Skip to content

BharatCyberForce/RADIUM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
aspx
aspx
 
 
img
img
 
 
php
php
 
 
radium mini
radium mini
 
 
v
v
 
 
README.md
README.md
 
 

Repository files navigation

⚛️ Radium Shell

PHP Status License Security

Radium is a Web Based PHP Shell designed for Advanced Server Management. It Provides a Rich Interface For Interacting With A Server File System.

✅ Tested On

  • PHP Versions: 5.6, 7.0–7.4, 8.0–8.3
  • Web Servers: Apache2, Nginx, LiteSpeed etc,etc.
  • Bypass

Minimum PHP: 5.6
Recommended: PHP 7.4+

Features

Module Description
File Manager Copy, move, delete, rename, edit, and change file permissions
Compression ZIP and UNZIP file and folder
CMD Interface Execute shell commands and receive real-time output
Adminer Embedded Adminer (MySQL database manager)
CPU Info View CPU usage, model, cores, and threads
Server Info Server IP, OS details, disk usage, PHP version
File Creator Create new files.
Add Admin Add new admin account to common CMS systems (Now only available for WordPress)
Backdoor Uploader Upload persistent backdoors (reverse shell)
Auto Recovery Auto-download on server and silently inject in server (Soon)
Credential Harvester Scan for and collect stored credentials (Soon)

🛡️ Security Software / WAFs Bypassed / Security Plugins

Radium Shell has been tested against the following server security suites and WAFs. Where possible, payloads and commands were successfully executed or uploaded.

Software / WAF Bypass Status Notes
Imunify360 ✅ Bypassed Without obfuscate bypassed
ModSecurity (OWASP CRS) ✅ Bypassed Payload evasion and encoding bypass rule sets (Without obfuscate bypassed)
CSF / LFD ✅ Bypassed No alerts
Wordfence (WordPress) ✅ Bypassed Fully bypassed
All-In-One WP Security ✅ Bypassed File uploads succeeded (Without obfuscate bypassed)
ImunifyAV (Lite) ✅ Bypassed Payload not detected (Without obfuscate bypassed)
ModSec Rules ✅ Bypassed Custom payloads not flagged during upload (Without obfuscate bypassed)

Remember: Mostly security bypassed without obfuscate but did not bypassed after obfuscate (because we used publicly available obfuscation.)

📸 Screenshots

**

Filemanager

Main Page Of Sh3ll Upload Files, Edit Files, Set Permissions,Delete.

Server Info

Server Info Displays Server Information.

CPU Info

CPU Info Displays CPU model, core/thread usage.

Terminal

Terminal Interface Run shell commands & real-time outputs.

File Creator

File Creator Create new files.

Processing

Processing Info Display Information About Runing Applications in Background.

Bulk

Bulk Bulk Deletion/Copy/Zip/Unzip.

🔒 DISCLAIMER
Clean&Clear Warnning This project is intended solely for authorized penetration testing purposes.

About

Control the server. Command the system. Stay in the shadows. ~ Radium Shell

Topics

shell php reverse-shell webshell php-shell

Resources

Readme
Activity

Stars

9 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages