EvilTree is a standalone python3 remake of the classic “tree” command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches. Created for two main reasons:
- While searching for secrets in files of nested directory structures, being able to visualize which files contain user provided keywords/regex patterns and where those files are located in the hierarchy of folders, provides a significant advantage.
- “tree” is an amazing tool for analyzing directory structures. It’s really handy to have a standalone alternative of the command for post-exploitation enumeration as it is not pre-installed on every linux distro and is kind of limited on Windows (compared to the UNIX version).
Usage Examples
Example #1: Running a regex that essentially matches strings similar to: password = something against /var/www
Example #2: Using comma separated keywords instead of regex:
Disclaimer: Only tested on Windows 10 Pro.
Further Options & Usage Tips
Notable features:
- Regex
-xsearch actually returns a unique list of all matched patterns in a file. Be careful when combining it with-v(–verbose), try to be specific and limit the length of chars to match. - You can search keywords/regex in binary files as well by providing option
-b. - You can use this tool as the classic “tree” command if you do not provide keywords
-kand regex-xvalues. This is useful in case you have gained a limited shell on a machine and want to have “tree” with colored output to look around. - There’s a list variable
filetype_blacklistineviltree.pywhich can be used to exclude certain file extensions from content search. By default, it excludes the following:gz, zip, tar, rar, 7z, bz2, xz, deb, img, iso, vmdk, dll, ovf, ova. - A quite useful feature is the
-i(–interesting-only) option. It instructs eviltree to list only files with matching keywords/regex content, significantly reducing the output length:
Useful keywords/regex patterns
- Regex to look for passwords:
-x ".{0,3}passw.{0,3}[=]{1}.{0,18}" - Keywords to look for sensitive info:
-k passw,db_,admin,account,user,token
![Pinterest](https://pinterest.com/pin/create/button/?url=https://kalilinuxtutorials.com/eviltree/&media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiy42ZVe4NnjK9AjPUxS90BsTowRwJ6poLauCx9Q_mDR_PcttYedZQG5cGXHRaGdQQZ07J6d0AC6LyL7GKtFn9kKO00L50YMVF7La77VxP8tZupGxuWEk8h2w6liMz1h_4_8Gw_xLlWesuJmzzvhykWCxIKaBvHgTp14O59RbPQGT0KvwQL3m0dSjaC/s728/EvilTree1.png&description=EvilTree is a standalone python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords){kind=link}