Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.
More than 30 modules to automatize administration and post exploitation tasks:
Execute commands and browse remote filesystem, even with PHP security restriction
Audit common server misconfigurations
Run SQL console pivoting on target machine
Proxy your HTTP traffic through target
Mount target filesystem to local mount point
Simple file transfer from and to target
Spawn reverse and direct TCP shells
Bruteforce SQL accounts through target system
Run port scans from target machine
And so on..
Backdoor communications are hidden in HTTP Cookies
Communications are obfuscated to bypass NIDS signature detection
Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
Download Weevely Here:
Download Weevely Here: