While it has been over a year since the initial release, I’m very excited to announce the release of RWSH v1.1!
For those of you not familiar with this tool, here is the original release.
The main goal of RWSH is to offer a simple, yet versatile, web shell and pseudo-interactive client.
- Encoded communication
- Pseudo-interactive shell
- Cleaner output formatting than PHP passthru
- Hostname and username (whoami) detection
- (Mostly) Clean exiting
New features in RWSH v1.1
Finally, some methods!
- I removed the encoded.php file, but kept the way that I generated it as a comment in the current shell.php
- I added support for POST requests, as well as the ability to select between GET and POST
- Methods for sending the request, encoding the request, and decoding the response have been added
- I updated the README to reflect these changes
- Now licensed under Apache 2.0, so build something even better!
- Removed from my SecurityTools repository and created its own (see below)
- First official tagged release – https://github.com/doyler/RWSH/releases/tag/v1.1
- Add ability to easily obfuscate shell.php
- Add client specific functionality similar to meterpreter (upload, download, etc.)
- Include randomly generated filenames for server.php (similar to Metasploit payloads)
- Look into better methods of encryption or encoding the traffic
- Handle all exit cases better
- Perform OS detection and better prompt displays
- Look into the ability to change directories (change the prompt, prepend the current directory to any requests?)
- Pseudo random key for forward-secrecy
- Better encoded version to avoid detection (grep, AI-Bolit)
- Clean up and add more methods
- Add support for more HTTP verbs as well as headers (cookies, arbitrary, etc.)
Let me know if you have any questions, comments, suggestions, or ideas!
I’m hoping to have v1.2 out sooner than a year for now, and I have a lot of great ideas for v2.0.
Finally, you can find the code and updates in its new GitHub repository.