 't.php', 'y.php', 'u.php', 'i.php', 'o.php', 'p.php', 'q.php', 's.php', 'd.php', 'f.php', 'g.php', 'h.php', 'j.php', 'k.php', 'l.php', 'm.php', 'w.php', 'x.php', 'c.php', 'v.php', 'b.php', 'n.php', '1.php', '2.php', '3.php', '4.php', '5.php', '6.php', '7.php', '8.php', '9.php', '10.php', '12.php', '11.php', '1234.php', 'tmp.php', 'tmp/', 'tmp/2.php', 'tmp/access.log', 'tmp/access_log', 'tmp/admin.php', 'tmp/cache/models/', 'tmp/cache/persistent/', 'tmp/cache/views/', 'tmp/cgi.pl', 'tmp/Cgishell.pl', 'tmp/changeall.php', 'tmp/cpn.php', 'tmp/d.php', 'tmp/d0maine.php', 'tmp/domaine.php', 'tmp/domaine.pl', 'tmp/dz.php', 'tmp/dz1.php', 'tmp/error.log', 'tmp/error_log', 'tmp/index.php', 'tmp/killer.php', 'tmp/L3b.php', 'tmp/madspotshell.php', 'tmp/nanoc/', 'tmp/priv8.php', 'tmp/root.php', 'tmp/sessions/', 'tmp/sql.php', 'tmp/Sym.php', 'tmp/tests/', 'tmp/up.php', 'tmp/upload.php', 'tmp/uploads.php', 'tmp/user.php', 'tmp/vaga.php', 'tmp/whmcs.php', 'tmp/xd.php', 'tools.php', 'helix.php', 'alfa.php', 'alfa-v3-encoded.php', 'alfa1.php', 'xmlrpc1.php', 'wp-ingfo.php', 'wp-info.php', 'Privshell.php', 'blank.php', 'Blank.php', 'b.php', 'r.php', 's.php', 'u.php', 'y.php', 'k.php', 'l.php', 'i.php', 'o.php', 'm.php', 'j.php', 'c.php', 'z.php', 'q.php', 'e.php', 'w.php', 't.php', 'r.php', 'f.php', 'd.php', 'ok.php', '1.php', '2.php', '3.php', '4.php', '5.php', '7.php', '6.php', '8.php', '9.php', '0.php', '00.php', 'herp.php', 'nptice.php', 'tuyul.php', 'nikung.php', 'tertykung.php', 'codrs.php', 'jingan.php', 'chan.php', 'kntl.php', 'losX.php', 'mom.php', 'sad.php', 'uploads/ok.php', 'upload/ok.php', 'upload/up.php', 'upload/shell.php', 'upload/idx.php', 'upload/ind.php', 'upload/v.php', 'upload/sym.php', 'upload/gallers.php', 'upload/bekdur.php', 'upload/file/up.php', 'upload/file/wso.php', 'upload/file/test.php', 'upload/file/WSO.php', 'upload/file/123.php', 'upload/file/uploader.php', 'upload/file/upload.php', 'upload/file/zero.php', 'upload/file/ups.php', 'upload/file/tmp.php', 'upload/file/jump.php', 'upload/file/x.php', 'upload/file/X.php', 'upload/file/idx.php', 'upload/file/b3ca7k.php', 'upload/file/indo.php', 'upload/file/asu.php', 'upload/file/dhanush.php', 'upload/file/aaa.php', 'upload/file/az.php', 'upload/file/xxx.php', 'upload/file/curl.php', 'upload/file/root.php', 'upload/file/asu.php', 'upload/file/id.php', 'upload/file/minishell.php', 'upload/file/kill.php', 'upload/file/0.php', 'upload/file/alone.php', 'upload/file/hex.php', 'upload/file/500.php', 'upload/file/error.php', 'upload/file/406.php', 'upload/file/fuck.php', 'upload/file/zzz.php', 'images/WSO.php', 'images/dz.php', 'images/DZ.php', 'images/cpanel.php', 'images/cpn.php', 'images/sos.php', 'images/term.php', 'images/Sec-War.php', 'images/sql.php', 'images/ssl.php', 'images/mysql.php', 'images/WolF.php', 'images/madspot.php', 'images/Cgishell.pl', 'images/killer.php', 'images/changeall.php', 'images/2.php', 'images/Sh3ll.php', 'images/dz0.php', 'images/dam.php', 'images/user.php', 'images/dom.php', 'images/whmcs.php', 'images/vb.zip', 'images/sa.php', 'images/sysadmins/', 'images/admin1/', 'images/sniper.php', 'images/images/Sym.php', 'images//r57.php', 'images/gzaa_spysl', 'images/sql-new.php', 'images/shell.php', 'images/sa.php', 'images/admin.php', 'images/sa2.php', 'images/2.php', 'images/user.txt', 'images/site.txt', 'images/error_log', 'images/error', 'images/site.sql', 'images/vb.sql', 'images/forum.sql', 'images/r00t-s3c.php', 'images/c.php', 'images/backup.sql', 'images/back.sql', 'images/data.sql', 'images/tmp/vaga.php', 'images/tmp/killer.php', 'images/whmcs.php', 'images/abuhlail.php', 'images/tmp/killer.php', 'images/tmp/domaine.pl', 'images/tmp/domaine.php', 'images/useradmin/', 'images/tmp/d0maine.php', 'images/d0maine.php', 'images/tmp/sql.php', 'images/X.php', 'images/123.php', 'images/m.php', 'images/b.php', 'images/up.php', 'images/tmp/dz1.php', 'images/dz1.php', 'images/Symlink.php', 'images/Symlink.pl', 'images/joomla.zip', 