theLSA / Tp5 Getshell
thinkphp5 rce getshell
Stars: ✭ 126
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Tp5 Getshell
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+756.35%)
Mutual labels: rce
Mipcms
Thinkphp5 Vue2.x Axios iview 百度MIP --整套前后台PC+移动 为SEO打造的CMS内容管理系统
Stars: ✭ 94 (-25.4%)
Mutual labels: thinkphp5
Cve 2019 7609
exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts
Stars: ✭ 108 (-14.29%)
Mutual labels: rce
Lsky Pro
☁️Lsky Pro - Your photo album on the cloud.
Stars: ✭ 1,174 (+831.75%)
Mutual labels: thinkphp5
Fastadmin
基于 ThinkPHP5 和 Bootstrap 的极速后台开发框架,一键生成 CRUD,自动生成控制器、模型、视图、JS、语言包、菜单、回收站。
Stars: ✭ 1,329 (+954.76%)
Mutual labels: thinkphp5
Java Sec Code
Java web common vulnerabilities and security code which is base on springboot and spring security
Stars: ✭ 1,033 (+719.84%)
Mutual labels: rce
Ciscoexploit
Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
Stars: ✭ 73 (-42.06%)
Mutual labels: rce
Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Stars: ✭ 1,258 (+898.41%)
Mutual labels: rce
Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-18.25%)
Mutual labels: rce
Lyadmin
lyadmin是一套轻量级通用后台,采用ThinkPHP+Bootstrap3制作,内置系统设置、上传管理、权限管理、模块管理、插件管理等功能,独有的Builder页面自动生成技术节省50%开发成本,先进的模块化开发的支持让开发成本一降再降,致力于为个人和中小型企业打造全方位的PHP企业级开发解决方案。另外提供整套企业开发解决方案,集PC、手机、微信、App、小程序五端于一体,更有用户中心模块、门户模块、钱包支付中心模块、商城模块、OAuth2统一登陆、内部Git模块、Docker模块可供选择。
Stars: ✭ 1,066 (+746.03%)
Mutual labels: thinkphp5
Gitlab rce
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Stars: ✭ 104 (-17.46%)
Mutual labels: rce
tp5-getshell.py - thinkphp5 rce漏洞检测工具
概述
控制器过滤不严导致rce,漏洞详情参考
本工具支持单url/批量检测,有phpinfo模式、cmd shell模式、getshell(写一句话)模式,批量检测直接使用getshell模式。
需求
python2.7
pip install -r requirements.txt
快速开始
python tp5-getshell.py -h
使用4种poc-phpinfo检测
python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/
单url检测(getshell模式)
使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell
python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/ –exploit
单url检测(cmd shell模式)
python tp5-getshell.py -u http://www.xxx.com/ –cmdshell
批量检测(getshell)
使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell
python tp5-getshell.py -f urls.txt -t 2 -s 10
反馈
博客: http://www.lsablog.com/
gmail: [email protected]
qq: [email protected]
issues: https://github.com/theLSA/tp5-getshell/issues
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].