{"id":13600257,"url":"https://github.com/a1phaboy/FastjsonScan","last_synced_at":"2025-04-10T21:31:36.493Z","repository":{"id":59864141,"uuid":"533029600","full_name":"a1phaboy/FastjsonScan","owner":"a1phaboy","description":"Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency","archived":false,"fork":false,"pushed_at":"2022-10-07T18:08:55.000Z","size":4621,"stargazers_count":991,"open_issues_count":11,"forks_count":95,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-11-07T02:37:28.903Z","etag":null,"topics":["deserialization-vulnerability","fastjson","fastjson-rce","scanner-web"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/a1phaboy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-09-05T19:14:17.000Z","updated_at":"2024-11-06T14:11:08.000Z","dependencies_parsed_at":"2022-09-23T20:50:40.159Z","dependency_job_id":null,"html_url":"https://github.com/a1phaboy/FastjsonScan","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a1phaboy%2FFastjsonScan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a1phaboy%2FFastjsonScan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a1phaboy%2FFastjsonScan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a1phaboy%2FFastjsonScan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/a1phaboy","download_url":"https://codeload.github.com/a1phaboy/FastjsonScan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248301447,"owners_count":21080894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deserialization-vulnerability","fastjson","fastjson-rce","scanner-web"],"created_at":"2024-08-01T18:00:33.573Z","updated_at":"2025-04-10T21:31:31.472Z","avatar_url":"https://github.com/a1phaboy.png","language":"Go","readme":"![FastjsonScan](https://socialify.git.ci/a1phaboy/FastjsonScan/image?font=Source%20Code%20Pro\u0026forks=1\u0026issues=1\u0026language=1\u0026name=1\u0026owner=1\u0026pattern=Circuit%20Board\u0026stargazers=1\u0026theme=Light)\n# FastjsonScan\nA tool to fast detect fastjson‘s deserialize vuln\n\n## 0x00  FastjsonScan now is public  🎉🎉🎉\n\n\n### WHAT?\nFastjsonExpFramework一共分为探测、利用、混淆、bypass JDK等多个模块，而FastjsonScan 是其中一部分，通过报错、请求、依赖库等探测实现多方面定位fastjson版本  \n\n### WHY?\n现有的fastjson扫描器无法满足迭代速度如此快的fastjson版本，大部分扫描器早已无人维护，已不适配高版本。我将持续优化此系列项目。\n\n### HOW?\n目前fastjsonScan支持  \n☑️支持批量接口探测  \n☑️1.2.83及以下的区间探测(主要分为48,68,80三大安全版本)  \n☑️支持报错回显探测  \n☑️DNS出网检测  \n☑️支持AutoType状态检测  \n☑️依赖库检测  \n☑️延迟检测  \n\n### TODO\n适配内网环境下的探测  \n适配webpack做自动化扫描  \n完善DNS回显探测依赖库的探测  \n完善在61版本以上并且不出网的检测方式  \n完善其他不同json解析库的探测\n完善相关依赖库检测\n\n### 如果在使用过程中有任何问题欢迎提出issues👏\n\n### Demo\n![img.png](img.png)![img_1.png](img_1.png)\n\n## Usage\n**FastjsonScan [-u] url [-f] urls.txt [-o] result.txt**  \n-u 目标url，注意需要加上http/https  \n-f 目标url文件，可以扫描多条url  \n-o 结果保存文件，默认在当前文件夹下的results.txt文件  \n\n## 0x01 Dev Notes \n\n### 2022-09-05 0.5 \nFramework分离出scan模块\n\n### 2022-09-05 0.4 beta\n☑️重构版本探测模块，将判断fastjson,jackson,org.json,gson分离出来做识别模块  \n\nTODO:  \n利用dnslog探测依赖库  \n利用模块编写  \n\n### 2022-09-04 0.35 beta\n☑️修复了48版本的探测payload,该payload在进行80版本的payload探测之后，会触发tojavaobject从而将java.net.InetAddress类加入白名单，当进行第二次版本探测时会产生误报  \n☑️版本检测会优先判断AutoType是否开启，如果开启只能模糊区分48以下及以上\n\n\n### 2022-09-03 0.34 beta\n☑️重构了版本探测模块，由之前精确探测分成了3块（48，68，80）  \n☑️重写了判断版本的逻辑  \n☑️补充了80版本与83版本的探测\n\nTODO:  \n目标依赖库环境的探测  \nAutoType的状态对版本探测有影响，需要做处理\n\n\n### 2022-09-02 0.33 beta\n☑️修改了含有jackson字段的报错检测逻辑  \n☑️DNS检测新增10秒的等待时间，防止网络原因导致误报\n\n### 2022-09-01 0.32 beta\n☑️添加多条gadget，部分gadget复现不成功，根据目标的环境添加  \n☑️修改了延迟探测的bug  \n☑️添加了URLReader的探测链\n\n### 2022-08-07  0.31 beta\n☑️增加了几条gadgets\n\n### 2022-08-06  0.3  beta\n☑️完成了AutoType探测模块\n\n### 2022-08-05  0.2  beta\n☑️完成了探测模块的主要部分：包括报错探测，DNS探测和延迟探测\n\n\n\n## 0x02参考\nhttps://github.com/safe6Sec/Fastjson    \nhttps://github.com/hosch3n/FastjsonVulns   \nhttps://github.com/iSafeBlue/fastjson-autotype-bypass-demo  \n\n## 0x03鸣谢\n非常感谢 [blue](https://github.com/iSafeBlue) 浅蓝师傅在kcon上的精彩分享  \n非常感谢 [hosch3n](https://github.com/hosch3n) 李师傅的答疑解惑\n\n","funding_links":[],"categories":["Go","扫描器、资产收集、子域名","漏洞扫描"],"sub_categories":["网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fa1phaboy%2FFastjsonScan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fa1phaboy%2FFastjsonScan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fa1phaboy%2FFastjsonScan/lists"}