Cheetah - a very fast brute force webshell password tool

April 21, 2020

Cheetah is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey.

Cheetah's working principle is that it can submit a large number of detection passwords based on different web services at once, blasting efficiency is thousands of times other common brute force password webshell tools.

This version may later be infrequently updated, please use the Cheetah GUI version!

0x01 features

  • Fast speed.
  • Support python 2.x and python 3.x
  • Support to read a large password dictionary file.
  • Support to remove duplicate passwords of the large password dictionary file.
  • Support for automatic detection of web services.
  • Support brute force batch webshell URLs password.
  • Support for automatic forgery request header.
  • Currently support PHP, JSP, asp, aspx webshell.

Docker Build

$ docker build -t xshuden/cheetah .

Docker Usage

$ docker run --rm -it xshuden/cheetah
$ docker run --rm -it xshuden/cheetah -h
$ docker run --rm -it xshuden/cheetah -u

0x02 parameter description

python -h

       ______              _____         ______
__________  /_ _____ _____ __  /_______ ____  /_
_  ___/__  __ \_....

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.