Skip to content
z3r0day edited this page Dec 3, 2021 · 4 revisions

Welcome to the Trishul wiki!

Options with Trishul

Directory Path Specification

The -d or --dir option can be used to specify the directory to start search from

Note: Trishul will always start a recursive search from the directory specified, considering it as the root node to start from

./trishul -d fake_dir


 _______   _     _           _             __   ___  
|__   __| (_)   | |         | |           /_ | / _ \ 
   | |_ __ _ ___| |__  _   _| |________   _| || | | |
   | | '__| / __| '_ \| | | | |______\ \ / / || | | |
   | | |  | \__ \ | | | |_| | |       \ V /| || |_| |
   |_|_|  |_|___/_| |_|\__,_|_|        \_/ |_(_)___/ 
   
Author: z3r0day
Copyright (c) 2021


[ERROR] Directory path:fake_dir not found

File Name Specification

The -f or --file option can be used to specify keywords to look for in filenames during recursive search

Note1: Keep in mind that -f specifies the keywords to look for in filenames but not a complete specific file name itself

Note2: Another important thing to keep in mind is that when you specify custom file names you also need to specify custom keywords to look for that is you can-not specify file name alone and then let Trishul search for specific strings inside files on its own. So if you specify a custom file name keyword then you also need to specify a custom string or strings to look for in them

Note3: Incase you only need to specify a filename you can just specify a random keyword and also specify verbose value of 1 which has two purposes one of which is to display all files found before scanning them and other is discussed later, you can specify it with -v 1 or --verbose 1

Note4: In order to specify multiple filenames/keywords to look for you can just seprate them by commas -f pass,shadow,creds

./trishul -d ./ -f 'pass' -s 'fake' -v 1


 _______   _     _           _             __   ___  
|__   __| (_)   | |         | |           /_ | / _ \ 
   | |_ __ _ ___| |__  _   _| |________   _| || | | |
   | | '__| / __| '_ \| | | | |______\ \ / / || | | |
   | | |  | \__ \ | | | |_| | |       \ V /| || |_| |
   |_|_|  |_|___/_| |_|\__,_|_|        \_/ |_(_)___/ 
   
Author: z3r0day
Copyright (c) 2021


[VERBOSE] File-Names: ['./passwd.txt', './password.txt']
----------------------------------------------------------------------------------------------------
[INFO] scanning ./passwd.txt
[INFO] scanning ./password.txt

If you don't specify any file name or strings Trishul scans for default filename keywords and strings determined by a level value specified with -l or --level and currently only level of 0 is configured in the tool more about it is discussed later

Specify Strings or Data to look for in Files

The -s or --strings option can be used to specify keywords,strings to look for in file content

Note: In order to specify multiple keywords you can just specify multiple and splitting them with commas -s pass,DB_user,api_key

./trishul -d ./ -f creds,wp-config -s pass,DB -t '.php'


 _______   _     _           _             __   ___  
|__   __| (_)   | |         | |           /_ | / _ \ 
   | |_ __ _ ___| |__  _   _| |________   _| || | | |
   | | '__| / __| '_ \| | | | |______\ \ / / || | | |
   | | |  | \__ \ | | | |_| | |       \ V /| || |_| |
   |_|_|  |_|___/_| |_|\__,_|_|        \_/ |_(_)___/ 
   
Author: z3r0day
Copyright (c) 2021

[INFO] scanning ./wp-config.php

[INFO] Found Keyword: pass on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')


[INFO] Found Keyword: DB on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')

Default Search In Trishul -l or --level level

The -l or --level option can be used to specify level of default files and keywords to look for, only required if you don't specify custom files and strings

Note: as of now the program only supports level of 0, the increasing levels basically indicate the number of keywords in filnames and strings that the tool will look for by default as of now only level 0 is set to run more levels will be added soon which will then allow user to search for config files etc used by non-default programs or potentially famous software in use

