Aizawa is a super simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function. The name Aizawa itself is taken from virtual youtuber Aizawa Ema from Virtual Esport Project. Ema herself is a girl who likes bread and cats. She's always trying to improve her game skills. She wants to be a neat and tidy character, but is she really?
- Find a better code execution method with eval to replace the current one (aizawa_ninja_eval_.php) which not that effective in newer versions of PHP
- Find a PoC to bypass disable_function in PHP 8.2.X
- Remove both HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE methods entirely from the code base
- Replace httpx with HackRequests
- Replace Headers.create with random-header-generator
- Implement a http proxy rotator with support from elliottophellia/yakumo for each request to make it difficult to track
- Implement a replacement for HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE which will be using AIZAWA_NINJA like the other NINJA Shell
- Moving the webshell itself into new repository to reduce confusion
- Implement an Authentication for the webshells
- Python 3.10
- Pip 22.0.2
- Httpx[http2] 0.25.0
- Validators 0.22.0
git clone http://github.com/elliottopellia/aizawa
cd aizawa
Windows, Linux, Mac, Termux:
pip install -r requirements.txt
Arch Linux based:
pacman -S python-httpx python-validators python-h2
python main.py / python main.py [webshell url]
This project is licensed under the GPL 2.0 License - see the LICENCE file for details
This project is for educational purposes only. I will not be responsible for any misuse of this project by any party, or any damage caused by this project.