Man page - weevely(1)

Packages contains this manual

Package:  weevely
apt-get install weevely

Manuals in package:
• weevely(1)
Documentations in package:
• weevely

Manual

WEEVELY

NAME
DESCRIPTION
SYNOPSIS
Features
Agent
Modules
SEE ALSO
AUTHOR

---

NAME

Weevely - Weaponized web shell

DESCRIPTION

A web shell designed for post-exploitation purposes that can be extended over the network at runtime.

Upload weevely PHP agent to a target web server to get remote shell access to it. Once connected you can make use of the more than 30 modules to assist administrative tasks, maintain access, provide situational awareness, elevate privileges, and spread into the target network.

SYNOPSIS

Run terminal to the target
weevely <URL> <password> [cmd]

Generate backdoor agent
weevely generate <password> <path>


Load session file
weevely session <path>

Features

	•		Shell access to the target
	•		SQL console pivoting on the target
	•		HTTP/HTTPS proxy to browse through the target
	•		Upload and download files
	•		Spawn reverse and direct TCP shells
	•		Audit remote target security
	•		Run Meterpreter payloads
	•		Port scan pivoting on target
	•		Mount the remote filesystem
	•		Bruteforce SQL accounts pivoting on the target

Agent

The agent is a small, polymorphic PHP script hardly detected by AV and the communication protocol is obfuscated within HTTP requests.

Modules

SEE ALSO

https://github.com/epinna/weevely3/wiki

AUTHOR

weevely is developed by The Weevely Developers, this manpage was made by Emilio <epinna> and Samuel Henrique <samueloph@debian.org> based on weevely’s README.md and can be used by other projects as well.

---