'images/wp.php', 'images/buck.sql', 'includes/WSO.php', 'includes/dz.php', 'includes/DZ.php', 'includes/cpanel.php', 'includes/cpn.php', 'includes/sos.php', 'includes/term.php', 'includes/Sec-War.php', 'includes/sql.php', 'includes/ssl.php', 'includes/mysql.php', 'includes/WolF.php', 'includes/madspot.php', 'includes/Cgishell.pl', 'includes/killer.php', 'includes/changeall.php', 'includes/2.php', 'includes/Sh3ll.php', 'includes/dz0.php', 'includes/dam.php', 'includes/user.php', 'includes/dom.php', 'includes/whmcs.php', 'includes/vb.zip', 'includes/r00t.php', 'includes/c99.php', 'includes/gaza.php', 'includes/1.php', 'includes/d0mains.php', 'includes/madspotshell.php', 'includes/info.php', 'includes/egyshell.php', 'includes/Sym.php', 'includes/c22.php', 'includes/c100.php', 'includes/configuration.php', 'includes/g.php', 'includes/xx.pl', 'includes/ls.php', 'includes/Cpanel.php', 'includes/k.php', 'includes/zone-h.php', 'includes/tmp/user.php', 'includes/tmp/Sym.php', 'includes/cp.php', 'includes/tmp/madspotshell.php', 'includes/tmp/root.php', 'includes/tmp/whmcs.php', 'includes/tmp/index.php', 'includes/tmp/2.php', 'includes/tmp/dz.php', 'includes/tmp/cpn.php', 'includes/tmp/changeall.php', 'includes/tmp/Cgishell.pl', 'includes/tmp/sql.php', 'includes/0day.php', 'includes/tmp/admin.php', 'includes/L3b.php', 'includes/d.php', 'includes/tmp/d.php', 'includes/tmp/L3b.php', 'includes/sado.php', 'includes/admin1.php', 'includes/upload.php', 'includes/up.php', 'includes/vb.zip', 'includes/vb.rar', 'includes/admin2.asp', 'includes/uploads.php', 'includes/sa.php', 'includes/sysadmins/', 'includes/admin1/', 'includes/sniper.php', 'includes/images/Sym.php', 'includes//r57.php', 'includes/gzaa_spysl', 'includes/sql-new.php', 'includes//shell.php', 'includes//sa.php', 'includes//admin.php', 'includes//sa2.php', 'includes//2.php', 'includes//gaza.php', 'includes//up.php', 'includes//upload.php', 'includes//uploads.php', 'includes/shell.php', 'includes//amad.php', 'includes//t00.php', 'includes//dz.php', 'includes//site.rar', 'includes//Black.php', 'includes//site.tar.gz', 'includes//home.zip', 'includes//home.rar', 'includes//home.tar', 'includes//home.tar.gz', 'includes//forum.zip', 'includes//forum.rar', 'includes//forum.tar', 'includes//forum.tar.gz', 'includes//test.txt', 'includes//ftp.txt', 'includes//user.txt', 'includes//site.txt', 'includes//error_log', 'includes//error', 'includes//cpanel', 'includes//awstats', 'includes//site.sql', 'includes//vb.sql', 'includes//forum.sql', 'includes/r00t-s3c.php', 'includes/c.php', 'includes//backup.sql', 'includes//back.sql', 'includes//data.sql', 'includes/wp.rar/', 'includes/asp.aspx', 'includes/tmp/vaga.php', 'includes/tmp/killer.php', 'includes/whmcs.php', 'includes/abuhlail.php', 'includes/tmp/killer.php', 'includes/tmp/domaine.pl', 'includes/tmp/domaine.php', 'includes/useradmin/', 'includes/tmp/d0maine.php', 'includes/d0maine.php', 'includes/tmp/sql.php', 'includes/X.php', 'includes/123.php', 'includes/m.php', 'includes/b.php', 'includes/up.php', 'includes/tmp/dz1.php', 'includes/dz1.php', 'includes/forum.zip', 'includes/Symlink.php', 'includes/Symlink.pl', 'includes/joomla.zip', 'includes/joomla.rar', 'includes/wp.php', 'includes/buck.sql', 'includes/sysadmin.php', 'includes/images/c99.php', 'includes/xd.php', 'includes/c100.php', 'includes/spy.aspx', 'includes/xd.php', 'includes/tmp/xd.php', 'includes/sym/root/home/', 'includes/billing/killer.php', 'includes/tmp/upload.php', 'includes/tmp/admin.php', 'includes/Server.php', 'includes/tmp/uploads.php', 'includes/tmp/up.php', 'includes/Server/', 'includes/wp-admin/c99.php', 'includes/tmp/priv8.php', 'includes/priv8.php', 'includes/cgi.pl/', 'includes/tmp/cgi.pl', 'includes/downloads/dom.php', 'includes/webadmin.html', 'includes/admins.php', 'includes/bluff.php', 'includes/king.jeen', 'includes/admins/', 'includes/admins.asp', 'includes/admins.php', 'includes/wp.zip', 'includes/', 'upload.php', 'admin/upload.php', 'shell.php', 