← Back to hub

Shell Spawned by Web Interpreter: RCE Post-Exploitation Pattern

Detects RCE post-exploitation patterns on web servers by identifying command shells or discovery tools spawned by web interpreters (PHP, Python, Java, Node.js), active exploitation vector in CVE-2025-0520 (ShowDoc) and similar remote code execution vulnerabilities.

🔒

Premium Content

This query requires an active subscription to access the code.

Get Access