-
Notifications
You must be signed in to change notification settings - Fork 1
Home
The -d or --dir option can be used to specify the directory to start search from
Note: Trishul will always start a recursive search from the directory specified, considering it as the root node to start from
./trishul -d fake_dir
_______ _ _ _ __ ___
|__ __| (_) | | | | /_ | / _ \
| |_ __ _ ___| |__ _ _| |________ _| || | | |
| | '__| / __| '_ \| | | | |______\ \ / / || | | |
| | | | \__ \ | | | |_| | | \ V /| || |_| |
|_|_| |_|___/_| |_|\__,_|_| \_/ |_(_)___/
Author: z3r0day
Copyright (c) 2021
[ERROR] Directory path:fake_dir not found
The -f or --file option can be used to specify keywords to look for in filenames during recursive search
Note1: Keep in mind that -f specifies the keywords to look for in filenames but not a complete specific file name itself
Note2: Another important thing to keep in mind is that when you specify custom file names you also need to specify custom keywords to look for that is you can-not specify file name alone and then let Trishul search for specific strings inside files on its own. So if you specify a custom file name keyword then you also need to specify a custom string or strings to look for in them
Note3: Incase you only need to specify a filename you can just specify a random keyword and also specify verbose value of 1 which has two purposes one of which is to display all files found before scanning them and other is discussed later, you can specify it with -v 1 or --verbose 1
Note4: In order to specify multiple filenames/keywords to look for you can just seprate them by commas -f pass,shadow,creds
./trishul -d ./ -f 'pass' -s 'fake' -v 1
_______ _ _ _ __ ___
|__ __| (_) | | | | /_ | / _ \
| |_ __ _ ___| |__ _ _| |________ _| || | | |
| | '__| / __| '_ \| | | | |______\ \ / / || | | |
| | | | \__ \ | | | |_| | | \ V /| || |_| |
|_|_| |_|___/_| |_|\__,_|_| \_/ |_(_)___/
Author: z3r0day
Copyright (c) 2021
[VERBOSE] File-Names: ['./passwd.txt', './password.txt']
----------------------------------------------------------------------------------------------------
[INFO] scanning ./passwd.txt
[INFO] scanning ./password.txt
If you don't specify any file name or strings Trishul scans for default filename keywords and strings determined by a level value specified with -l or --level and currently only level of 0 is configured in the tool more about it is discussed later
The -s or --strings option can be used to specify keywords,strings to look for in file content
Note: In order to specify multiple keywords you can just specify multiple and splitting them with commas -s pass,DB_user,api_key
./trishul -d ./ -f creds,wp-config -s pass,DB -t '.php'
_______ _ _ _ __ ___
|__ __| (_) | | | | /_ | / _ \
| |_ __ _ ___| |__ _ _| |________ _| || | | |
| | '__| / __| '_ \| | | | |______\ \ / / || | | |
| | | | \__ \ | | | |_| | | \ V /| || |_| |
|_|_| |_|___/_| |_|\__,_|_| \_/ |_(_)___/
Author: z3r0day
Copyright (c) 2021
[INFO] scanning ./wp-config.php
[INFO] Found Keyword: pass on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')
[INFO] Found Keyword: DB on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')
The -l or --level option can be used to specify level of default files and keywords to look for, only required if you don't specify custom files and strings
Note: as of now the program only supports level of 0, the increasing levels basically indicate the number of keywords in filnames and strings that the tool will look for by default as of now only level 0 is set to run more levels will be added soon which will then allow user to search for config files etc used by non-default programs or potentially famous software in use
Below are two dictionaries used in the code of Trishul for level 0 and these may be extended more
default_dict_filenames_l0 = {
0 : 'wp-config',
1 : 'password',
2 : 'secret',
3 : 'api',
4 :'apikey',
5 : 'id_rsa',
6 : 'passwd',
7 : 'shadow',
8 : 'creds',
9 : 'employee',
10 : 'access'
}
default_dict_strings_l0 = {
0 : 'DB_PASS',
1 : 'username',
2 : 'password',
3 : 'secret',
4 : 'apikey',
5 : 'api_key',
6 : '-----BEGIN OPENSSH PRIVATE KEY-----',
7 : 'credentials'
}
The -t or --type option can be used to specify the file types to look for when scanning for given filenames and strings
Note1: Keep in mind that when you don't specify a particular extension the program only searches for following extensions '.txt,.docx,.doc,.xls,.xlsx,.pdf,.log,.php'
Note2: when scanning for non-txt files with Trishul the user can specify additional -v or --verbose option to display all text data present in the file, since with non-txt files such as doc and docx the program will not be able to determine the line number etc..