'up.php', 'uploader.php', 'a.php', '123.php', 'test.php', 'minishell.php', '0.php', 'wso.php', 'error_log', 'tools.php', 'r00t.php', 'admin/error_log', 'access_log', 'phpinfo.php', 'info.php', 'xxx.php', 'indo.php', 'idx.php', 'sym.py', 'dir/', 'lib/', 'tmp/', 'includes/', 'log/error_log', 'log/error.log', 'log/www-error.log', 'include/', 'Scripts/', 'test/', 'sym/root/home/', 'chonx_sym/', 'chonx_root/', 'web/', 'upload/', 'images/', 'img/', 'inc/', 'js/', 'php/', 'symlink/', 'sym/', 'idx_config/', 'config/', 'Log/', 'cox_config/', 'sym_config/', 'noname_config/', 'idx_symconf/', 'symconf/', 'root/', 'file/', 'files/', 'config.txt', 'asu.php', 'index.php', 'index.php/?login', 'db.php', 'README.txt', 'include/config.php', 'config.php', 'logs', 'indoxploit.php', 'index1.php', 'index.html', 'sh3ll.php', 'up.html', 'script.php', 'fuck.php', 'dir.php', '406.php', '403.php', '500.php', 'accounts.php', 'bekdur.php', 'notfound.php', 'not_acceptable.php', '1337.php', '1n73ct10n.php', 'b374k.php', 'admin_home.php', 'home_admin.php', 'shell.php', 'zeeb.php', 'dz.php', 'xd.php', 'images/up.php', 'images/upload.php', 'files/up.php', 'file/upload.php', 'files/shell.php', 'files/uploader.php', 'files/indexx.php', 'file/up.php', 'file/uplod.php', 'file/wso.php', 'file/idx.php', 'file/up1.php', '13.php', 'killer.php', 'Sh3ll.php', 'new.php', 'Sym.php', 'dom.php', 'zero.php', 'priv8.php', 'jembut.php', 'v4ga.php', 'backup.zip', 's3c.php', 'madspotshell.php', 'sa.php', 'x.php', 'noname.php', 'kntol.php', 'WSO.php', 'IndoXploit.php', 'bajingan.php', 'c99.php', 'X.php', 'Good.php', 'pas.phtml', 'pas.php', 'abc.php', 'indexx.php', 'browse.php', 'up1.php', 'haha.php', 'z.php', 'gaza.php', 'sc.php', '1234.php', 'fvck.php', 'error.php', '0x.php', 'up.php5', 'shell.php5', 'inc/config.php', 'ix.php', '-.php', 'id.php', 'r0x.php', 'bn.php', 'dm.php', 'gator.php', 'mail.php', 'mailer.php', 'perlcgi.pl', 'php.ini', 'modul.php', 'wso1.php', 'wp.php', 'configuration.php', 'c.php', 'tai.php', 'root.php', 'www.php', 'x13.php', 'ntaps.php', 'tools.php', 'zip.php', '@.php', 'ea.php', 'aaaa.php', 'cinfo.php', 'by.php', 'celeng.php', 'jmbt.php', 'newfile.php', 'maho.php', 'mia.php', 'pro.php', 'qwe.php', 'shell_finder.php', '11.php', 'cfinder.php', 'title.php', 'edit.php', 's.php', 'wp.zip', 'xmlrpc.php', 'pasired.php', 'pass.php', 'adm.php', 'adminer.php', 'Cpanel.php', 'cpanel.php', 'noob.php', '..php', 'b2.php', 'lol.php', 'Lol.php', 'dhanush.php', 'asw.php', 'mini.php5', 'ler.php', 'def.php', 'ex.php', 'noname.php', 'unknown.php', 'anon.php', 'sel.php', 'extremecrw.php', 'indx.php', '14.php', '6.php', 'angel.php', 'bv7binary.php', 'c100.php', 'r57.php', 'webroot.php', 'h4cker.php', 'gazashell.php', 'locus7shell.php', 'syrianshell.php', 'injection.php', 'cyberwarrior.php', 'ernebypass.php', 'g6shell.php', 'pouyaserver.php', 'saudishell.php', 'simattacker.php', 'sosyeteshell.php', 'tryagshell.php', 'uploadshell.php', 'wsoshell.php', 'zehir4shell.php', 'lostdcshell.php', 'commandshell.php', 'mailershell.php', 'cwshell.php', 'iranshell.php', 'indishell.php', 'g6sshell.php', 'sqlshell.php', 'simshell.php', 'tryagshell.php', 'zehirshell.php', 'k2ll33d.php', 'b1n4ry.php', '12.php', 'default.php', 'blank.php');
        foreach ($trying as $sec) {
            $urll = $url . '/' . $sec;
            if (urlExist($urll)) {
                echo '<br><div class="alert alert-info"><b class="text-success">Found Shell <a href=' . $urll . ' target="_blank">' . $urll . '</a></b><br></div>';
            } else {
            }
        }
        echo "<b class=\"text-danger\" >Done</b>";
    } else {
        echo "<b >URL NOT VALID</p>";
    }
}
Execution traces
data/traces/46da915b4430d630e5d464264e851103_trace-1676238586.6806.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:50:12.578433]
1	0	1	0.000137	393576
1	3	0	0.000539	519136	{main}	1		/var/www/html/uploads/Shell-Finder.php	0	0
1		A						/var/www/html/uploads/Shell-Finder.php	3	$judul = 'Shell_Finder'
