shmilylty / cheetah Goto Github PK

View Code? Open in Web Editor NEW

617.0 23.0 154.0 86.1 MB

a very fast brute force webshell password tool

Home Page: https://www.hackfun.org

License: GNU General Public License v3.0

Python 97.62% Dockerfile 2.38%

cheetah brute-force webshell password cracker fast

cheetah's Introduction

English description | 中文说明

0x00 cheetah

Cheetah is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey.

Cheetah's working principle is that it can submit a large number of detection passwords based on different web services at once, blasting efficiency is thousands of times other common brute force password webshell tools.

This version may later be infrequently updated, please use the Cheetah GUI version!

0x01 features

Fast speed.
Supports python 2.x and python 3.x
Support to read large password dictionary file.
Support to remove duplicate passwords of large password dictionary file.
Support for automatic detection of web services.
Supports brute force batch webshell urls password.
Support for automatic forgery request header.
Currently supports php, jsp, asp, aspx webshell.

Docker Build

$ docker build -t xshuden/cheetah .

Docker Usage

$ docker run --rm -it xshuden/cheetah
$ docker run --rm -it xshuden/cheetah -h
$ docker run --rm -it xshuden/cheetah -u http://google.com

0x02 parameter description

python cheetah.py -h

_________________________________________________
       ______              _____         ______
__________  /_ _____ _____ __  /_______ ____  /_
_  ___/__  __ \_  _ \_  _ \_  __/_  __ \ __  __ \
/ /__  _  / / //  __//  __// /_  / /_/ / _  / / /
\___/  / / /_/ \___/ \___/ \__/  \____/  / / /_/
      /_/                               /_/

a very fast brute force webshell password tool.

usage: cheetah.py [-h] [-i] [-v] [-c] [-up] [-r] [-w] [-s] [-n] [-u] [-b]
                   [-p [file [file ...]]]

optional arguments:
  -h, --help            show this help message and exit
  -i, --info            show information of cheetah and exit
  -v, --verbose         enable verbose output(default disabled)
  -c, --clear           clear duplicate password(default disabled)
  -up, --update         update cheetah
  -r , --request        specify request method(default POST)
  -t , --time           specify request interval seconds(default 0)
  -w , --webshell       specify webshell type(default auto-detect)
  -s , --server         specify web server name(default auto-detect)
  -n , --number         specify the number of request parameters
  -u , --url            specify the webshell url
  -b , --url-file       specify batch webshell urls file
  -p file [file ...]    specify possword file(default data/pwd.list)

use examples:
  python cheetah.py -u http://orz/orz.php
  python cheetah.py -u http://orz/orz.jsp -r post -n 1000 -v
  python cheetah.py -u http://orz/orz.asp -r get -c -p pwd.list
  python cheetah.py -u http://orz/orz -w aspx -s iis -n 1000
  python cheetah.py -b url.list -c -p pwd1.list pwd2.list -v

0x03 screenshot

Ubuntu

Windows

0x03 download, use and update cheetah

git clone https://github.com/sunnyelf/cheetah.git
python cheetah.py 
git pull orgin master

0x04 files description

cheetah:
│  .codeclimate.yml
│  .gitignore
│  .travis.yml
│  cheetah.py              main program
│  LICENSE
│  README.md
│  README_zh.md
│  update.py               update module
│
├─data 
│      big_shell_pwd.7z   big shell password file
│      pwd.list           default shell password file
│      url.list           default batch webshell urls file
│      user-agent.list    user agent file
│
└─images
        1.png
        2.png
        3.png
        4.png
        logo.jpg

cheetah's People

Contributors

Stargazers

Watchers

Forkers

k2vin aigangjingye w4ter cr2zyivan ght308 5up3rc jamalmo lvmaple qci133 olivierh59500 songofhack blowfishj iluvsnail ccavxx jazhleo yeshuibo liyangdotwebsite liufengxiang lengyun123456 mayboyxxx lucifer-0 mingzizhendebuhaoqu newaynewlife ck6y xiju2003 mucang v1cker cyri1s stunum gitsucce-zz marchccc jijicanyu deelmind yeziyeyou ahen0910 sunlinjin valley51 weeshlow l1nu-x grandiflora ck6y6 cnwpdb n0ooooone cjjduck louis-xer yansre zenzue chance-vi drego85 mehrdad-shokri arryboom zixing131 majl yogistudio exploitcollection revcozmo 330mlcc guoyu07 whb224117 rmros hweikero oscommonjs czx9889 lidd1224856175 subzeroking naozibuhao pwd120 fengzihk krashman conanjun zuoshouxu moecao jayyogesh jcapricorn smalltalkking namettkk cookiesfly explorezone samson886 ns-sp4ce lubocsu lee362 a2kaid sry309 securityanalysts wsygoogol bravery9 aglcaicai dannymas cnonce findlakes jasonfoxtrot furkansayim allzh raystyle seabreg dagaoya mayoterry pl3bb0t jermainlaforce

