Aizawa is a super simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function. The name Aizawa itself is taken from virtual youtuber Aizawa Ema from Virtual Esport Project. Ema herself is a girl who likes bread and cats. She's always trying to improve her game skills. She wants to be a neat and tidy character, but is she really?

TODO - v2.0.0

Minor

• [ ] Find a better code execution method with eval to replace the current one (aizawa_ninja_eval_.php) which not that effective in newer versions of PHP
• [ ] Find a PoC to bypass disable_function in PHP 8.2.X

Major

• [ ] Remove both HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE methods entirely from the code base
• [ ] Replace httpx with HackRequests
• [ ] Replace Headers.create with random-header-generator
• [ ] Implement a http proxy rotator with support from elliottophellia/yakumo for each request to make it difficult to track
• [ ] Implement a replacement for HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE which will be using AIZAWA_NINJA like the other NINJA Shell
• [ ] Moving the webshell itself into new repository to reduce confusion

Misc

• [ ] Implement an Authentication for the webshells

Prerequisites

• Python 3.10
• Pip 22.0.2
• Httpx[http2] 0.25.0
• Validators 0.22.0

Installing

1. Clone this repository

git clone http://github.com/elliottopellia/aizawa

2. Change directory to aizawa

cd aizawa

3. Install dependencies

Windows, Linux, Mac, Termux:
pip install -r requirements.txt

Arch Linux based:
pacman -S python-httpx python-validators python-h2

4. Run aizawa

python main.py / python main.py [webshell url]

Screenshot

References

• s0md3v
• Acunetix
• mm0r1

Licence

This project is licensed under the GPL 2.0 License - see the LICENCE file for details

Disclaimer

This project is for educational purposes only. I will not be responsible for any misuse of this project by any party, or any damage caused by this project.