2	4	0	0.000630	519184	error_reporting	0		/var/www/html/uploads/Shell-Finder.php	5	1	0
2	4	1	0.000646	519224
2	4	R			22527
2	5	0	0.000660	519184	str_replace	0		/var/www/html/uploads/Shell-Finder.php	11	3	'_'	' '	'Shell_Finder'
2	5	1	0.000675	519320
2	5	R			'Shell Finder'
1	3	1	0.000691	519184
			0.000735	321088
TRACE END   [2023-02-12 19:50:12.579058]

Generated HTML code
<html><head></head><body><div class="container">
  <div class="row">
  <div class="col">
  <div class="card">
    <div class="card-header"><p>Shell Finder</p></div>
    <div class="card-body">
      <div class="table-responsive">
          
          <form method="POST" action="">
<label>Url</label><br><input type="text" class="form-control text-primary" name="url" autocomplete="off" placeholder="https://onedetermination.com/"><br>
    <input type="submit" class="btn btn-outline-primary" name="submit" value="Start">
</form><br>
<p>Result:</p>
</div></div></div></div></div></div></body></html>
Original PHP code

<?php
$judul=@Shell_Finder;
include'sec.php';
error_reporting(0);
?>
<div class="container">
  <div class="row">
  <div class="col">
  <div class="card">
    <div class="card-header"><p><?php echo str_replace("_", " ", "$judul"); ?></p></div>
    <div class="card-body">
      <div class="table-responsive">
          
          <form method="POST" action="<?php $PHP_SELF; ?>">
<label>Url</label><br><input type="text" class="form-control text-primary"  name="url"  autocomplete="off" placeholder="https://onedetermination.com/"></font><br>
    <input type="submit" class="btn btn-outline-primary" name="submit" value="Start"/>
</form><br>
<p>Result:</p>
<?php
function xss_protect($data, $strip_tags = false, $allowed_tags = "") { 
    if($strip_tags) {
  $data = strip_tags($data, $allowed_tags . "<b>");
    }

    if(stripos($data, "script") !== false) { 
  $result = str_replace("script","scr<b></b>ipt", htmlentities($data, ENT_QUOTES)); 
    } else { 
  $result = htmlentities($data, ENT_QUOTES); 
    } 

    return $result;
}
function urlExist($url)
{
    $handle   = curl_init($url);
    if (false === $handle)
    {
    return false;
    }
    curl_setopt($handle, CURLOPT_HEADER, false);
    curl_setopt($handle, CURLOPT_FAILONERROR, true);
    curl_setopt($handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") ); // request as if Firefox
    curl_setopt($handle, CURLOPT_NOBODY, true);
    curl_setopt($handle, CURLOPT_RETURNTRANSFER, false);
    $connectable = curl_exec($handle);
    curl_close($handle);
    return $connectable;
}
    if(isset($_POST['submit']) && isset($_POST['url']))
    {
  $url= htmlentities(xss_protect($_POST['url']));
  if(filter_var($url, FILTER_VALIDATE_URL))
  {
    $trying = array('/madspot.php','/mad.php','/404.php','/anon.php','/anonymous.php','/shell.php','/sh3ll.php','/madspotshell.php','/b374k.php','/c100.php','/priv8.php','/private.php','/cp.php','/cpbrute.php','/themes/404/404.php','/templates/atomic/index.php','/templates/beez5/index.php','/hacked.php','/r57.php','/wso.php','/WSO.php','/wso24.php','/wso26.php','/wso404.php','/sym.php','/symsa2.php','/sym3.php','/whmcs.php','/whmcskiller.php','/cracker.php','/1.php','/2.php','/sql.php','/gaza.php','/database.php','/a.php','/d.php','/dz.php','/cpanel.php','/system.php','/um3r.php','/zone-h.php','/c22.php','/root.php','/r00t.php','/doom.php','/dam.php','/killer.php','/user.php','/wp-content/plugins/disqus-comment-system/disqus.php','/cpn.php','/shelled.php','/uploader.php','/up.php','/xd.php','/d00.php','/h4xor.php','/tmp/mad.php','/tmp/1.php','/wp-content/plugins/akismet/akismet.php','/images/stories/w.php','/w.php','/downloads/dom.php','/templates/ja-helio-farsi/index.php','/wp-admin/m4d.php','/d.php','WSO.php', 'alfashell.php', 'alfa.php', 'shell.php', 'mini.php', 'mini.phtml', 'minishell.phtml', 'dz.php', 'xxx.php', 'x.php', 'heker.php', 'indosec.php', 'sec.php', '0x.php', 'memek.php', 'sym.php', 'sym403.php', 'tolol.php', 'x.php', 'r99.php', 