Weevely returns with improved stability, usability and with some delicious network features useful during your penetration testing or simple web shell management.
Here’s what new modules you’ll get with 0.7 release:
- net.proxy module forwards your HTTP traffic trough remote target machine as a real proxy. First run :net.proxy, then set ‘http://localhost:8080′ as HTTP proxy in your favourite web browser and browse anonymously through target web server.
- net.php_proxy module installs a PHP script to browse anonymously through remote target machine.
- net.scan module performs port scan from your target web server
- file.rm module removes files and directories, also in restricted PHP enviroinments
New network modules are also useful to pivoting to internal hosts unreachable from public networks. Read here for detailed modules description.
Also, I’ve added new kind of generators modules to generate different kind of backdoors:
- generate.php generates an obfuscated and polymorphic PHP backdoor. Is the default generator included in older version too.
- generate.img appends polymorphic PHP backdoor to an existing image and creates associated .htaccess to enable its execution as PHP code.
- generate.htaccess embed polymorphic PHP backdoor into a valid .htaccess that instruct apache to execute itself as PHP script. Awesome.
Read here about generators usage.