mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-10 22:33:48 +02:00
1.9 KiB
1.9 KiB
WebShell Management
WebShell management stores authorized WebShell connections and allows command/file operations through the UI and Agent tools.
Workflow
- Add a connection.
- Fill URL, parameter/password, and metadata.
- Test connectivity.
- Run read-only identification commands first.
- Let AI assist only after selecting the correct connection.
Connections are stored in SQLite.
Operation Tiers
| Tier | Operation | Risk | Guidance |
|---|---|---|---|
| Identify | whoami, pwd, OS version |
low | may automate |
| Enumerate | dirs, processes, env vars | medium | constrain path/command |
| Read | config, logs, source | medium-high | human confirms sensitivity |
| Write/execute | write, run script, delete | high | human approval and rollback |
Having a WebShell does not make follow-up operations low risk.
Naming
Use:
<project>-<environment>-<target>-<privilege>-<date>
Example:
acme-staging-web01-www-20260707
Avoid vague names like test, shell1, or customer machine.
AI Guardrail Prompt
Before using WebShell, confirm connection_id, target name, current directory, and privilege. Default to read-only commands. Any write, delete, upload, permission change, persistence, credential access, or internal probing requires purpose, impact, rollback plan, and approval.
MCP Tools
Typical tools:
webshell_execwebshell_file_listwebshell_file_readwebshell_file_write- connection management tools
Do not put write/execute tools in a global allowlist.
Source Anchors
- Handler:
internal/handler/webshell.go - Context:
internal/handler/webshell_context.go - Probe:
internal/handler/webshell_probe.go - Encoding/OS tests:
internal/handler/webshell_encoding_test.go,internal/handler/webshell_os_test.go - Tool registration:
internal/app/app.go