'lol.php', 'jo.php', 'nikung.php', 'whmcs.php', 'shellz.php', 'd0main.php', 'd0mains.php', 'users.php', 'Cgishell.php', 'killer.php', 'changeall.php', '2.php', 'Sh3ll.php', 'dz0.php', 'dam.php', 'user.php', 'dom.php', 'whmcs.php', 'vb.zip', 'evil.php', 'eviltwin.php', 'zx.php', 'kntl.php', 'kuntul.php', 'r00t.php', 'c99.php', 'gaza.php', '1.php', 'wp.zip','d00.php','admins.php', 'admins.php', 'wp.zip', 'wso2.5.1', 'pasir.php', 'pasir2.php', 'up.php', 'cok.php', 'newfile.php', 'upl.php', '.php', 'a.php', 'crot.php', 'kontol.php', 'hmei7.php', 'jembut.php', 'memek.php', 'tai.php', 'rabit.php', 'indoxploit.php', 'a.php', 'hemb.php', 'hack.php', 'galau.php', 'HsH.php', 'indoXploit.php', 'asu.php', 'wso.php', 'lol.php', 'berandal.php', 'rabbit.php', '1n73ction.php', 'k.php', 'mailer.php', 'mail.php', 'temp.php', 'c.php', 'd.php', 'IDB.php', 'indo.php', 'indonesia.php', 'semvak.php', 'ndasmu.php', 'berandal.php', 'as.php', 'ad.php', 'aa.php', 'file.php', 'peju.php', 'sad.php', 'sadboy.php', 'wsa.php', 'z.php', 'min.php', 'alf4.php', 'priv.php', ' priv8.php', 'boyshell.php', 'evil.php', 'api.php', 'evilshell.php', 'uploader.php','r57.php', 'mini.php', 'ms.php', '404.php', 'c99.php', 'WSO.php', 'dz.php', 'w.php', 'w.php', '12..php', 'shell.php', 'cpanel.php', 'cpn.php', 'sql.php', 'mysql.php', 'config.php', 'configuration.php', 'madspot.php', 'Cgishell.plkiller.php', 'changeall.php', '2.php', 'Sh3ll.php', 'dz0.php', 'dam.phpuser.php', 'dom.phpwhmcs.php', 'r00t.php', '1.php', 'a.php', 'r0k.php', 'abc.php', 'egy.php', 'syrian_shell.php', 'xxx.php', 'settings.php', 'tmp.php', 'cyber.php', 'r57.php', 'gaza.php', '1.php', 'd4rk.php', 'index1.php', 'nkr.php', 'xd.php', 'M4r0c.php', 'Dz.php', 'sniper.php', 'ksa.php', 'okay.php', '4ever.php', 'b374k.php', 'bbb.php', 'includes/WSO.php', 'includes/r57.php', 'includes/b374k.php', 'includes/c99.php', 'includes/r00t.php', 'shell.php', 'images/3xp.php', 'images/WSO.php', 'images/b374k.php', 'images/r57.php', 'v4team.php', 'offline.php', 'p8.php', 'rr57.php', 'myshell.php', 'yourshell.php', 'sheller.php', 'mysheller.php', 'priv8.php', '911.php', 'madspotshell.php', 'madspot.php', 'c100.php', 'sym.php', 'cp.php', 'tmp/cpn.php', 'tmp/w.php', 'tmp/r57.php', 'tmp/king.php', 'tmp/sok.php', 'tmp/ss.php', 'tmp/as.php', 'tmp/dz.php', 'tmp/r1z.php', 'tmp/whmcs.php', 'tmp/root.php', 'tmp/r00t.php', 'tmp/uploads.php', 'tmp/upload.php', 'tmp/sa.php', 'sa.php', 'readme.php', 'tmp/readme.php', 'd0mains.php', 'madspotshell.php', 'info.php', 'egyshell.php', 'Sym.php', 'c22.php', 'c100.php', 'configuration.php', 'g.php', 'xx.pl', 'ls.php', 'Cpanel.php', 'k.phpzone-h.php', 'tmp/user.phptmp/Sym.php', 'cp.php', 'tmp/madspotshell.php', 'tmp/root.php', 'tmp/whmcs.php', 'tmp/index.php', 'tmp/2.php', 'tmp/dz.php', 'tmp/cpn.php', 'tmp/changeall.php', 'tmp/Cgishell.pl', 'tmp/sql.php', '0day.php', 'tmp/admin.php', 'cliente/downloads/h4xor.php', 'whmcs/downloads/dz.php', 'L3b.php', 'd.php', 'tmp/d.php', 'tmp/L3b.php', 'sado.php', 'admin1.php', 'upload.php', 'up.php', 'vb.zipvb.rar', 'admin2.asp', 'uploads.php', 'sa.php', 'sysadmins/admin1/sniper.php', 'administration/Sym.php', 'images/Sym.php', 'r57.php', 'gzaa_spyslsql-new.php', 'shell.php', 'sa.php', 'admin.php', 'sa2.php', '2.php', 'gaza.php', 'up.php', 'upload.php', 'uploads.php', 'shell.php', 'amad.php', 't00.php', 'dz.php', 'site.rar', 'Black.php', 'BlackMass.asp', 'test.txt', 'ftp.txt', 'user.txt', 'vb.sql', 'forum.sqlr00t-s3c.php', 'c.php', 'backup.sql', 'back.sql', 'data.sql', 'tmp/vaga.php', 'tmp/killer.php', 'whmcs.php', 'abuhlail.php', 'tmp/killer.php', 'tmp/domaine.pl', 'tmp/domaine.php', 'tmp/d0maine.php', 'd0maine.php', 'tmp/sql.php', 'X.php', '123.php', 'm.php', 'b.php', 'tmp/dz1.php', 'dz1.php', 'forum.zip', 'Symlink.php', 'Symlink.pl', 'forum.rarjoomla.zipjoomla.rar', 'wp.php', 'buck.sql', 'sysadmin.php', 'images/c99.php', 'xd.php', 'c100.php', 'spy.aspxxd.phptmp/xd.php', 'sym/root/home/billing/killer.php', 'tmp/upload.phptmp/admin.php', 