cheetah's Issues

测试了php、asp的shell，但都无法发现密码

已经测试了php和asp的shell，而且密码已经手工测试过，即使只将已知密码写入新的字典（只有这1条密码），也无法发现。更换get、post方式都无效。

加个代理功能

建议加个自动化代理功能，防止请求过多被waf封ip.

可以运行，但是一运行就报错。

Traceback (most recent call last):
File "cheetah.py", line 547, in
main()
File "cheetah.py", line 528, in main
attack_res = dict_attack(options)
File "cheetah.py", line 340, in dict_attack
if detect_web(options) == 'error':
File "cheetah.py", line 286, in detect_web
random_str = str(random.sample(string.printable, 5)).encode('hex')
LookupError: 'hex' is not a text encoding; use codecs.encode() to handle arbitrary codecs

php 一句话问题

<?php assert($_POST[admin]);

assert 类型无法成功爆破

寻求一款自动扫描webshell软件

寻求一款可以自动实现扫描获取webshell,不求指定目标

Invalid Syntax

Tested it on python2

大马爆破

是不是加一个post传输参数的大门爆破呢！比如某大马m=admin,admin是密码会变话，admin就可以设置成字典，但是m,m可以有用户，或者自动获取m

对于https的网站可以使用吗

对于https的网站可以使用cheetah进行爆破吗？

当是https无法使用

可以打开连接却提示超时

[1;31m[14:41:45] [ERROR] HTTPConnectionPool(host='www.xx.ca', port=80): Read t
imed out. (read timeout=10)[0m
[1;32m[14:41:45] [INFO] the cheetah end execution[0m

正在 Ping xx.ca [168...80] 具有 32 字节的数据:
来自 168...80 的回复: 字节=32 时间=244ms TTL=110
来自 168...80 的回复: 字节=32 时间=243ms TTL=110
来自 168...80 的回复: 字节=32 时间=243ms TTL=110
来自 168...80 的回复: 字节=32 时间=244ms TTL=110

请求头中的值不能是int类型

[ERROR] Header value 1 must be of type str or bytes, not <class 'int'>

解决方案：
cheetah.py 138行中的 1 加个引号：
'Upgrade-Insecure-Requests': '1'

闪退

请问打开之后闪退咋办

报错求解决

C:\Users\Administrator\Desktop

python E:\Tool\cheetah-webshell\cheetah.py -u http://192.168.36.202/xm.php

   ______              _____         ______

__________ /_ _____ _____ __ /_______ ____ /_
_ / __ _ _ _ _ _ / __ \ __ __
/ / _ / / // // // / / /_/ / _ / / /
_/ / / /_/ _/ _/ _/ _/ / / //
// //

a very fast brute force webshell password tool.

[11:18:25] [INFO] the cheetah start execution
[11:18:25] [HINT] using POST request mode
[11:18:25] [HINT] setting request interval seconds 0
[11:18:25] [HINT] using dictionary-based password attack
[11:18:25] [INFO] cracking password of http://192.168.36.202/xm.php
[11:18:25] [WARN] not specify the web server or shell type
[11:18:25] [INFO] detecting server info of http://192.168.36.202/xm.php
Traceback (most recent call last):
File "E:\Tool\cheetah-webshell\cheetah.py", line 545, in
main()
File "E:\Tool\cheetah-webshell\cheetah.py", line 526, in main
attack_res = dict_attack(options)
File "E:\Tool\cheetah-webshell\cheetah.py", line 338, in dict_attack
if detect_web(options) == 'error':
File "E:\Tool\cheetah-webshell\cheetah.py", line 246, in detect_web
header = gen_random_header(options)
File "E:\Tool\cheetah-webshell\cheetah.py", line 127, in gen_random_header
with open('data/user-agent.list') as agent_file:
IOError: [Errno 2] No such file or directory: 'data/user-agent.list'