GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → theLSA → Tp5 Getshell

theLSA / Tp5 Getshell

thinkphp5 rce getshell

Programming Languages

python
139335 projects - #7 most used programming language

Labels

rcethinkphp5

Projects that are alternatives of or similar to Tp5 Getshell

Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+756.35%)
Mutual labels:  rce
Mipcms
Thinkphp5 Vue2.x Axios iview 百度MIP --整套前后台PC+移动 为SEO打造的CMS内容管理系统
Stars: ✭ 94 (-25.4%)
Mutual labels:  thinkphp5
Cve 2019 7609
exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts
Stars: ✭ 108 (-14.29%)
Mutual labels:  rce
Lsky Pro
☁️Lsky Pro - Your photo album on the cloud.
Stars: ✭ 1,174 (+831.75%)
Mutual labels:  thinkphp5
Tp5 Api
前后端完全分离--服务端基于thinkphp5+mysql 接口解决方案
Stars: ✭ 85 (-32.54%)
Mutual labels:  thinkphp5
Fastadmin
基于 ThinkPHP5 和 Bootstrap 的极速后台开发框架,一键生成 CRUD,自动生成控制器、模型、视图、JS、语言包、菜单、回收站。
Stars: ✭ 1,329 (+954.76%)
Mutual labels:  thinkphp5
Java Sec Code
Java web common vulnerabilities and security code which is base on springboot and spring security
Stars: ✭ 1,033 (+719.84%)
Mutual labels:  rce
Cve 2019 0708 bluekeep rce
bluekeep exploit
Stars: ✭ 121 (-3.97%)
Mutual labels:  rce
Cve 2019 0708 Tool
A social experiment
Stars: ✭ 87 (-30.95%)
Mutual labels:  rce
Framework
【新】基于 ThinkPHP 5.1 基础开发平台(体验账号和密码都是 admin )
Stars: ✭ 107 (-15.08%)
Mutual labels:  thinkphp5
Ciscoexploit
Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
Stars: ✭ 73 (-42.06%)
Mutual labels:  rce
Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Stars: ✭ 1,258 (+898.41%)
Mutual labels:  rce
Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-18.25%)
Mutual labels:  rce
Exploits
Miscellaneous exploit code
Stars: ✭ 1,157 (+818.25%)
Mutual labels:  rce
Thinkservice
【新】多商户服务平台
Stars: ✭ 116 (-7.94%)
Mutual labels:  thinkphp5
Lyadmin
lyadmin是一套轻量级通用后台,采用ThinkPHP+Bootstrap3制作,内置系统设置、上传管理、权限管理、模块管理、插件管理等功能,独有的Builder页面自动生成技术节省50%开发成本,先进的模块化开发的支持让开发成本一降再降,致力于为个人和中小型企业打造全方位的PHP企业级开发解决方案。另外提供整套企业开发解决方案,集PC、手机、微信、App、小程序五端于一体,更有用户中心模块、门户模块、钱包支付中心模块、商城模块、OAuth2统一登陆、内部Git模块、Docker模块可供选择。
Stars: ✭ 1,066 (+746.03%)
Mutual labels:  thinkphp5
Cazador unr
Hacking tools
Stars: ✭ 95 (-24.6%)
Mutual labels:  rce
Charroom
PHP + Swoole 聊天室
Stars: ✭ 125 (-0.79%)
Mutual labels:  thinkphp5
Dawn Api Demo
dawn-api-demo
Stars: ✭ 117 (-7.14%)
Mutual labels:  thinkphp5
Gitlab rce
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Stars: ✭ 104 (-17.46%)
Mutual labels:  rce
View All Similar Projects ➔

tp5-getshell.py - thinkphp5 rce漏洞检测工具

概述

控制器过滤不严导致rce,漏洞详情参考

thinkphp5 RCE漏洞重现及分析


本工具支持单url/批量检测,有phpinfo模式、cmd shell模式、getshell(写一句话)模式,批量检测直接使用getshell模式。

需求

python2.7


pip install -r requirements.txt

快速开始

python tp5-getshell.py -h



单url检测(phpinfo模式)

使用4种poc-phpinfo检测

python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/


单url检测(getshell模式)

使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell

python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/ –exploit



单url检测(cmd shell模式)

python tp5-getshell.py -u http://www.xxx.com/ –cmdshell



批量检测(getshell)

使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell

python tp5-getshell.py -f urls.txt -t 2 -s 10


反馈

博客: http://www.lsablog.com/
gmail: [email protected]
qq: [email protected]
issues: https://github.com/theLSA/tp5-getshell/issues

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].