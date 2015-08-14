

Weevely is a stealth PHP web shell that is designed for remote server administration and penetration testing. It simplifies the administration of your web account, especially with unprivileged accounts such as free hosting services and other shared environments. It is an essential tool for post exploitation tasks like privilege escalation and access maintained even in restricted environments, and can be used as stealth backdoor.

Features:

Ssh-like terminal

SQL console pivoted on target

HTTP proxy pivoted on target

Host configuration security auditing

Mount of the remote filesystem

Network scan pivoted on target

File upload and download

Reverse and direct TCP shell

Meterpreter support

Service account Bruteforce

Compressed archive management





The remote agent is a small PHP script which can extend its functionality over the network at run-time. The agent code is polymorphic and hardly detectable by AV and the traffic is obfuscated within the HTTP requests.





Weevely also provides python API to develop your own modules.