- Notifications
You must be signed in to change notification settings - Fork10
Aizawa is a command-line webshell designed to execute commands through HTTP header
License
elliottophellia/aizawa
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
___ ________ ___ _ _____ / _| / _/_ / / _|| /| / / _| / __|_/ / / /_/ __||/|/ / __| /_/|_/___/ /___/_/|_|__/|__/_/|_|
Aizawa is a command-line webshell designed to execute commands through HTTP header, enabling it to circumvent Web Application Firewalls (WAF) and Intrusion Detection Systems (IDS). Additionally, it is capable of bypassingdisable_function restrictions, making it a tool of interest for security researchers and penetration testers. The name "Aizawa" is derived from Aizawa Ema, a virtual YouTuber associated with the Virtual Esport Project (VSPO), a group known for its focus on esports and virtual content creation.
Warning
The webshell is optimally compatible with PHP versions below 8.2. Users may experience connectivity issues when attempting to use this tool with PHP environments running version 8.2 or higher. This is a known issue that is currently being addressed in future updates.
Important
The webshell itself is moved toaizawa-webshell repository. This repository is now dedicated to the webshell client.
- Complete codebase rewrite using modern Python practices
- Added Poetry for dependency management
- Implemented XOR encryption for secure command transmission#12
- Removed HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE methods
- Enhanced error handling and input validation
- Improved code organization with proper modularization
- Added proxy support for requests
- Implemented async/await pattern throughout
- Added webshell key validation#12
- Removed legacy HTTP methods (USER_AGENT, ACCEPT_LANGUAGE)
- Removed direct system command execution methods
- Removed unused HTTP request methods
- python 3.13+
- poetry
- httpx 0.25.0+
- validators 0.22.0+
# Install using pipxpipx install aizawa# Clone the repositorygit clone https://github.com/elliottophellia/aizawa# Change directorycd aizawa# Install dependencies using Poetrypoetry install# Build the packagepoetry build# Install the packagepipx install dist/aizawa-2.0.0.tar.gz
# Basic usageaizawa --help# With argumentsaizawa -u<URL> -k<KEY># With proxyaizawa -u<URL> -k<KEY> -p<PROXY_URL>
-u, --url: Webshell URL-k, --key: Webshell encryption key-p, --proxy: Proxy URL (e.g.,http://127.0.0.1:8080)-v, --version: Show version information
- XOR encrypted command transmission
- Proxy support
- Async HTTP requests
- Multiple execution methods
- Enhanced error handling
- WAF/IDS evasion
- disable_function bypass
- Secure communication protocol
This project is licensed under the Creative Commons Attribution Share Alike 4.0 International (CC-BY-SA-4.0). For more information, please refer to theLICENSE file included in this repository.
This project is intended solely for educational and research purposes. The author does not endorse, condone, or encourage any unauthorized or illegal use of this tool. Users are solely responsible for ensuring that their actions comply with all applicable laws and regulations. The author shall not be held liable for any misuse, damage, or consequences arising from the use of this software.
About
Aizawa is a command-line webshell designed to execute commands through HTTP header