Working with Shellfinder Tool on Kali Linux OS

Example/Usage: Scanning multiple target domains for Interesting Endpoints

python3 shellfinder.py

In the below screenshot, we have given the urls for target domains which will be scanned for the endpoints.

Tool has started the scan process on target 1 from the list which was been provided.

Tool has identified the interesting endpoint on the target domain.

Tool has started the scan process on target 2 (w3wiki.org) from the list which was been provided.

Tool has not got any suspicious endpoint on the target domain because w3wiki.org is a secured domain.

A shell is a malicious PHP file executed by accessing it via a web browser. It is a PHP script allowing the attacker to control the server – essentially a backdoor program, similar in functionality to a Trojan for personal computers. Shellfinder tool finds the route through which this malicious file can be uploaded to the target server and how the attacker can gain access. Shellfinder tool is developed in the Python language and it’s a fully automated cyber-security tool. It’s also available on the GitHub open-source platform for free.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux