Skip to content

Fear2o/ShellKill

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

26 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

🐚 ShellKill πŸ’€πŸ”₯

Overview πŸ“–

ShellKill is a Python tool designed to upload a web shell to a target server and trigger it using various evasion techniques to bypass file upload restrictions. A web shell is a script that provides remote access and control over a web server. By uploading a web shell, an attacker can execute commands on the target server, manipulate files, and potentially escalate privileges.

The tool also supports automatic retries, file upload validation, and vulnerability scanning for common web vulnerabilities such as File Upload issues, LFI/RFI, XSS, and SQL Injection.

Warning: This tool can potentially cause significant damage if misused. Only use it in controlled environments where explicit permission has been granted. 🚨

GitHub stars Build Status License Contributors

πŸš€ Key Features:

  • Shell File Upload: Easily upload a web shell to a target server via a specified URL. ⚑
  • Retries and Error Handling: Automatic retries on failure with detailed error logging for easy debugging. πŸ”„
  • Evasion Techniques: Bypass file upload restrictions using creative methods like file renaming and base64 encoding. πŸ›‘οΈ
  • Vulnerability Scanning: Automatically scan the target URL for common vulnerabilities like File Upload issues, LFI/RFI, XSS, and SQL Injection. πŸ”
  • Customizable: Configure retry count, proxies, and timeout settings with ease. πŸ› οΈ

🚨 Prerequisites πŸ› οΈ

Before you begin, make sure you have:

  • Python 3.6+: WebShellUploader is built for Python 3.6 and above. πŸ”‘

πŸ“₯ Installation

  1. Clone into the repository
git clone https://github.com/Fear2o/ShellKill
  1. Move to its directory
cd ShellKill

πŸ“ Usage

Command-Line Arguments 🎯

  • target_url: Target URL of the server you want to test. (e.g., http://example.com)
  • shell_file_path: Path to the web shell you want to upload. πŸ—‚οΈ
  • upload_url: The upload endpoint where the file should be uploaded. πŸ“€
  • --proxies: Optional argument to specify proxies. (e.g., --proxies http://127.0.0.1:8080)
  • --max_retries: Set the maximum number of retries for the upload (default: 5). πŸ”„
  • --evasion_techniques: Enable or disable evasion techniques. Default is True. πŸ•ΆοΈ
  • --timeout: Set the timeout for requests in seconds (default: 10). ⏳

πŸ–₯️ Example Command

python ShellKill.py http://example.com /path/to/shell.php http://example.com/upload --max_retries 5 --evasion_techniques True --timeout 10

πŸ“Š Logging & Reports πŸ“œ

All actions performed by ShellKill are logged into a rotating log file named upload_log.txt. Here's an example of what the logs might look like:

2024-11-10 12:34:56,789 - INFO - Target URL http://example.com is reachable.

2024-11-10 12:35:00,123 - INFO - Shell file /path/to/shell.php is valid and readable.

2024-11-10 12:35:05,456 - INFO - Attempting upload with renamed shell: shell_1234.php.

2024-11-10 12:35:10,789 - ERROR - Request failed (Attempt 1): Timeout error.

2024-11-10 12:35:15,123 - INFO - Shell uploaded successfully: /path/to/shell.php. Example

πŸ“ˆ How to Contribute πŸ’‘

We welcome contributions to ShellKill! If you find bugs, have ideas for features, or want to help improve the project, please feel free to:

  1. Fork the repo 🍴
  2. Create a feature branch 🌱
  3. Submit a pull request πŸš€ We highly appreciate all contributions and feedback from the community!

⭐ Give It a Star!

If you found this tool useful, please give it a ⭐ and follow for future updates. πŸš€ Your support helps improve the tool and motivates the development of more awesome features!

Star this repository on GitHub ⭐

πŸ“Œ Disclaimer ⚠️

This tool is for educational purposes only. You must have explicit permission to test any web server. The author is not responsible for any illegal use or actions taken using this tool. Use responsibly and ethically! πŸ’»

πŸ“š License πŸ›‘οΈ

This project is licensed under the MIT License - see the LICENSE file for more details. πŸ“

πŸ”” Stay Updated πŸ“°

  • Follow me on GitHub for the latest updates!

  • Join the discussion and contribute to making ShellKill even better. πŸ‘₯

πŸ… Thank you for your support! πŸ™Œ

Keep hacking responsibly and stay awesome! 😎


Crafted by Fear.io