Glossary
Webshell
A script left on a web server that runs commands sent over HTTP and returns the output — a persistent foothold that needs no outbound connection.
A webshell is a script (commonly .php, .jsp, .aspx) placed on a
compromised web server that executes commands received in an HTTP request and
returns the output in the response. Unlike a
reverse shell, it rides the server's existing
inbound port and needs no outbound connection, so it works where egress is
blocked — but it is stateless and clunky to use. Testers often drop a webshell
as a durable foothold, then launch a reverse shell from it for interactive
work. See webshell vs reverse shell.