Weevely 3 overview

Weevely, the web shell for penetration testing included in BackBox since the earlier releases, has been forked and heavily rewritten as Weevely 3.0 to improve its extendibility and provide new modules for administration, post exploitation, and privilege escalation exploiting any web access.

The weevely modules ecosystem provides a working shell interface even with no shell command execution, replacing the standard shell commands (e.g. the file editors, cd and ls, SQL cli and dump, compression utilities, port scanners, etc.) with the weevely modules.

The weevely wiki tutorials shows some example on how to edit remote files, harvest and reuse some SQL credentials or bruteforce them. Who wants can follow also the tutorial about developing new modules.

Weevely can be extended to automatize the auditing or privilege escalation tasks, exploit specific vulnerabilities, enumerate accounts, scrape sensitive data, pivot on the target to scan the internal networks, run HTTP or SQL requests and do a whole lot of other cool stuff.

Weevely is installed by default on BackBox, download it now or get your version of weevely here.