How to use EvilTree to search for regular expressions or keyword matches in files

1. When searching for sensitive information in files within a nested directory structure, EvilTree has a significant advantage in that it can visually display which files contain the keywords/regular expression patterns provided by the user and their positions in the folder hierarchy;

2. The "tree" command itself is a magical tool for analyzing directory structures, and providing a standalone alternative command for post-intrusion testing is very convenient because it is not pre-installed in every Linux distribution, and its functionality is partially restricted on the Windows operating system.

Tool download

Since this tool is developed based on Python 3, researchers are first required to install and configure the Python 3 environment on their local devices. Next, use the following command to clone the project source code to the local machine:

git clone https://github.com/t3l3machus/eviltree.git

Tool usage examples

Example 1 - Execute a regular expression search to find the string "password = something" in /var/www:

Example 2 - Use comma-separated keywords to search for sensitive information:

Example 3 - Use the "-i" parameter to only display the matching keywords/regular expressions content (reduce the length of the output content):

Useful keywords/regular expression patterns

Regular expressions available for searching passwords

-x ".{0,3}passw.{0,3}[=]{1}.{0,18}"

Keywords available for searching sensitive information

-k passw,db_,admin,account,user,token

Project address

EvilTree：【GitHub Gateway】

Reference materials

https://twitter.com/intent/tweet?text=A%20standalone%20python3%20remake%20of%20the%20classic%20%22tree%22%20command%20with%20the%20additional%20feature%20of%20searching%20for%20user%20provided%20keywords%2Fregex%20in%20files%2C%20highlighting%20those%20that%20contain%20matches.&url=https://github.com/t3l3machus/eviltree&via=t3l3machus&hashtags=cybersecurity,pentesting,redteaming,hacking,github