Provided by: weevely_3.7.0-1_all bug


       Weevely - Weaponized web shell


       A  web shell designed for post-exploitation purposes that can be extended over the network
       at runtime.

       Upload weevely PHP agent to a target web server to get remote shell access  to  it.   Once
       connected  you  can  make  use of the more than 30 modules to assist administrative tasks,
       maintain access, provide situational awareness, elevate privileges, and  spread  into  the
       target network.


       Run terminal to the target
       weevely <URL> <password> [cmd]

       Generate backdoor agent
       weevely generate <password> <path>

       Load session file
       weevely session <path>

       · Shell access to the target

       · SQL console pivoting on the target

       · HTTP/HTTPS proxy to browse through the target

       · Upload and download files

       · Spawn reverse and direct TCP shells

       · Audit remote target security

       · Run Meterpreter payloads

       · Port scan pivoting on target

       · Mount the remote filesystem

       · Bruteforce SQL accounts pivoting on the target

       The  agent  is a small, polymorphic PHP script hardly detected by AV and the communication
       protocol is obfuscated within HTTP requests.

       Module                         Description
       :audit_filesystem              Audit the file system for weak permissions.
       :audit_suidsgid                Find files with SUID or SGID flags.
       :audit_disablefunctionbypass   Bypass  disable_function  restrictions with
                                      mod_cgi and .htaccess.
       :audit_etcpasswd               Read /etc/passwd with different techniques.
       :audit_phpconf                 Audit PHP configuration.
       :shell_sh                      Execute shell commands.
       :shell_su                      Execute commands with su.
       :shell_php                     Execute PHP commands.
       :system_extensions             Collect PHP and webserver extension list.

       :system_info                   Collect system information.
       :system_procs                  List running processes.
       :backdoor_reversetcp           Execute a reverse TCP shell.
       :backdoor_tcp                  Spawn a shell on a TCP port.
       :backdoor_meterpreter          Start a meterpreter session.
       :bruteforce_sql                Bruteforce SQL database.
       :file_gzip                     Compress or expand gzip files.
       :file_clearlog                 Remove string from a file.
       :file_check                    Get attributes and permissions of a file.
       :file_upload                   Upload file to remote filesystem.
       :file_webdownload              Download an URL.
       :file_tar                      Compress or expand tar archives.
       :file_download                 Download file from remote filesystem.
       :file_bzip2                    Compress or expand bzip2 files.
       :file_edit                     Edit remote file on a local editor.
       :file_grep                     Print lines matching a pattern in  multiple
       :file_ls                       List directory content.
       :file_cp                       Copy single file.
       :file_rm                       Remove remote file.
       :file_upload2web               Upload  file  automatically to a web folder
                                      and get corresponding URL.
       :file_zip                      Compress or expand zip files.
       :file_touch                    Change file timestamp.
       :file_find                     Find files with given names and attributes.
       :file_mount                    Mount remote filesystem using HTTPfs.
       :file_enum                     Check existence and permissions of  a  list
                                      of paths.
       :file_read                     Read    remote   file   from   the   remote
       :file_cd                       Change current working directory.
       :sql_console                   Execute SQL query or run console.
       :sql_dump                      Multi dbms mysqldump replacement.
       :net_mail                      Send mail.
       :net_phpproxy                  Install PHP proxy on the target.
       :net_curl                      Perform a curl-like HTTP request.
       :net_proxy                     Run  local  proxy   to   pivot   HTTP/HTTPS
                                      browsing through the target.
       :net_scan                      TCP Port scan.
       :net_ifconfig                  Get network interfaces addresses.



       weevely  is  developed by The Weevely Developers, this manpage was made by Emilio <epinna>
       and Samuel Henrique <> based on weevely's and can be used by
       other projects as well.