#cybersecurity #security #webshell #red-team #data-exfiltration #lateral-movement

app crabby-webshell-generator

Crabby is a tool developed to generate webshells written in - insert your desired webshell language -. It is designed to be used by red teams to aid in lateral movement, privilege escalation, and data exfiltration.

3 stable releases

2.0.0 May 14, 2024
1.1.3 May 1, 2024

#797 in Web programming

MIT license

1MB
18K SLoC

PHP 17K SLoC // 0.2% comments Rust 1.5K SLoC // 0.1% comments JavaScript 94 SLoC // 0.1% comments SQL 3 SLoC

Crabby

WebShells for Red Teams, just easily

What is Crabby?

Crabby is a tool developed to generate webshells written in - insert your desired webshell language -. It is designed to be used by red teams to aid in lateral movement, privilege escalation, and data exfiltration.

Features

  • Web shell generation in multiple languages, see Supported Web Shells for more information.
  • Customizable web shell templates.
  • Stealthy web shell generation by default.
  • Pluggable features templates.

Supported Web Shells

Refer to the list below for the supported web shells and their current status, more information are available in the associated template folder.

  • PHP (5.5+, 7.x, 8.x) - Most of the php 5.5+ code is compatible down to 5.3 but some features have not been tested.

Installation

Precompiled Binaries

Get the latest version of Crabby by downloading a precompiled binary from the releases page. Precompiled binaries are available for Linux and Windows.

Building from Source

To build Crabby from source, you will need to have Rust installed on your system. You can install Rust by following the instructions on the official website.

git clone https://github.com/ebalo55/crabby.git
cd crabby
cargo build --release --bins

The compiled binary will be available in the target/release directory.

Install via Cargo

You can also install Crabby using Cargo, the Rust package manager.

cargo install crabby-webshell-generator

Dependencies

~13–30MB
~404K SLoC