___ ________ ___ _ _____
/ _ | / _/_ / / _ | | /| / / _ |
/ __ |_/ / / /_/ __ | |/ |/ / __ |
/_/ |_/___/ /___/_/ |_|__/|__/_/ |_|Aizawa is a command-line tools designed to execute commands through HTTP header, enabling it to circumvent Web Application Firewalls (WAF) and Intrusion Detection Systems (IDS). Additionally, it is capable of bypassing disable_function restrictions, making it a tool of interest for security researchers and penetration testers. The name "Aizawa" is derived from Aizawa Ema, a virtual YouTuber associated with the Virtual Esport Project (VSPO), a group known for its focus on esports and virtual content creation.
Warning
The tools is optimally compatible with PHP versions below 8.2. Users may experience connectivity issues when attempting to use this tool with PHP environments running version 8.2 or higher. This is a known issue that is currently being addressed in future updates.
Important
The shell itself is moved to aizawa-webshell repository. This repository is now dedicated to the client.
- Improved XOR encryption with random IV (initialization vector) per message
- Enhanced protection against pattern analysis and replay attacks
- Maintains backward compatibility with PHP 5.3 - 8.1
- Migrated from Poetry to uv for faster, more reliable dependency management
- Restructured to professional src-layout (
src/aizawa/) for better package distribution - Updated build system to use hatchling backend
- Upgraded to Python 3.13+ with modern language features
- Implemented
from __future__ import annotationsthroughout codebase - Adopted PEP 585 type hints (
type[...]instead ofType[...]) - Utilized
Selftype hint (PEP 673) for better type inference - Converted terminal colors to
StrEnum(PEP 663) for type safety - Added
TYPE_CHECKINGblocks for optimized runtime imports
- Achieved 100% type coverage with mypy strict mode (0 errors)
- Configured ruff with comprehensive ruleset (all checks enabled)
- Added complete Google-style docstrings for all public APIs
- Reorganized code into logical modules (core, http, utils)
- Enhanced error messages with better formatting and clarity
- Renamed classes for better clarity:
Executor→CommandExecutorValidator→InputValidatorHttpClient→AsyncHttpClientdisplay_banner()→render_banner()Colors→TerminalColors
- Updated httpx client to use modern
proxyparameter (wasproxies) - Improved type hints on all public methods and functions
- Changed from CC-BY-SA-4.0 to GNU GPL-3.0-or-later
- Provides better protection for open-source contributions
- Ensures derivative works remain free and open
- Python 3.13+
- uv
- httpx
- validators
# Install using pip
pip install aizawa# Clone the repository
git clone https://github.com/elliottophellia/aizawa
# Change directory
cd aizawa
# Install dependencies using uv
uv sync
# Build the package
uv build
# Install the package
pip install dist/aizawa-3.0.0-py3-none-any.whl# Basic usage
aizawa --help
# With arguments
aizawa -u <URL> -k <KEY>
# With proxy
aizawa -u <URL> -k <KEY> -p <PROXY_URL>-u, --url: tools URL-k, --key: tools encryption key-p, --proxy: Proxy URL (e.g., http://127.0.0.1:8080)-v, --version: Show version information
- XOR encrypted command transmission
- Proxy support
- Async HTTP requests
- Multiple execution methods
- Enhanced error handling
- WAF/IDS evasion
- disable_function bypass
- Secure communication protocol
This project is licensed under the GNU General Public License v3.0 or later (GPL-3.0-or-later). For more information, please refer to the LICENSE file included in this repository.
This project is intended solely for educational and research purposes. The author does not endorse, condone, or encourage any unauthorized or illegal use of this tool. Users are solely responsible for ensuring that their actions comply with all applicable laws and regulations. The author shall not be held liable for any misuse, damage, or consequences arising from the use of this software.