{"id":13540305,"url":"https://github.com/shmilylty/cheetah","last_synced_at":"2025-04-04T11:12:05.439Z","repository":{"id":44328872,"uuid":"88371302","full_name":"shmilylty/cheetah","owner":"shmilylty","description":"a very fast brute force webshell password tool","archived":false,"fork":false,"pushed_at":"2023-04-17T01:33:52.000Z","size":88163,"stargazers_count":629,"open_issues_count":6,"forks_count":151,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-03-28T10:05:38.549Z","etag":null,"topics":["brute-force","cheetah","cracker","fast","password","webshell"],"latest_commit_sha":null,"homepage":"https://www.hackfun.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shmilylty.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-04-15T20:03:50.000Z","updated_at":"2025-03-15T09:09:37.000Z","dependencies_parsed_at":"2022-08-30T06:51:17.010Z","dependency_job_id":"7dc6d4e8-c909-499f-bacb-3f37d22d9d28","html_url":"https://github.com/shmilylty/cheetah","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shmilylty%2Fcheetah","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shmilylty%2Fcheetah/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shmilylty%2Fcheetah/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shmilylty%2Fcheetah/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shmilylty","download_url":"https://codeload.github.com/shmilylty/cheetah/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247166168,"owners_count":20894654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brute-force","cheetah","cracker","fast","password","webshell"],"created_at":"2024-08-01T09:01:46.174Z","updated_at":"2025-04-04T11:12:05.406Z","avatar_url":"https://github.com/shmilylty.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"bad06ceb38098c26b1b8b46104f98d25\"\u003e\u003c/a\u003ewebshell","Python (1887)","Python","\u003ca id=\"faa91844951d2c29b7b571c6e8a3eb54\"\u003e\u003c/a\u003e新添加"],"sub_categories":["\u003ca id=\"faa91844951d2c29b7b571c6e8a3eb54\"\u003e\u003c/a\u003e未分类-webshell"],"readme":"![cheetah logo](images/logo.jpg)\n\n[English description](README.md) | [中文说明](README_zh.md)\n\n[![GPL Licence](https://badges.frapsoft.com/os/gpl/gpl.png?v=103)](https://opensource.org/licenses/GPL-3.0/) \n[![Build Status](https://travis-ci.org/sunnyelf/cheetah.svg?branch=master)](https://travis-ci.org/sunnyelf/cheetah)\n[![Code Climate](https://codeclimate.com/github/sunnyelf/cheetah/badges/gpa.svg)](https://codeclimate.com/github/sunnyelf/cheetah)\n[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/cheetah-community/)\n[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/sunnyelf)\n[![Twitter](https://img.shields.io/badge/follow-twitter-blue.svg)](https://twitter.com/jinglingbiaodi)\n\n# 0x00 cheetah\n\n[Cheetah](https://github.com/sunnyelf/cheetah) is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey. \n\nCheetah's working principle is that it can submit a large number of detection passwords based on different web services at once, blasting efficiency is thousands of times other common brute force password webshell tools.\n\nThis version may later be infrequently updated, please use the [Cheetah GUI](https://github.com/sunnyelf/cheetah-gui) version!\n\n# 0x01 features\n\n* Fast speed.\n\n* Supports python 2.x and python 3.x\n\n* Support to read large password dictionary file.\n\n* Support to remove duplicate passwords of large password dictionary file.\n\n* Support for automatic detection of web services.\n\n* Supports brute force batch webshell urls password.\n\n* Support for automatic forgery request header.\n\n* Currently supports php, jsp, asp, aspx webshell.\n\n\n### Docker Build\n\n ```\n $ docker build -t xshuden/cheetah .\n ```\n\n### Docker Usage\n\n ```\n $ docker run --rm -it xshuden/cheetah\n $ docker run --rm -it xshuden/cheetah -h\n $ docker run --rm -it xshuden/cheetah -u http://google.com\n ```\n\n\n# 0x02 parameter description\n\npython cheetah.py -h\n\n\t_________________________________________________\n\t       ______              _____         ______\n\t__________  /_ _____ _____ __  /_______ ____  /_\n\t_  ___/__  __ \\_  _ \\_  _ \\_  __/_  __ \\ __  __ \\\n\t/ /__  _  / / //  __//  __// /_  / /_/ / _  / / /\n\t\\___/  / / /_/ \\___/ \\___/ \\__/  \\____/  / / /_/\n\t      /_/                               /_/\n\t\n\ta very fast brute force webshell password tool.\n\t\n\tusage: cheetah.py [-h] [-i] [-v] [-c] [-up] [-r] [-w] [-s] [-n] [-u] [-b]\n\t                   [-p [file [file ...]]]\n\t\n\toptional arguments:\n\t  -h, --help            show this help message and exit\n\t  -i, --info            show information of cheetah and exit\n\t  -v, --verbose         enable verbose output(default disabled)\n\t  -c, --clear           clear duplicate password(default disabled)\n\t  -up, --update         update cheetah\n\t  -r , --request        specify request method(default POST)\n\t  -t , --time           specify request interval seconds(default 0)\n\t  -w , --webshell       specify webshell type(default auto-detect)\n\t  -s , --server         specify web server name(default auto-detect)\n\t  -n , --number         specify the number of request parameters\n\t  -u , --url            specify the webshell url\n\t  -b , --url-file       specify batch webshell urls file\n\t  -p file [file ...]    specify possword file(default data/pwd.list)\n\t\n\tuse examples:\n\t  python cheetah.py -u http://orz/orz.php\n\t  python cheetah.py -u http://orz/orz.jsp -r post -n 1000 -v\n\t  python cheetah.py -u http://orz/orz.asp -r get -c -p pwd.list\n\t  python cheetah.py -u http://orz/orz -w aspx -s iis -n 1000\n\t  python cheetah.py -b url.list -c -p pwd1.list pwd2.list -v\n\n# 0x03 screenshot\n\n## Ubuntu\n![screenshot 4](images/4.png)\n\n## Windows\n![screenshot 1](images/1.png)\n![screenshot 2](images/2.png)\n![screenshot 3](images/3.png)\n\n# 0x03 download, use and update cheetah #\n\n\tgit clone https://github.com/sunnyelf/cheetah.git\n\tpython cheetah.py \n\tgit pull orgin master\n\n# 0x04 files description #\n\n\tcheetah:\n\t│  .codeclimate.yml\n\t│  .gitignore\n\t│  .travis.yml\n\t│  cheetah.py              main program\n\t│  LICENSE\n\t│  README.md\n\t│  README_zh.md\n\t│  update.py               update module\n\t│\n\t├─data \n\t│      big_shell_pwd.7z   big shell password file\n\t│      pwd.list           default shell password file\n\t│      url.list           default batch webshell urls file\n\t│      user-agent.list    user agent file\n\t│\n\t└─images\n\t        1.png\n\t        2.png\n\t        3.png\n\t        4.png\n\t        logo.jpg\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshmilylty%2Fcheetah","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshmilylty%2Fcheetah","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshmilylty%2Fcheetah/lists"}