'Server.php', 'tmp/uploads.php', 'tmp/up.php', 'Server/wp-admin/c99.php', 'tmp/priv8.php', 'priv8.php', 'cgi.pl', 'tmp/cgi.pl', 'downloads/dom.php', 'webadmin.html', 'admins.php', 'bluff.php', 'admins.php', 'a.php', 'z.php', 'e.php', 'r.php', 't.php', 'y.php', 'u.php', 'i.php', 'o.php', 'p.php', 'q.php', 's.php', 'd.php', 'f.php', 'g.php', 'h.php', 'j.php', 'k.php', 'l.php', 'm.php', 'w.php', 'x.php', 'c.php', 'v.php', 'b.php', 'n.php', '1.php', '2.php', '3.php', '4.php', '5.php', '6.php', '7.php', '8.php', '9.php', '10.php', '12.php', '11.php', '1234.php', 'tmp.php', 'tmp/', 'tmp/2.php', 'tmp/access.log', 'tmp/access_log', 'tmp/admin.php', 'tmp/cache/models/', 'tmp/cache/persistent/', 'tmp/cache/views/', 'tmp/cgi.pl', 'tmp/Cgishell.pl', 'tmp/changeall.php', 'tmp/cpn.php', 'tmp/d.php', 'tmp/d0maine.php', 'tmp/domaine.php', 'tmp/domaine.pl', 'tmp/dz.php', 'tmp/dz1.php', 'tmp/error.log', 'tmp/error_log', 'tmp/index.php', 'tmp/killer.php', 'tmp/L3b.php', 'tmp/madspotshell.php', 'tmp/nanoc/', 'tmp/priv8.php', 'tmp/root.php', 'tmp/sessions/', 'tmp/sql.php', 'tmp/Sym.php', 'tmp/tests/', 'tmp/up.php', 'tmp/upload.php', 'tmp/uploads.php', 'tmp/user.php', 'tmp/vaga.php', 'tmp/whmcs.php', 'tmp/xd.php', 'tools.php', 'helix.php', 'alfa.php', 'alfa-v3-encoded.php', 'alfa1.php', 'xmlrpc1.php', 'wp-ingfo.php', 'wp-info.php', 'Privshell.php', 'blank.php', 'Blank.php','b.php', 'r.php', 's.php', 'u.php', 'y.php', 'k.php', 'l.php', 'i.php', 'o.php', 'm.php', 'j.php', 'c.php', 'z.php', 'q.php', 'e.php', 'w.php', 't.php', 'r.php', 'f.php', 'd.php', 'ok.php', '1.php', '2.php', '3.php', '4.php', '5.php', '7.php', '6.php', '8.php', '9.php', '0.php', '00.php', 'herp.php', 'nptice.php', 'tuyul.php', 'nikung.php', 'tertykung.php', 'codrs.php', 'jingan.php', 'chan.php', 'kntl.php', 'losX.php', 'mom.php', 'sad.php', 'uploads/ok.php', 'upload/ok.php', 'upload/up.php', 'upload/shell.php', 'upload/idx.php', 'upload/ind.php', 'upload/v.php', 'upload/sym.php', 'upload/gallers.php', 'upload/bekdur.php', 'upload/file/up.php', 'upload/file/wso.php', 'upload/file/test.php', 'upload/file/WSO.php', 'upload/file/123.php', 'upload/file/uploader.php', 'upload/file/upload.php', 'upload/file/zero.php', 'upload/file/ups.php', 'upload/file/tmp.php', 'upload/file/jump.php', 'upload/file/x.php', 'upload/file/X.php', 'upload/file/idx.php', 'upload/file/b3ca7k.php', 'upload/file/indo.php', 'upload/file/asu.php', 'upload/file/dhanush.php', 'upload/file/aaa.php', 'upload/file/az.php', 'upload/file/xxx.php', 'upload/file/curl.php', 'upload/file/root.php', 'upload/file/asu.php', 'upload/file/id.php', 'upload/file/minishell.php', 'upload/file/kill.php', 'upload/file/0.php', 'upload/file/alone.php', 'upload/file/hex.php', 'upload/file/500.php', 'upload/file/error.php', 'upload/file/406.php', 'upload/file/fuck.php', 'upload/file/zzz.php', 'images/WSO.php', 'images/dz.php', 'images/DZ.php', 'images/cpanel.php', 'images/cpn.php', 'images/sos.php', 'images/term.php', 'images/Sec-War.php', 'images/sql.php', 'images/ssl.php', 'images/mysql.php', 'images/WolF.php', 'images/madspot.php', 'images/Cgishell.pl', 'images/killer.php', 'images/changeall.php', 'images/2.php', 'images/Sh3ll.php', 'images/dz0.php', 'images/dam.php', 'images/user.php', 'images/dom.php', 'images/whmcs.php', 'images/vb.zip', 'images/sa.php', 'images/sysadmins/', 'images/admin1/', 'images/sniper.php', 'images/images/Sym.php', 'images//r57.php', 'images/gzaa_spysl', 'images/sql-new.php', 'images/shell.php', 'images/sa.php', 'images/admin.php', 'images/sa2.php', 'images/2.php', 'images/user.txt', 'images/site.txt', 'images/error_log', 'images/error', 'images/site.sql', 'images/vb.sql', 'images/forum.sql', 'images/r00t-s3c.php', 'images/c.php', 'images/backup.sql', 'images/back.sql', 'images/data.sql', 'images/tmp/vaga.php', 'images/tmp/killer.php', 'images/whmcs.php', 'images/abuhlail.php', 'images/tmp/killer.php', 'images/tmp/domaine.pl', 'images/tmp/domaine.php', 'images/useradmin/', 'images/tmp/d0maine.php', 