Weevely

Weevely is an essential tool for web application post-exploitation, providing a stealthy PHP web shell that simulates telnet-like connections. It can be deployed as a hidden backdoor or used to manage legitimate web accounts, including free hosted ones. The tool generates PHP agents protected by passwords, enabling secure remote access to compromised web servers.

Key use cases include filesystem browsing, command execution, and module utilization on target systems after initial exploitation. Once connected, users can interact with the target environment as if using a terminal session. Weevely maintains session persistence through saved session files for resuming connections.

The tool's stealth design makes it particularly valuable for maintaining long-term access to compromised web applications without detection.

Weevely operates by generating obfuscated PHP backdoor files protected with user-specified passwords. When accessed via HTTP/HTTPS, the backdoor authenticates incoming connections using the password and establishes an encrypted, stealth communication channel that simulates telnet functionality. Sessions are persisted locally in a sessions directory, allowing reconnection without regenerating the agent. The PHP agent handles filesystem operations, command execution, and module loading while evading detection through code obfuscation and minimal footprint.