crabby-webshell-generator 1.1.2

Crabby is a tool developed to generate webshells written in - insert your desired webshell language -. It is designed to be used by red teams to aid in lateral movement, privilege escalation, and data exfiltration.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

use clap::Parser;

use crate::enums::template::Template;

#[derive(Parser, Debug)]
#[command(author, version, long_about)]
pub struct CliArguments {
	/// Output filename
	///
	/// If not provided, the webshell will be written to "shell.<template>" in the current directory
	#[arg(short, long)]
	pub output: Option<String>,

	/// Which template language to use
	///
	/// This will determine the language of the generated webshell
	#[arg(short, long, value_enum)]
	pub template: Template,

	/// Define the language version to use for the template
	///
	/// This is useful for templates that have multiple versions available
	#[arg(long)]
	pub template_version: Option<String>,

	/// Clone templates and exit
	///
	/// This will clone the templates from the repository and exit, useful for updating the templates or customizing them
	#[arg(long)]
	pub bare_clone: bool,

	/// Obfuscate the generated code
	///
	/// This will make the code harder to read and understand also reducing the file size, it will also make the code
	/// harder to analyze and detect by antivirus software
	#[arg(long)]
	pub obfuscate: bool,

	/// Format used to generate variable names if obfuscation is enabled
	///
	/// The format should be a string with the following placeholders:
	///
	/// - `A` - Random uppercase or lowercase letter
	///
	/// - `0` - Random digit
	///
	/// - `!` - Random special character (!@#$%^&*()_+-=[]{}|;:,.<>?)
	///
	/// - any other character - The character itself
	///
	/// Note: It is strongly un-suggested to provide special characters in the format as the possibility to break the
	///       code is high.
	#[arg(long, default_value = "AA0")]
	pub obfuscation_format: String,

	/// Password used to authenticate to the webshell
	///
	/// Autogenerated if not provided
	#[arg(short, long)]
	pub password: Option<String>,

	/// Length of the password used to authenticate to the webshell
	///
	/// Only used if the password is autogenerated
	#[arg(long, default_value = "32")]
	pub password_length: u32,

	/// Username used to authenticate to the webshell
	///
	/// Autogenerated if not provided
	#[arg(short, long)]
	pub username: Option<String>,

	/// Length of the username used to authenticate to the webshell
	///
	/// Only used if the username is autogenerated
	#[arg(long, default_value = "16")]
	pub username_length: u32,

	/// Salt used to hash the password
	///
	/// Autogenerated if not provided
	#[arg(short, long)]
	pub salt: Option<String>,

	/// Length of the generated salt
	///
	/// Only used if the salt is autogenerated
	#[arg(long, default_value = "64")]
	pub salt_length: u32,

	/// Enable debug mode
	///
	/// Pass multiple times to increase verbosity
	#[arg(short, long, action = clap::ArgAction::Count, default_value = "0")]
	pub debug: u8,
}