Note3: we can specify multiple extensions to look for by just separating them with commas -t .docx,.doc,.php,.txt
./trishul -d ./ -l 0 -v 1 -t '.txt,.php'
_______ _ _ _ __ ___
|__ __| (_) | | | | /_ | / _ \
| |_ __ _ ___| |__ _ _| |________ _| || | | |
| | '__| / __| '_ \| | | | |______\ \ / / || | | |
| | | | \__ \ | | | |_| | | \ V /| || |_| |
|_|_| |_|___/_| |_|\__,_|_| \_/ |_(_)___/
Author: z3r0day
Copyright (c) 2021
[INFO] scanning for Default files and keywords...
[INFO] scanning level set to 0
[VERBOSE] File-Names: ['./wp-config.txt', './passwd.txt', './wp-config.php', './shadow.txt', './password.txt']
----------------------------------------------------------------------------------------------------
[INFO] scanning ./wp-config.txt
[INFO] scanning ./passwd.txt
[INFO] scanning ./wp-config.php
[INFO] Found Keyword: DB_PASS on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')
[INFO] Found Keyword: password on line number: 0 in ./wp-config.php
[LINE] Contents: DB_PASS = ('passwordiseasy123')
[INFO] scanning ./shadow.txt
[INFO] Found Keyword: password on line number: 2 in ./shadow.txt
[LINE] Contents: password123####
[INFO] scanning ./password.txt
The -v or --verbose option can be used to specify the value for verbosity 0 or 1, 0 for disabling and 1 for enabling might be required when looking for non text files or returning all files found before beginning the scanning of file contents
Note0: when scanning for non-txt files with Trishul the user can specify additional -v or --verbose option to display all text data present in the file, since with non-txt files such as doc and docx the program will not be able to determine the line number etc..
Note1: when verbose is on the all filenames are displayed on the screen before beginning the scanning of file contents and also when a keyword match is found in a non-txt file such as a docx file the entire text extracted from the docx file is displayed on the screen which saves the user time to view it manually
./trishul -d ./ -f creds -s pass -t '.docx,.pdf' --verbose 1
_______ _ _ _ __ ___
|__ __| (_) | | | | /_ | / _ \
| |_ __ _ ___| |__ _ _| |________ _| || | | |
| | '__| / __| '_ \| | | | |______\ \ / / || | | |
| | | | \__ \ | | | |_| | | \ V /| || |_| |
|_|_| |_|___/_| |_|\__,_|_| \_/ |_(_)___/
Author: z3r0day
Copyright (c) 2021
[VERBOSE] File-Names: ['./creds.docx', './creds-converted.pdf']
----------------------------------------------------------------------------------------------------
[INFO] scanning ./creds.docx
[INFO] Found Keyword: pass in ./creds.docx
[VERBOSE] Content: ./creds.docx
Creds saving in doc file
SSID: new_network
Password: “supersecreteasy123456789!!!”
----------------------------------------------------------------------------------------------------
[INFO] scanning ./creds-converted.pdf
[INFO] Found Keyword: pass in ./creds-converted.pdf
[VERBOSE] Content: ./creds-converted.pdf
Creds saving in doc file
SSID: new_network
Password: “supersecreteasy123456789!!!”
----------------------------------------------------------------------------------------------------
very soon some updates of improved code and improved overall performance will be published