Kali Linux

AF-ShellHunter : Auto Shell Lookup

AF-ShellHunter its a script designed to automate the search of WebShell’s in AF Team

How To

pip3 install -r requirements.txt
python3 shellhunter.py –help

Basic Usage

You can run shellhunter in two modes

  • –url -u When scanning a single url
  • –file -f Scanning multiple URLs at once

Example searching webshell with burpsuite proxy, hiding string “404” with a size between 100 and 1000 chars

┌──(blueudp㉿xxxxxxxx)-[~/AF-ShellHunter]
└─$ python3 shellhunter.py -u https://xxxxxxxxxx -hs “404” -p burp –greater-than 100 –smaller-than 1000
Running AF-Team ShellHunt 1.1.0
URL: https://xxxxxxxxxx
Showing only: 200, 302
Threads: 20
Not showing coincidence with: 404
Proxy: burp
Greater than: 100
Smaller than: 1000
Found https://xxxxxxxxxx/system.php len: 881

File Configuration For Multiple Sites

phishing_list

#How to?
#set country block with [country], please read user_files/config.txt
#’show-response-code “option1” “option2″‘ -> show responses with those status codes, as -sc
#’show-string’ -> show match with that string, as -ss
#’show-regex’ -> show match with regex, as -sr
#use ‘not’ for not showing X in above options, as -h[option]
#’greater-than’ -> Show response greater than X, as -gt ( –greater-than )
#’smaller-than’ -> Show responses smaller than X, as -st ( –smaller-than )
#Example searching webshell with BurpSuite proxy. 302, 200 status code, not showing results w/ ‘página en mantenimiento’ with size between 100 and 1000 chars
[burp]
https://banco.phishing->show-response-code “302” “200”, not show-string “página en mantenimiento”, greater-than 100, smaller-than 1000
[noproxy]
banco.es-> # ShellHunt will add ‘http://

Setting Your Proxies And Custom Headers

config.txt

[HEADERS] # REQUESTS CUSTOM HEADERS, ADD ‘OPTION: VALUE’
User-Agent? Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36
Referer? bit.ly/THIS_is_PHISHING # Bypass referer protection
[PROXIES]
burp? https://127.0.0.1:8080,http://127.0.0.1:8080

Other Features

  • Filter by regex
  • Filter by string
  • Filter by HTTP Status code
  • Filter by length
  • Custom Headers
  • Custom proxy or proxy block for URL file
  • Multithreading ( custom workers number )
Download
R K

Leave a Comment
Share
Published by
R K
Tags: AF-ShellHunterAuto Shell Lookup
4 years ago

Recent Posts

How OpenClaw Works

Imagine if you had a super-powered assistant who could automatically handle all the boring, repetitive…

1 day ago

How to Use the Linux find Command to Locate Files Like a Pro

Managing files efficiently is a core skill for anyone working in Linux, whether you're a…

3 days ago

How to Check Open Ports in Linux Using netstat, ss, and lsof

Open ports act as communication endpoints between your Linux system and the outside world. Every…

3 days ago

Best Endpoint Monitoring Tools for 2026

Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…

6 days ago

Best 9 Incident Response Automation Tools

Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…

6 days ago

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

3 months ago