Never Ending Security

It starts all here

DAWS – Advanced Web Shell For Windows And Linux


There’s multiple things that makes DAws better than every Web Shell out there:

  1. Supports CGI by dropping Bash Shells (for Linux) and Batch Shells (for Windows).
  2. Bypasses WAFs, Disablers and Protection Systems; DAws isn’t just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shell_exec was disabled it would automatically use exec or passthru or system or popen or proc_open instead, same for Downloading a File from a Link, if Curl was disabled then file_get_content is used instead and this Feature is widely used in every section and fucntion of the shell. (Yes, it bypasses Suhosin too)
  3. Automatic Encoding; DAws randomly and automatically encodes most of your GET and POST data using XOR(Randomized key for every session) + Base64(We created our own Base64 encoding functions instead of using the PHP ones to bypass Disablers) which will allow your shell to Bypass pretty much every WAF out there.
  4. Advanced File Manager; DAws’s File Manager contains everything a File Manager needs and even more but the main Feature is that everything is dynamically printed; the permissions of every File and Folder are checked, now, the functions that can be used will be available based on these permissions, this will save time and make life much easier.
  5. Tools: DAws holds bunch of useful tools such as “bpscan” which can identify useable and unblocked ports on the server within few minutes which can later on allow you to go for a bind shell for example.
  6. Everything that can’t be used at all will be simply removed so Users do not have to waste their time. We’re for example mentioning the execution of c++ scripts when there’s no c++ compilers on the server(DAws would have checked for multiple compilers in the first place) in this case, the function would be automatically removed and the User would know.
  7. Supports Windows and Linux.
  8. Openned Source.
Extra Info
  • Directory Romaing:
    • DAws checks, within the `web` directory, for a Writable and Readable Directory which will then be used to Drop and Execute needed scripts which will guarantee their success.
  • Eval Form:
    • `include`, `include_once`, `require` or `require_once` are being used instead PHP `eval` to bypass Protection Systems.
  • Download from Link – Methods:
    • PHP Curl
    • File_put_content
  • Zip – Methods:
    • Linux:
      • Zip
    • Windows:
      • Vbs Script
  • Shells and Tools:
    • Extra:
      • `nohup`, if installed, is automatically used for background processing.

More information can be found at:

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s