AF-ShellHunter - Auto Shell Lookup
AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team
pip3 install -r requirements.txtpython3 shellhunter.py --help
Basic Usage
You can run shellhunter in two modes
- --url -u When scanning a single url
- --file -f Scanning multiple URLs at once
Example searching webshell with burpsuite proxy, hiding string "404" with a size between 100 and 1000 chars
┌──(blueudp㉿xxxxxxxx)-[~/AF-ShellHunter]└─$ python3 shellhunter.py -u https://xxxxxxxxxx -hs "404" -p burp --greater-than 100 --smaller-than 1000 Running AF-Team ShellHunt 1.1.0 URL: https://xxxxxxxxxx Showing only: 200, 302 Threads: 20 Not showing coincidence with: 404 Proxy: burp Greater than: 100 Smaller than: 1000Found https://xxxxxxxxxx/system.php len: 881
File configuration for multiple sites
en mantenimiento' with size between 100 and 1000 chars [burp] https://banco.phishing->show-response-code "302" "200", not show-string "página en mantenimiento", greater-than 100, smaller-than 1000 [noproxy] banco.es-> # ShellHunt will add 'http:// ">
# How to?# set country block with [country], please read user_files/config.txt# 'show-response-code "option1" "option2"' -> show responses with those status codes, as -sc# 'show-string' -> show match with that string, as -ss# 'show-regex' -> show match with regex, as -sr# use 'not' for not showing X in above options, as -h[option]# 'greater-than' -> Show response greater than X, as -gt ( --greater-than )# 'smaller-than' -> Show responses smaller than X, as -st ( --smaller-than )# Example searching webshell with BurpSuite proxy. 302, 200 status code, not showing results w/ 'página en mantenimiento' with size between 100 and 1000 chars[burp]https://banco.phishing->show-response-code "302" "200", not show-string "página en mantenimiento", greater-than 100, smaller-than 1000[noproxy]banco.es-> # ShellHunt will add 'http://
Setting your proxies and custom headers
Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36 Referer? bit.ly/THIS_is_PHISHING # Bypass referer protection [PROXIES] burp? https://127.0.0.1:8080,http://127.0.0.1:8080 ">
[HEADERS] # REQUESTS CUSTOM HEADERS, ADD 'OPTION: VALUE'User-Agent? Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36Referer? bit.ly/THIS_is_PHISHING # Bypass referer protection[PROXIES]burp? https://127.0.0.1:8080,http://127.0.0.1:8080
Other features
- Filter by regex
- Filter by string
- Filter by HTTP Status code
- Filter by length
- Custom Headers
- Custom proxy or proxy block for URL file
- Multithreading ( custom workers number )
.-"; ! ;"-. ----. .'! : | : !`. " _} /\ ! : ! : ! /\ "@ > /\ | ! :|: ! | /\ |\ 7 ( \ \ ; :!: ; / / ) / `-- ( `. \ | !:|:! | / .' ) ,-------,**** (`. \ \ \!:|:!/ / / .') ~ >o< \---------o{___}- => \ `.`.\ |!|! |/,'.' / / | \ / ________/8' `._`.\\\!!!// .'_.' | | / " `.`.\\|//.'.' | / | |`._`n'_.'| "----^----"
Source: feedproxy.google.com
AF-ShellHunter - Auto Shell Lookup
Reviewed by Anonymous
on
10:09 AM
Rating: