All Projects → shmilylty → Cheetah

shmilylty / Cheetah

Licence: gpl-3.0
a very fast brute force webshell password tool

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Cheetah

Upash
🔒Unified API for password hashing algorithms
Stars: ✭ 484 (-4.91%)
Mutual labels:  password, brute-force
DevBrute-A Password Brute Forcer
DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.
Stars: ✭ 91 (-82.12%)
Mutual labels:  password, brute-force
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+471.91%)
Mutual labels:  password, brute-force
Ttpassgen
密码生成 flexible and scriptable password dictionary generator which can support brute-force、combination、complex rule mode etc...
Stars: ✭ 68 (-86.64%)
Mutual labels:  password, brute-force
uberscan
Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-93.91%)
Mutual labels:  password, brute-force
Cheetah Gui
Cheetah GUI
Stars: ✭ 96 (-81.14%)
Mutual labels:  password, webshell
weakpass generator
generates weak passwords based on current date
Stars: ✭ 36 (-92.93%)
Mutual labels:  password, brute-force
Hatch
Hatch is a brute force tool that is used to brute force most websites
Stars: ✭ 242 (-52.46%)
Mutual labels:  password, brute-force
ios-application
A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
Stars: ✭ 581 (+14.15%)
Mutual labels:  fast, password
password-list
Password lists with top passwords to optimize bruteforce attacks
Stars: ✭ 174 (-65.82%)
Mutual labels:  password, brute-force
Bruteforce Database
Bruteforce database
Stars: ✭ 806 (+58.35%)
Mutual labels:  password, brute-force
Xbruteforcer
X Brute Forcer Tool 🔓 WordPress , Joomla , DruPal , OpenCart , Magento
Stars: ✭ 261 (-48.72%)
Mutual labels:  password, brute-force
Keychaincracker
macOS keychain cracking tool
Stars: ✭ 693 (+36.15%)
Mutual labels:  password, brute-force
Filevaultcracker
macOS FileVault cracking tool
Stars: ✭ 199 (-60.9%)
Mutual labels:  password, brute-force
Filebuster
An extremely fast and flexible web fuzzer
Stars: ✭ 176 (-65.42%)
Mutual labels:  brute-force, fast
moac
Generate passwords and analyze their strength given physical limits to computation
Stars: ✭ 16 (-96.86%)
Mutual labels:  password, brute-force
oneshellcrack
a very very fast brute force webshell password tool
Stars: ✭ 42 (-91.75%)
Mutual labels:  password, webshell
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+719.84%)
Mutual labels:  password, brute-force
Orientdb
OrientDB is the most versatile DBMS supporting Graph, Document, Reactive, Full-Text and Geospatial models in one Multi-Model product. OrientDB can run distributed (Multi-Master), supports SQL, ACID Transactions, Full-Text indexing and Reactive Queries. OrientDB Community Edition is Open Source using a liberal Apache 2 license.
Stars: ✭ 4,394 (+763.26%)
Mutual labels:  fast
Passwordpusher
🔐 PasswordPusher is an application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed.
Stars: ✭ 484 (-4.91%)
Mutual labels:  password

cheetah logo

English description | 中文说明

GPL Licence Build Status Code Climate Gitter Say Thanks! Twitter

0x00 cheetah

Cheetah is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey.

Cheetah's working principle is that it can submit a large number of detection passwords based on different web services at once, blasting efficiency is thousands of times other common brute force password webshell tools.

This version may later be infrequently updated, please use the Cheetah GUI version!

0x01 features

  • Fast speed.

  • Support python 2.x and python 3.x

  • Support to read large password dictionary file.

  • Support to remove duplicate passwords of large password dictionary file.

  • Support for automatic detection of web services.

  • Support brute force batch webshell urls password.

  • Support for automatic forgery request header.

  • Currently support php, jsp, asp, aspx webshell.

Docker Build

$ docker build -t xshuden/cheetah .

Docker Usage

$ docker run --rm -it xshuden/cheetah
$ docker run --rm -it xshuden/cheetah -h
$ docker run --rm -it xshuden/cheetah -u http://google.com

0x02 parameter description

python cheetah.py -h

_________________________________________________
       ______              _____         ______
__________  /_ _____ _____ __  /_______ ____  /_
_  ___/__  __ \_  _ \_  _ \_  __/_  __ \ __  __ \
/ /__  _  / / //  __//  __// /_  / /_/ / _  / / /
\___/  / / /_/ \___/ \___/ \__/  \____/  / / /_/
      /_/                               /_/

a very fast brute force webshell password tool.

usage: cheetah.py [-h] [-i] [-v] [-c] [-up] [-r] [-w] [-s] [-n] [-u] [-b]
                   [-p [file [file ...]]]

optional arguments:
  -h, --help            show this help message and exit
  -i, --info            show information of cheetah and exit
  -v, --verbose         enable verbose output(default disabled)
  -c, --clear           clear duplicate password(default disabled)
  -up, --update         update cheetah
  -r , --request        specify request method(default POST)
  -t , --time           specify request interval seconds(default 0)
  -w , --webshell       specify webshell type(default auto-detect)
  -s , --server         specify web server name(default auto-detect)
  -n , --number         specify the number of request parameters
  -u , --url            specify the webshell url
  -b , --url-file       specify batch webshell urls file
  -p file [file ...]    specify possword file(default data/pwd.list)

use examples:
  python cheetah.py -u http://orz/orz.php
  python cheetah.py -u http://orz/orz.jsp -r post -n 1000 -v
  python cheetah.py -u http://orz/orz.asp -r get -c -p pwd.list
  python cheetah.py -u http://orz/orz -w aspx -s iis -n 1000
  python cheetah.py -b url.list -c -p pwd1.list pwd2.list -v

0x03 screenshot

Ubuntu

screenshot 4

Windows

screenshot 1 screenshot 2 screenshot 3

0x03 download and use and update cheetah

git clone https://github.com/sunnyelf/cheetah.git
python cheetah.py 
git pull orgin master

0x04 files description

cheetah:
│  .codeclimate.yml
│  .gitignore
│  .travis.yml
│  cheetah.py              mian program
│  LICENSE
│  README.md
│  README_zh.md
│  update.py               update module
│
├─data 
│      big_shell_pwd.7z   big shell password file
│      pwd.list           default shell password file
│      url.list           default batch webshell urls file
│      user-agent.list    user agent file
│
└─images
        1.png
        2.png
        3.png
        4.png
        logo.jpg
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].