Weevely 3 – Weaponized PHP Web Shell

Keep on Guard!


Weevely is a command line weaponized PHP web shell dynamically extended over the network at runtime and is designed for remote administration and pen testing. It provides a telnet-like console through a PHP script running on the target, even in restricted environments.

The low footprint agent and over 30 modules shape an extensible framework to administrate, conduct a pen-test, post-exploit, and audit remote web accesses in order to escalate privileges and pivot deeper in the internal networks.

Weevely 3 - Weaponized PHP Web Shell

The remote agent is a very low footprint PHP script that receives dynamically injected code from the client, extending the client functionalities over the network at run-time. The agent code is polymorphic and hardly detectable by AV and HIDS. The communication is covered and obfuscated within the HTTP protocol using steganographic techniques.

We did mention Weevely a couple of years back at v1.0: Weevely – PHP Stealth Tiny Web Shell

Module Features

  • Shell/PHP telnet-like network terminal
  • Common server misconfigurations auditing
  • SQL console pivoting on target
  • HTTP traffic proxying through target
  • Mount target file system to local mount point
  • Conduct network scans pivoting on target
  • File upload and download
  • Spawn reverse and direct TCP shells
  • Bruteforce services accounts
  • Compress and decompress zip, gzip, bzip2 and tar archives

What’s New

  • Basic Windows support
  • OS X Support
  • Python requirements.txt
  • Encoding support for sql_console
  • Output redirection and inverse grep for file_grep
  • Run actions on start depending from the session load
  • Proxy and SOCKS support
  • Unset session variables
  • Show session variables

Weevely also provides python API which can be used to develop your own module to implement internal audit, account enumerator, sensitive data scraper, network scanner, make the modules work as a HTTP or SQL client and do a whole lot of other cool stuff.

You can download Weevely here:

Weevely-v3.2.0.zip

Or read more here.


Posted in: Hacking Tools, Web Hacking

, , , ,

Latest Posts:


BSQLinjector - Blind SQL Injection Tool Download BSQLinjector – Blind SQL Injection Tool Download in Ruby
BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases.
CCleaner Hack - Spreading Malware To Specific Tech Companies CCleaner Hack – Spreading Malware To Specific Tech Companies
The CCleaner Hack is blowing up, initially estimated to be huge, it's hit at least 700k computers & is specifically targeting 20 top tech organisations.
AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds


Comments are closed.