Aizawa is a super simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function. The name Aizawa itself is taken from virtual youtuber Aizawa Ema from Virtual Esport Project. Ema herself is a girl who likes bread and cats. She's always trying to improve her game skills. She wants to be a neat and tidy character, but is she really?

• Find a better code execution method with eval to replace the current one (aizawa_ninja_eval_.php) which not that effective in newer versions of PHP
• Find a PoC to bypass disable_function in PHP 8.2.X

• Remove both HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE methods entirely from the code base
• Replace httpx with HackRequests
• Replace Headers.create with random-header-generator
• Implement a http proxy rotator with support from elliottophellia/yakumo for each request to make it difficult to track
• Implement a replacement for HTTP_USER_AGENT and HTTP_ACCEPT_LANGUAGE which will be using AIZAWA_NINJA like the other NINJA Shell
• Moving the webshell itself into new repository to reduce confusion

• Implement an Authentication for the webshells

• Python 3.10
• Pip 22.0.2
• Httpx[http2] 0.25.0
• Validators 0.22.0

git clone http://github.com/elliottopellia/aizawa

cd aizawa

Windows, Linux, Mac, Termux:
pip install -r requirements.txt

Arch Linux based:
pacman -S python-httpx python-validators python-h2

python main.py / python main.py [webshell url]

• s0md3v
• Acunetix
• mm0r1

This project is licensed under the GPL 2.0 License - see the LICENCE file for details

This project is for educational purposes only. I will not be responsible for any misuse of this project by any party, or any damage caused by this project.