FileGPS : A Tool That Help You To Guess How Your Shell Was Renamed

FileGPS is a tool that uses various techniques to find the new filename, after the server-side script renamed and saved it.

When you upload a shell on a web-server using a file upload functionality, usually the file get renamed in various ways in order to prevent direct access to the file, RCE and file overwrite.

Some of the techniques used by fileGPS are:

  • Various hash of the filename
  • Various timestamps tricks
  • Filename + PHP time() up to 5 minutes before the start of the script
  • So many more

Features

  • Easy to use
  • Multithreaded
  • HTTP(s) Proxy support
  • User agent randomization
  • Over 100.000 filenames combinations

Also Read – EMAGNET : Leaked Databases With 97.1% Accurate To Grab Mail + Password

Installation

On ParrotOS:

sudo apt install filegps

On BlackArch Linux:

pacman -S filegps

On other distros:

git clone https://github.com/0blio/filegps

How to write a module

Writing a module is fairly simple and allows you to implement your custom ways of generating filename combinations.

Below is a template for your modules:

#!/usr/bin/env python
#-*- coding: utf-8 -*-
“””
Module name: test
Coded by: Your name / nickname
Version: X.X
Description:
This module destroy the world.
“””
output = []
#Do some computations here
output = [“filename1.php”, “filename2.asp”, “filename3.jar”]

The variables url and filename are automatically imported from the core script, so you can call them in your module.

Once you finished to write your module, you have to save it in Modules/, and it will be automatically imported once the main script is started.

You can use the module shame as a template for your modules.

Credit; michele.cisternino@protonmail.com

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

1 month ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

1 month ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

1 month ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

1 month ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

1 month ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

1 month ago