Below are two dictionaries used in the code of Trishul for level 0 and these may be extended more

default_dict_filenames_l0 = {
    0 : 'wp-config',
    1 : 'password',
    2 : 'secret',
    3 : 'api',
    4 :'apikey',
    5 : 'id_rsa',
    6 : 'passwd',
    7 : 'shadow',
    8 : 'creds',
    9 : 'employee',
    10 : 'access'
}

default_dict_strings_l0 = {
    0 : 'DB_PASS',
    1 : 'username',
    2 : 'password',
    3 : 'secret',
    4 : 'apikey',
    5 : 'api_key',
    6 : '-----BEGIN OPENSSH PRIVATE KEY-----',
    7 : 'credentials'
}

Specifying File Type extension

The -t or --type option can be used to specify the file types to look for when scanning for given filenames and strings

Note1: Keep in mind that when you don't specify a particular extension the program only searches for following extensions '.txt,.docx,.doc,.xls,.xlsx,.pdf,.log,.php'

Note2: when scanning for non-txt files with Trishul the user can specify additional -v or --verbose option to display all text data present in the file, since with non-txt files such as doc and docx the program will not be able to determine the line number etc..

Note3: we can specify multiple extensions to look for by just separating them with commas -t .docx,.doc,.php,.txt

./trishul -d ./ -l 0 -v 1 -t '.txt,.php'


 _______   _     _           _             __   ___  
|__   __| (_)   | |         | |           /_ | / _ \ 
   | |_ __ _ ___| |__  _   _| |________   _| || | | |
   | | '__| / __| '_ \| | | | |______\ \ / / || | | |
   | | |  | \__ \ | | | |_| | |       \ V /| || |_| |
   |_|_|  |_|___/_| |_|\__,_|_|        \_/ |_(_)___/ 
   
Author: z3r0day
Copyright (c) 2021

[INFO] scanning for Default files and keywords...
[INFO] scanning level set to 0

[VERBOSE] File-Names: ['./wp-config.txt', './passwd.txt', './wp-config.php', './shadow.txt', './password.txt']
----------------------------------------------------------------------------------------------------
[INFO] scanning ./wp-config.txt
[INFO] scanning ./passwd.txt
[INFO] scanning ./wp-config.php

[INFO] Found Keyword: DB_PASS on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')


[INFO] Found Keyword: password on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')

[INFO] scanning ./shadow.txt

[INFO] Found Keyword: password on line number: 2 in ./shadow.txt
[LINE] Contents: password123####

[INFO] scanning ./password.txt

Adjusting Verbosity in Trishul

The -v or --verbose option can be used to specify the value for verbosity 0 or 1, 0 for disabling and 1 for enabling might be required when looking for non text files or returning all files found before beginning the scanning of file contents

Note0: when scanning for non-txt files with Trishul the user can specify additional -v or --verbose option to display all text data present in the file, since with non-txt files such as doc and docx the program will not be able to determine the line number etc..

Note1: when verbose is on the all filenames are displayed on the screen before beginning the scanning of file contents and also when a keyword match is found in a non-txt file such as a docx file the entire text extracted from the docx file is displayed on the screen which saves the user time to view it manually

./trishul -d ./ -f creds -s pass -t '.docx,.pdf' --verbose 1


 _______   _     _           _             __   ___  
|__   __| (_)   | |         | |           /_ | / _ \ 
   | |_ __ _ ___| |__  _   _| |________   _| || | | |
   | | '__| / __| '_ \| | | | |______\ \ / / || | | |
   | | |  | \__ \ | | | |_| | |       \ V /| || |_| |
   |_|_|  |_|___/_| |_|\__,_|_|        \_/ |_(_)___/ 
   
Author: z3r0day
Copyright (c) 2021


[VERBOSE] File-Names: ['./creds.docx', './creds-converted.pdf']
----------------------------------------------------------------------------------------------------
[INFO] scanning ./creds.docx

[INFO] Found Keyword: pass in ./creds.docx

[VERBOSE] Content: ./creds.docx 
Creds saving in doc file






SSID: new_network
	Password: “supersecreteasy123456789!!!”
----------------------------------------------------------------------------------------------------
[INFO] scanning ./creds-converted.pdf

[INFO] Found Keyword: pass in ./creds-converted.pdf

[VERBOSE] Content: ./creds-converted.pdf 
Creds saving in doc file

SSID: new_network
Password: “supersecreteasy123456789!!!”



----------------------------------------------------------------------------------------------------

Future Updates

very soon some updates of improved code and improved overall performance will be published

Thank you!