'images/d0maine.php', 'images/tmp/sql.php', 'images/X.php', 'images/123.php', 'images/m.php', 'images/b.php', 'images/up.php', 'images/tmp/dz1.php', 'images/dz1.php', 'images/Symlink.php', 'images/Symlink.pl', 'images/joomla.zip', 'images/wp.php', 'images/buck.sql', 'includes/WSO.php', 'includes/dz.php', 'includes/DZ.php', 'includes/cpanel.php', 'includes/cpn.php', 'includes/sos.php', 'includes/term.php', 'includes/Sec-War.php', 'includes/sql.php', 'includes/ssl.php', 'includes/mysql.php', 'includes/WolF.php', 'includes/madspot.php', 'includes/Cgishell.pl', 'includes/killer.php', 'includes/changeall.php', 'includes/2.php', 'includes/Sh3ll.php', 'includes/dz0.php', 'includes/dam.php', 'includes/user.php', 'includes/dom.php', 'includes/whmcs.php', 'includes/vb.zip', 'includes/r00t.php', 'includes/c99.php', 'includes/gaza.php', 'includes/1.php', 'includes/d0mains.php', 'includes/madspotshell.php', 'includes/info.php', 'includes/egyshell.php', 'includes/Sym.php', 'includes/c22.php', 'includes/c100.php', 'includes/configuration.php', 'includes/g.php', 'includes/xx.pl', 'includes/ls.php', 'includes/Cpanel.php', 'includes/k.php', 'includes/zone-h.php', 'includes/tmp/user.php', 'includes/tmp/Sym.php', 'includes/cp.php', 'includes/tmp/madspotshell.php', 'includes/tmp/root.php', 'includes/tmp/whmcs.php', 'includes/tmp/index.php', 'includes/tmp/2.php', 'includes/tmp/dz.php', 'includes/tmp/cpn.php', 'includes/tmp/changeall.php', 'includes/tmp/Cgishell.pl', 'includes/tmp/sql.php', 'includes/0day.php', 'includes/tmp/admin.php', 'includes/L3b.php', 'includes/d.php', 'includes/tmp/d.php', 'includes/tmp/L3b.php', 'includes/sado.php', 'includes/admin1.php', 'includes/upload.php', 'includes/up.php', 'includes/vb.zip', 'includes/vb.rar', 'includes/admin2.asp', 'includes/uploads.php', 'includes/sa.php', 'includes/sysadmins/', 'includes/admin1/', 'includes/sniper.php', 'includes/images/Sym.php', 'includes//r57.php', 'includes/gzaa_spysl', 'includes/sql-new.php', 'includes//shell.php', 'includes//sa.php', 'includes//admin.php', 'includes//sa2.php', 'includes//2.php', 'includes//gaza.php', 'includes//up.php', 'includes//upload.php', 'includes//uploads.php', 'includes/shell.php', 'includes//amad.php', 'includes//t00.php', 'includes//dz.php', 'includes//site.rar', 'includes//Black.php', 'includes//site.tar.gz', 'includes//home.zip', 'includes//home.rar', 'includes//home.tar', 'includes//home.tar.gz', 'includes//forum.zip', 'includes//forum.rar', 'includes//forum.tar', 'includes//forum.tar.gz', 'includes//test.txt', 'includes//ftp.txt', 'includes//user.txt', 'includes//site.txt', 'includes//error_log', 'includes//error', 'includes//cpanel', 'includes//awstats', 'includes//site.sql', 'includes//vb.sql', 'includes//forum.sql', 'includes/r00t-s3c.php', 'includes/c.php', 'includes//backup.sql', 'includes//back.sql', 'includes//data.sql', 'includes/wp.rar/', 'includes/asp.aspx', 'includes/tmp/vaga.php', 'includes/tmp/killer.php', 'includes/whmcs.php', 'includes/abuhlail.php', 'includes/tmp/killer.php', 'includes/tmp/domaine.pl', 'includes/tmp/domaine.php', 'includes/useradmin/', 'includes/tmp/d0maine.php', 'includes/d0maine.php', 'includes/tmp/sql.php', 'includes/X.php', 'includes/123.php', 'includes/m.php', 'includes/b.php', 'includes/up.php', 'includes/tmp/dz1.php', 'includes/dz1.php', 'includes/forum.zip', 'includes/Symlink.php', 'includes/Symlink.pl', 'includes/joomla.zip', 'includes/joomla.rar', 'includes/wp.php', 'includes/buck.sql', 'includes/sysadmin.php', 'includes/images/c99.php', 'includes/xd.php', 'includes/c100.php', 'includes/spy.aspx', 'includes/xd.php', 'includes/tmp/xd.php', 'includes/sym/root/home/', 'includes/billing/killer.php', 'includes/tmp/upload.php', 'includes/tmp/admin.php', 'includes/Server.php', 'includes/tmp/uploads.php', 'includes/tmp/up.php', 'includes/Server/', 'includes/wp-admin/c99.php', 'includes/tmp/priv8.php', 'includes/priv8.php', 'includes/cgi.pl/', 'includes/tmp/cgi.pl', 'includes/downloads/dom.php', 