Skip to content

Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.

License

Notifications You must be signed in to change notification settings

elliottophellia/aizawa

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation



Aizawa is a super simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function. The name Aizawa itself is taken from virtual youtuber Aizawa Ema from Virtual Esport Project. Ema herself is a girl who likes bread and cats. She's always trying to improve her game skills. She wants to be a neat and tidy character, but is she really?


TODO - v2.0.0

Minor

  • Find a better code execution method with eval to replace the current one (aizawa_ninja_eval_.php) which not that effective in newer versions of PHP
  • Find a PoC to bypass disable_function in PHP 8.2.X

Major

  • Remove both HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE methods entirely from the code base
  • Replace httpx with HackRequests
  • Replace Headers.create with random-header-generator
  • Implement a http proxy rotator with support from elliottophellia/yakumo for each request to make it difficult to track
  • Implement a replacement for HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE which will be using AIZAWA_NINJA like the other NINJA Shell
  • Moving the webshell itself into new repository to reduce confusion

Misc

  • Implement an Authentication for the webshells

Prerequisites

  • Python 3.10
  • Pip 22.0.2
  • Httpx[http2] 0.25.0
  • Validators 0.22.0

Installing

1. Clone this repository

git clone http://github.com/elliottopellia/aizawa

2. Change directory to aizawa

cd aizawa

3. Install dependencies

Windows, Linux, Mac, Termux:
pip install -r requirements.txt

Arch Linux based:
pacman -S python-httpx python-validators python-h2

4. Run aizawa

python main.py / python main.py [webshell url]

Screenshot

1 2

References

Licence

This project is licensed under the GPL 2.0 License - see the LICENCE file for details

Disclaimer

This project is for educational purposes only. I will not be responsible for any misuse of this project by any party, or any damage caused by this project.