I was wondering why weevely3 refused to work with one of my client's servers. Turns out it was using a self-signed certificate that's no longer kosher (https://www.python.org/dev/peps/pep-0476/) starting with Python 2.7.9. Obviously, that goes for each and every python tool.

I have yet to find a long-term solution, except recompiling Python from source, but a quick fix for weevely3 is to explicitly disable this behavior.

Add this to /usr/share/weevely/core/config.py:


import ssl
ssl._create_default_https_context = ssl._create_unverified_context

This needs to be posted on the bug tracker. https://bugs.kali.org/