Stealth tiny web shell
Clone or download
Pull request Compare This branch is even with sunge:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
core
modules
LICENSE
README
weevely.py

README

Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Official website:

http://epinna.github.com/Weevely/

Getting started with a quick Tutorial:

https://github.com/epinna/Weevely/wiki/Tutorial

Or show list of available Modules:

https://github.com/epinna/Weevely/wiki/Modules-list


Main features:

* More than 30 modules to automatize administration and post exploitation tasks
  o Execute commands and browse remote filesystem, even with PHP security restriction
  o Audit common server misconfigurations
  o Run SQL console pivoting on target machine
  o Simple file transfer from and to target
  o Spawn reverse and direct TCP shells
  o Bruteforce passwords of target system users
  o And so on..

* Backdoor communications are hidden in HTTP Cookies
* Communications are obfuscated to bypass NIDS signature detection
* Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

Weevely author keep Dissecting, a security related blog in italian language:

http://disse.cting.org/