XSS

JSShell: An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).

beef: BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Webshell & Reverse shell

revshells.com: generates your web/reverse shell payloads in a few clicks.

shellerator: Shellerator is a simple command-line tool aimed to help pentesters quickly generate one-liner reverse/bind shells in multiple languages (Bash, Powershell, Java, Python, etc).

weevely3: Weaponized web shell.

weevely generate <password> <path>
weevely <URL> <password> [cmd]