New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added feroxbuster and weevely tools. #75

Merged

v1k1ngfr merged 5 commits into Orange-Cyberdefense:master from Fastiraz:master

Mar 1, 2024

Contributor

Fastiraz commented Feb 2, 2024

I've only added the feroxbuster and weevely tools to the cheats.

Feroxbuster is a fast, modern, simple, recursive content discovery tool written in Rust.

Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

< Happy hacking! />

Fastiraz added 2 commits

February 2, 2024 06:44


          Update fuzzer.md to add feroxbuster.

f7843a1


          Add files via upload

2b90464

Collaborator

Guilhem7 commented Feb 26, 2024

Hi @Fastiraz,
Thanks for your help !

We would like to suggest some changes before merging your commits.
For the commit about feroxbuster:

Please do not use local path in the cheat: ./feroxbuster --> feroxbuster
Reduce the number of cheats for the tool, those you think are useful. (For instance the option: --threads 200 can be remove in my opinion)

Use args from user:

feroxbuster -u http://127.1 --burp

To

feroxbuster -u <url> --burp

Also for the commit about weevely:

Remove the help weevely generate <password>, as this command does nothing

Use default arguments if needed:

weevely generate <password> web-shell.php

To

weevely generate <password> <output_file|web_shell.php>

Thanks again

Fastiraz added 2 commits

February 26, 2024 16:16


          Update web_shell.md

93158ce

The following command was an old one, it's no longer supported.

```bash
weevely generate <password>
```

---

Replace `weevely generate <password> web-shell.php` by `weevely generate <password> <output_file|web_shell.php>`.


          Patches for feroxbuster.

045479a

- Please do not use local path in the cheat.
- Reduce the number of cheats for the tool.
- Use args from user.

Contributor Author

Fastiraz commented Feb 26, 2024

I just made the last commits following your instructions.
Thanks for your feedback.

Guilhem7 suggested changes

View reviewed changes

Collaborator

Guilhem7 left a comment

Hi, thanks for the modifications, I added some little details to change if possible :)

arsenal/data/cheats/Web/fuzzer.md Outdated

+              ## default scan
+              ```
+              feroxbuster --url <URL>

Collaborator

Guilhem7 Feb 27, 2024

Suggested change

      
            feroxbuster --url <URL>
          
            feroxbuster --url <url>

We might prefer lowercase for variable name :)

arsenal/data/cheats/Web/fuzzer.md Outdated

+              ## default scan with wordlist
+              ```
+              feroxbuster --url <URL> -w <wordlist>

Collaborator

Guilhem7 Feb 27, 2024

Suggested change

      
            feroxbuster --url <URL> -w <wordlist>
          
            feroxbuster --url <url> -w <wordlist>

arsenal/data/cheats/Web/fuzzer.md Outdated

+              ## Multiple headers:
+              ```
+              feroxbuster -u <URL> -H Accept:application/json "Authorization: Bearer {token}"

Collaborator

Guilhem7 Feb 27, 2024

Suggested change

      
            feroxbuster -u <URL> -H Accept:application/json "Authorization: Bearer {token}"
          
            feroxbuster -u <url> -H "<header>" "<header>"

arsenal/data/cheats/Web/fuzzer.md Outdated

		```

		## Multiple headers:

Collaborator

Guilhem7 Feb 27, 2024

Suggested change

      
            ## Multiple headers:
          
            ## Multiple headers

arsenal/data/cheats/Web/fuzzer.md Outdated

+              ## Abort or reduce scan speed to individual directory scans when too many errors have occurred
+              ```
+              feroxbuster -u <URL> --auto-bail

Collaborator

Guilhem7 Feb 27, 2024

Suggested change

      
            feroxbuster -u <URL> --auto-bail
          
            feroxbuster -u <url> --auto-bail

arsenal/data/cheats/Web/fuzzer.md Outdated

+              ## IPv6, non-recursive scan with INFO-level logging enabled:
+              ```
+              feroxbuster -u http://[::1] --no-recursion -vv

Collaborator

Guilhem7 Feb 27, 2024

Suggested change

      
            feroxbuster -u http://[::1] --no-recursion -vv
          
            feroxbuster -u <proto|https>://[<ipv6>] --no-recursion -vv

Let the user choose the protocol (default https I think), and ipv6

arsenal/data/cheats/Web/fuzzer.md Outdated

		```

		## IPv6, non-recursive scan with INFO-level logging enabled:

Collaborator

Guilhem7 Feb 27, 2024

Suggested change

      
            ## IPv6, non-recursive scan with INFO-level logging enabled:
          
            ## IPv6, non-recursive scan with INFO-level logging enabled


          Format patches for feroxbuster.

8837f41

- Remove of `:`
- Replace `http://[::1]` by `<proto|https>://[<ipv6>]`
- Lowercase for variables `<url>`
- Replace `Accept:application/json "Authorization: Bearer {token}"` by variables `"<header>" "<header>"`

Contributor Author

Fastiraz commented Feb 29, 2024

Feroxbuster done, is there anything to edit in weevely file ?

Guilhem7 approved these changes

View reviewed changes

Collaborator

Guilhem7 commented Mar 1, 2024

Hey,
everything seems good to me, thanks for the modifs and for the PR !

v1k1ngfr merged commit a20fab1 into Orange-Cyberdefense:master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet