Secret penetration testing tool: Webshell batch management tool QuasiBot
Statement:The security tools described in this article are only used for penetration testing and Security teaching. No illegal use is allowed.
QuasiBot is a php-compiled webshell management tool that allows you to remotely manage webshells in batches. This tool is better than common webshell management because it also has security scanning, vulnerability exploitation testing, and other functions to help penetration testers perform efficient testing.
How does QuasiBot work?
QuasiBot supports webshell remote operations. Each webshell is verified by md5 hash and replaced hourly.
QuasiBot (C & C)-[Request/verification]-> Bots (Webshells)-[response/verification]-> quasiBot (C & C) -[Request/command]-> Bots (Webshells)-[response/execution]-> quasiBot (C & C)
* Webshell supports DDoS and non-DDoS modules. The source code is displayed on the homepage. You can also delete or add
* The rss page contains the latest exploit and vulnerability information.
* The rce page allows the Administrator to remotely execute code through the PHP function.
* The scan page allows administrators to parse IP addresses or URLs and collect information using nmap, dig, and whois tools.
* The Pwn page can collect server information for suitable exploit penetration and utilization.
* If MySQL Manager is named like this, you can perform database-specific operations, such as searching configuration files with mysql connection information, and Displaying System Environment Information
* The Run page allows you to execute commands for Each bot immediately.
* The DDoS page allows you to manage all the bots to initiate UDP DoS attacks.
Use Quasi for the first time
1. Put all the files in the prepared directory and modify the default configuration file (config. php)
2. The first access to quasiBot will establish the required database structure
3. Visit the Settings page. You can add or delete a shell.
: Https://github.com/Smaash/quasibot