GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0x727 → SpringBootExploit

0x727 / SpringBootExploit

Licence: Apache-2.0 license
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。

Programming Languages

java
68154 projects - #9 most used programming language

Labels

springexploitvulnerabilityspringbootexpvul

Projects that are alternatives of or similar to SpringBootExploit

Exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Stars: ✭ 3,056 (+188.3%)
Mutual labels:  exploit, vulnerability, exp
break-fast-serial
A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
Stars: ✭ 53 (-95%)
Mutual labels:  exploit, vulnerability
SAP vulnerabilities
DoS PoC's for SAP products
Stars: ✭ 47 (-95.57%)
Mutual labels:  exploit, vulnerability
browserrecon-php
Advanced Web Browser Fingerprinting
Stars: ✭ 29 (-97.26%)
Mutual labels:  exploit, vulnerability
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (-86.6%)
Mutual labels:  exploit, vulnerability
rsGen
rsGen is a Reverse Shell Payload Generator for hacking.
Stars: ✭ 71 (-93.3%)
Mutual labels:  exploit, vulnerability
exploits
Some of my public exploits
Stars: ✭ 50 (-95.28%)
Mutual labels:  exploit, vulnerability
Pub
Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Stars: ✭ 217 (-79.53%)
Mutual labels:  exploit, vulnerability
CVE-2019-8449
CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Stars: ✭ 66 (-93.77%)
Mutual labels:  exploit, vulnerability
PwnX.py
🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (-97.17%)
Mutual labels:  exploit, vulnerability
prl guest to host
Guest to host VM escape exploit for Parallels Desktop
Stars: ✭ 26 (-97.55%)
Mutual labels:  exploit, vulnerability
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (-95.09%)
Mutual labels:  exploit, vulnerability
Killshot
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (-77.64%)
Mutual labels:  exploit, vulnerability
vmware guest auth bypass
Proof of concept of VMSA-2017-0012
Stars: ✭ 42 (-96.04%)
Mutual labels:  exploit, vulnerability
vulristics
Extensible framework for analyzing publicly available information about vulnerabilities
Stars: ✭ 46 (-95.66%)
Mutual labels:  exploit, vulnerability
overflow
A command-line tool for exploiting stack-based buffer overflow vulnerabilities.
Stars: ✭ 66 (-93.77%)
Mutual labels:  exploit, vulnerability
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+117.45%)
Mutual labels:  exploit, vulnerability
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+174.62%)
Mutual labels:  exploit, exp
exynos-usbdl
Unsigned code loader for Exynos BootROM
Stars: ✭ 57 (-94.62%)
Mutual labels:  exploit, vulnerability
hack
Kubernetes security and vulnerability tools and utilities.
Stars: ✭ 56 (-94.72%)
Mutual labels:  exploit, vulnerability
View All Similar Projects ➔

SpringBootExploit

一款针对SpringBootEnv页面进行快速漏洞利用

SpringBootExploit Forks Release Stars Follower Visitor SecSummers

📝 TODO

  • 支持Eureka XStream deserialization RCE
  • 支持Fastjson 内存马注入
  • 支持更多可以使用JNDI内存马注入反序列化漏洞
  • 支持内存马路径和密码修改

........

🐉来龙去脉

项目是根据Spring Boot Vulnerability Exploit Check List清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。

下载安装

  1. releases下载最新版Spring Boot Exploit压缩包,配合JNDIExploit使用。(推荐)
    1. git clone https://github.com/0x727/SpringBootExploit
    2. git clone https://github.com/0x727/JNDIExploit (目前不对外开放)
    3. mvn clean package -DskipTests 分别打SpringBootExploit包和JNDIExploit

🎬使用方法

  1. 首先在服务器上上传打包好的JNDIExploit工具,解压。使用命令启动java -jar JNDIExploit-1.2-SNAPSHOT.jar
  2. 输入目标地址和配置服务器地址,点击连接。出现如下图所示代表连接成功。

image-20210812105637728

  1. 漏洞利用

    建议首先点击检测环境,会自动判断是否存在漏洞。漏洞验证方法是Check list的方法,如果有更好的方法可以提交工单会考虑添加。

    image-20210812110100966

    1. 漏洞利用,目前只支持内存马注入

    image-20210812110245884

image-20210812110337585

🅱️免责声明

该工具仅用于安全自查检测

由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。

本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许,不得善自使用本工具进行任何攻击活动,不得以任何方式将其用于商业目的。

📖 参考项目

https://github.com/woodpecker-appstore/springboot-vuldb

as

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].