View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005765||Kali Linux||[All Projects] New Tool Requests||public||2019-10-28 22:44||2019-10-30 13:12|
|Target Version||Fixed in Version|
|Summary||0005765: filegps - The only HTTP filename guesser for your webshells|
Recently I developed a tool that could be usefull to find how your webshell got renamed after the server-side script of the file uploader saved it.
The tool has been added to the official repositories of the following distros:
* Parrot OS
* BlackArch linux
I was wondering if it can be integrated in Kali too.
|Steps To Reproduce||Here you can find the tool: https://github.com/0blio/fileGPS|
Here there is the last release of the tool: https://github.com/0blio/fileGPS/releases/tag/0.4
|Additional Information||Here is a brief description of the tool from the documentation:|
When you upload a shell on a web-server using a file upload functionality, usually the file get renamed in various ways in order to prevent direct access to the file, RCE and file overwrite.
fileGPS is a tool that uses various techniques to find the new filename, after the server-side script renamed and saved it.
Some of the techniques used by fileGPS are:
* Various hash of the filename
* Various timestamps tricks
* Filename + PHP time() up to 5 minutes before the start of the script
* So many more