'includes/webadmin.html', 'includes/admins.php', 'includes/bluff.php', 'includes/king.jeen', 'includes/admins/', 'includes/admins.asp', 'includes/admins.php', 'includes/wp.zip', 'includes/', 'upload.php', 'admin/upload.php', 'shell.php', 'up.php', 'uploader.php', 'a.php', '123.php', 'test.php', 'minishell.php', '0.php', 'wso.php', 'error_log', 'tools.php', 'r00t.php', 'admin/error_log', 'access_log', 'phpinfo.php', 'info.php', 'xxx.php', 'indo.php', 'idx.php', 'sym.py', 'dir/', 'lib/', 'tmp/', 'includes/', 'log/error_log', 'log/error.log', 'log/www-error.log', 'include/', 'Scripts/', 'test/', 'sym/root/home/', 'chonx_sym/', 'chonx_root/', 'web/', 'upload/', 'images/', 'img/', 'inc/', 'js/', 'php/', 'symlink/', 'sym/', 'idx_config/', 'config/', 'Log/', 'cox_config/', 'sym_config/', 'noname_config/', 'idx_symconf/', 'symconf/', 'root/', 'file/', 'files/', 'config.txt', 'asu.php', 'index.php', 'index.php/?login', 'db.php', 'README.txt', 'include/config.php', 'config.php', 'logs', 'indoxploit.php', 'index1.php', 'index.html', 'sh3ll.php', 'up.html', 'script.php', 'fuck.php', 'dir.php', '406.php', '403.php', '500.php', 'accounts.php', 'bekdur.php', 'notfound.php', 'not_acceptable.php', '1337.php', '1n73ct10n.php', 'b374k.php', 'admin_home.php', 'home_admin.php', 'shell.php', 'zeeb.php', 'dz.php', 'xd.php', 'images/up.php', 'images/upload.php', 'files/up.php', 'file/upload.php', 'files/shell.php', 'files/uploader.php', 'files/indexx.php', 'file/up.php', 'file/uplod.php', 'file/wso.php', 'file/idx.php', 'file/up1.php', '13.php', 'killer.php', 'Sh3ll.php', 'new.php', 'Sym.php', 'dom.php', 'zero.php', 'priv8.php', 'jembut.php', 'v4ga.php', 'backup.zip', 's3c.php', 'madspotshell.php', 'sa.php', 'x.php', 'noname.php', 'kntol.php', 'WSO.php', 'IndoXploit.php', 'bajingan.php', 'c99.php', 'X.php', 'Good.php', 'pas.phtml', 'pas.php', 'abc.php', 'indexx.php', 'browse.php', 'up1.php', 'haha.php', 'z.php', 'gaza.php', 'sc.php', '1234.php', 'fvck.php', 'error.php', '0x.php', 'up.php5', 'shell.php5', 'inc/config.php', 'ix.php', '-.php', 'id.php', 'r0x.php', 'bn.php', 'dm.php', 'gator.php', 'mail.php', 'mailer.php', 'perlcgi.pl', 'php.ini', 'modul.php', 'wso1.php', 'wp.php', 'configuration.php', 'c.php', 'tai.php', 'root.php', 'www.php', 'x13.php', 'ntaps.php', 'tools.php', 'zip.php', '@.php', 'ea.php', 'aaaa.php', 'cinfo.php', 'by.php', 'celeng.php', 'jmbt.php', 'newfile.php', 'maho.php', 'mia.php', 'pro.php', 'qwe.php', 'shell_finder.php', '11.php', 'cfinder.php', 'title.php', 'edit.php', 's.php', 'wp.zip', 'xmlrpc.php', 'pasired.php', 'pass.php', 'adm.php', 'adminer.php', 'Cpanel.php', 'cpanel.php', 'noob.php', '..php', 'b2.php', 'lol.php', 'Lol.php', 'dhanush.php', 'asw.php', 'mini.php5', 'ler.php', 'def.php', 'ex.php', 'noname.php', 'unknown.php', 'anon.php', 'sel.php', 'extremecrw.php', 'indx.php', '14.php', '6.php', 'angel.php', 'bv7binary.php', 'c100.php', 'r57.php', 'webroot.php', 'h4cker.php', 'gazashell.php', 'locus7shell.php', 'syrianshell.php', 'injection.php', 'cyberwarrior.php', 'ernebypass.php', 'g6shell.php', 'pouyaserver.php', 'saudishell.php', 'simattacker.php', 'sosyeteshell.php', 'tryagshell.php', 'uploadshell.php', 'wsoshell.php', 'zehir4shell.php', 'lostdcshell.php', 'commandshell.php', 'mailershell.php', 'cwshell.php', 'iranshell.php', 'indishell.php', 'g6sshell.php', 'sqlshell.php', 'simshell.php', 'tryagshell.php', 'zehirshell.php', 'k2ll33d.php', 'b1n4ry.php', '12.php', 'default.php', 'blank.php');
    foreach($trying as $sec)
    {
    $urll=$url.'/'.$sec;
    if(urlExist($urll))
    {
    echo'<br><div class="alert alert-info"><b class="text-success">Found Shell <a href='.$urll.' target="_blank">'.$urll.'</a></b><br></div>';
    }
    else
    {
    }   
    }
    echo '<b class="text-danger" >Done</b>';
  }
  else
  {
    echo '<b >URL NOT VALID</p>';    
  }
    }
?>
PHP Malware Analysis

Shell-Finder.php

md5: 46da915b4430d630e5d464264e851103

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
