Aizawa is a super simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function. The name Aizawa itself is taken from virtual youtuber Aizawa Ema from Virtual Esport Project. Ema herself is a girl who likes bread and cats. She's always trying to improve her game skills. She wants to be a neat and tidy character, but is she really?

TODO - v2.0.0

Minor

Find a better code execution method with eval to replace the current one (aizawa_ninja_eval_.php) which not that effective in newer versions of PHP
Find a PoC to bypass disable_function in PHP 8.2.X

Major

Remove both HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE methods entirely from the code base
Replace httpx with HackRequests
Replace Headers.create with random-header-generator
Implement a http proxy rotator with support from elliottophellia/yakumo for each request to make it difficult to track
Implement a replacement for HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE which will be using AIZAWA_NINJA like the other NINJA Shell
Moving the webshell itself into new repository to reduce confusion

Misc

Implement an Authentication for the webshells

Prerequisites

Python 3.10
Pip 22.0.2
Httpx[http2] 0.25.0
Validators 0.22.0

Installing

1. Clone this repository

git clone http://github.com/elliottopellia/aizawa

2. Change directory to aizawa

cd aizawa

3. Install dependencies

Windows, Linux, Mac, Termux:
pip install -r requirements.txt

Arch Linux based:
pacman -S python-httpx python-validators python-h2

4. Run aizawa

python main.py / python main.py [webshell url]

Screenshot

References

Licence

This project is licensed under the GPL 2.0 License - see the LICENCE file for details

Disclaimer

This project is for educational purposes only. I will not be responsible for any misuse of this project by any party, or any damage caused by this project.

bug : unknown error with "curl" in Debian based distro

Ubuntu 22.04.3 LTS x86_64 - PHP 8.0.30 (cli) (built: Aug 4 2023 13:50:15)

rei@rei-exploit-labs:~/aizawa$ php aizawa.php
PHP Warning:  Module "curl" is already loaded in Unknown on line 0

   ___   ________  ___ _      _____
  / _ | /  _/_  / / _ | | /| / / _ |
 / __ |_/ /  / /_/ __ | |/ |/ / __ |
/_/ |_/___/ /___/_/ |_|__/|__/_/ |_|
A Super Simple Command Line Webshell
For Bypassing Any Kind of WAF or IDS
Code by @elliottophellia    #VSPOFan
Webshell URL: http://target.com/get_aizawa_hua_.php

WARNING!
ERROR: Invalid HTTP response
HTTP response code is not 200, please check the URL and try again

NOTE: Aizawa Ninja Edition sometimes returns with HTTP code 500

rei@rei-exploit-labs:~/aizawa$

Debian GNU/Linux 11 (bullseye) x86_64 - PHP 8.0.30 (cli) (built: Sep 4 2023 08:11:52)

root@nyanhosting:~/aizawa# php aizawa.php
PHP Warning:  PHP Startup: Unable to load dynamic library 'curl' (tried: /usr/lib/php/20200930/curl (/usr/lib/php/20200930/curl: cannot open shared object file: No such file or directory), /usr/lib/php/20200930/curl.so (/usr/lib/php/20200930/curl.so: cannot open shared object file: No such file or directory)) in Unknown on line 0

   ___   ________  ___ _      _____
  / _ | /  _/_  / / _ | | /| / / _ |
 / __ |_/ /  / /_/ __ | |/ |/ / __ |
/_/ |_/___/ /___/_/ |_|__/|__/_/ |_|
A Super Simple Command Line Webshell
For Bypassing Any Kind of WAF or IDS
Code by @elliottophellia    #VSPOFan
Webshell URL: http://target.com/get_aizawa_hua_.php
PHP Fatal error:  Uncaught Error: Call to undefined function curl_init() in /root/aizawa/aizawa.php:80
Stack trace:
#0 /root/aizawa/aizawa.php(276): execute()
#1 {main}
  thrown in /root/aizawa/aizawa.php on line 80
root@nyanhosting:~/aizawa#

elliottophellia / aizawa Goto Github PK

aizawa's Introduction

TODO - v2.0.0

Minor

Major

Misc

Prerequisites

Installing

1. Clone this repository

2. Change directory to aizawa

3. Install dependencies

4. Run aizawa

Screenshot

References

Licence

Disclaimer

aizawa's People

Contributors

Stargazers

Watchers

Forkers

aizawa's Issues

Ubuntu 22.04.3 LTS x86_64 - PHP 8.0.30 (cli) (built: Aug 4 2023 13:50:15)

Debian GNU/Linux 11 (bullseye) x86_64 - PHP 8.0.30 (cli) (built: Sep 4 2023 08:11:52)

Release with this bug

Recommend Projects

Recommend Topics

Recommend Org