Open In App

Shellfinder – Simple Tool to Find Shells and Endpoints in Websites

Improve
Improve
Like Article
Like
Save
Share
Report

A shell is a malicious PHP file executed by accessing it via a web browser. It is a PHP script allowing the attacker to control the server – essentially a backdoor program, similar in functionality to a Trojan for personal computers. Shellfinder tool finds the route through which this malicious file can be uploaded to the target server and how the attacker can gain access. Shellfinder tool is developed in the Python language and it’s a fully automated cyber-security tool. It’s also available on the GitHub open-source platform for free.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Shellfinder Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/Lekssays/shellfinder.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd shellfinder

Step 3: You are in the directory of the shellfinder. Now you have to install the tool by using the following command.

sudo pip3 install requests

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 shellfinder.py -h

Working with Shellfinder Tool on Kali Linux OS

Example/Usage: Scanning multiple target domains for Interesting Endpoints

python3 shellfinder.py

In the below screenshot, we have given the urls for target domains which will be scanned for the endpoints.

Tool has started the scan process on target 1 from the list which was been provided.

Tool has identified the interesting endpoint on the target domain.

Tool has started the scan process on target 2 (geeksforgeeks.org) from the list which was been provided.

Tool has not got any suspicious endpoint on the target domain because geeksforgeeks.org is a secured domain.


Last Updated : 30 Jan, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads