Kali Linux

AF-ShellHunter : Auto Shell Lookup

AF-ShellHunter its a script designed to automate the search of WebShell’s in AF Team

How To

pip3 install -r requirements.txt
python3 shellhunter.py –help

Basic Usage

You can run shellhunter in two modes

  • –url -u When scanning a single url
  • –file -f Scanning multiple URLs at once

Example searching webshell with burpsuite proxy, hiding string “404” with a size between 100 and 1000 chars

┌──(blueudp㉿xxxxxxxx)-[~/AF-ShellHunter]
└─$ python3 shellhunter.py -u https://xxxxxxxxxx -hs “404” -p burp –greater-than 100 –smaller-than 1000
Running AF-Team ShellHunt 1.1.0
URL: https://xxxxxxxxxx
Showing only: 200, 302
Threads: 20
Not showing coincidence with: 404
Proxy: burp
Greater than: 100
Smaller than: 1000
Found https://xxxxxxxxxx/system.php len: 881

File Configuration For Multiple Sites

phishing_list

#How to?
#set country block with [country], please read user_files/config.txt
#’show-response-code “option1” “option2″‘ -> show responses with those status codes, as -sc
#’show-string’ -> show match with that string, as -ss
#’show-regex’ -> show match with regex, as -sr
#use ‘not’ for not showing X in above options, as -h[option]
#’greater-than’ -> Show response greater than X, as -gt ( –greater-than )
#’smaller-than’ -> Show responses smaller than X, as -st ( –smaller-than )
#Example searching webshell with BurpSuite proxy. 302, 200 status code, not showing results w/ ‘página en mantenimiento’ with size between 100 and 1000 chars
[burp]
https://banco.phishing->show-response-code “302” “200”, not show-string “página en mantenimiento”, greater-than 100, smaller-than 1000
[noproxy]
banco.es-> # ShellHunt will add ‘http://

Setting Your Proxies And Custom Headers

config.txt

[HEADERS] # REQUESTS CUSTOM HEADERS, ADD ‘OPTION: VALUE’
User-Agent? Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36
Referer? bit.ly/THIS_is_PHISHING # Bypass referer protection
[PROXIES]
burp? https://127.0.0.1:8080,http://127.0.0.1:8080

Other Features

  • Filter by regex
  • Filter by string
  • Filter by HTTP Status code
  • Filter by length
  • Custom Headers
  • Custom proxy or proxy block for URL file
  • Multithreading ( custom workers number )
Download
R K

Leave a Comment
Share
Published by
R K
Tags: AF-ShellHunterAuto Shell Lookup
4 years ago

Recent Posts

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

4 days ago

Best Linux Distros in 2026

Linux is renowned for its versatility, open-source nature, and security. Whether you're a beginner, developer,…

4 days ago

Top 10 Cyber Insurance Companies in 2026

Cyber insurance helps businesses and individuals mitigate financial losses from data breaches, ransomware, extortion, legal…

4 days ago

Ransomware Incident Response

Ransomware is one of the most dangerous and destructive forms of cybercrime today. With cybercriminals…

4 days ago

Best Social Media Search Engines and Tools for 2026

Social media is a key part of our daily lives, with millions of users sharing…

4 days ago

How to Remove Your Personal Information from Data Broker Websites (2026 Guide)

What Are Data Brokers? Data brokers are companies that collect, aggregate, and sell personal information,…

4 days ago