Wshlient – A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Web Shell Client
Description & Demo
Wshlient is a web shell client designed to be pretty simple yet versatile. One just need to create a text file containing an HTTP request and inform where Wshlient inject the commands, then you can enjoy a shell.
In the case the above video does not works for you:
Installation
Out of python’s included batteries Wshclient only uses requests. Just install it directly or using requirements.txt:
$ git clone https://github.com/gildasio/wshlient
$ cd wshlient
$ pip install -r requirements.txt
$ ./wshlient.py -h
Alternatively you can also create a symbolic link in your $PATH to use it directly anywhere in the system:
$ ln -s $PWD/wshlient.py /usr/local/bin/wshlient
Usage
$ ./wshlient.py -h
usage: wshlient.py [-h] [-d] [-i] [-ne] [-it INJECTION_TOKEN] [-st START_TOKEN] [-et END_TOKEN] req
positional arguments:
req File containing raw http request
options:
-h, --help show this help message and exit
-d, --debug Enable debug output
-i, --ifs Replaces whitespaces with $IFS
-ne, --no-url-encode Disable command URL encode
-it INJECTION_TOKEN, --injection-token INJECTION_TOKEN
Token to be replaced by commands (default: INJECT)
-st START_TOKEN, --start-token START_TOKEN
Token that marks the output beginning
-et END_TOKEN, --end-token END_TOKEN
Token that marks the output ending
Contributing
You can contribute to Wshlient by:
- Using and sharing it 🙂
- Firing a bug / issue
- Suggesting interesting features
- Coding
Feel free to do it, but keep in mind to keep it simple.
Original Source: kitploit.com
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
