{"id":15034801,"url":"https://github.com/summersec/shiroattack2","last_synced_at":"2025-10-18T05:26:21.813Z","repository":{"id":37382361,"uuid":"376431287","full_name":"SummerSec/ShiroAttack2","owner":"SummerSec","description":"shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack","archived":false,"fork":false,"pushed_at":"2024-04-10T08:46:03.000Z","size":208032,"stargazers_count":2207,"open_issues_count":30,"forks_count":274,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-05-15T10:02:07.105Z","etag":null,"topics":["shiro","shiro-security","shiro550","shiroexp"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SummerSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-13T03:44:13.000Z","updated_at":"2025-05-14T09:24:00.000Z","dependencies_parsed_at":"2022-07-10T16:01:19.687Z","dependency_job_id":"cd6a00f0-fbb8-4b29-95cb-0677de552785","html_url":"https://github.com/SummerSec/ShiroAttack2","commit_stats":{"total_commits":69,"total_committers":5,"mean_commits":13.8,"dds":0.07246376811594202,"last_synced_commit":"5be73d537435cac05d4d402659955ad5748c74c2"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FShiroAttack2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FShiroAttack2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FShiroAttack2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FShiroAttack2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SummerSec","download_url":"https://codeload.github.com/SummerSec/ShiroAttack2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254319716,"owners_count":22051072,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["shiro","shiro-security","shiro550","shiroexp"],"created_at":"2024-09-24T20:26:22.717Z","updated_at":"2025-10-18T05:26:16.764Z","avatar_url":"https://github.com/SummerSec.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# \n\n\u003ch1 align=\"center\" \u003eShiroAttack2\u003c/h1\u003e\n\u003ch3 align=\"center\" \u003e一款针对Shiro550漏洞进行快速漏洞利用\u003c/h3\u003e\n \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/SummerSec/ShiroAttack2\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/SummerSec/ShiroAttack2\"\u003e\u003cimg alt=\"ShiroAttack2\" src=\"https://img.shields.io/badge/ShiroAttack2-green\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/SummerSec/ShiroAttack2\"\u003e\u003cimg alt=\"Forks\" src=\"https://img.shields.io/github/forks/SummerSec/ShiroAttack2\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec/ShiroAttack2\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/SummerSec/ShiroAttack2.svg\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/SummerSec/ShiroAttack2\"\u003e\u003cimg alt=\"Stars\" src=\"https://img.shields.io/github/stars/SummerSec/ShiroAttack2.svg?style=social\u0026label=Stars\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec\"\u003e\u003cimg alt=\"Follower\" src=\"https://img.shields.io/github/followers/SummerSec.svg?style=social\u0026label=Follow\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec\"\u003e\u003cimg alt=\"Visitor\" src=\"https://visitor-badge.laobi.icu/badge?page_id=SummerSec.ShiroAttack2\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://twitter.com/SecSummers\"\u003e\u003cimg alt=\"SecSummers\" src=\"https://img.shields.io/twitter/follow/SecSummers.svg\"\u003e\u003c/a\u003e\n\t\u003ca xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"https://visitor-badge.laobi.icu\"\u003e\u003crect fill=\"rgba(0,0,0,0)\" height=\"20\" width=\"49.6\"/\u003e\u003c/a\u003e\n\t\u003ca xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"https://visitor-badge.laobi.icu\"\u003e\u003crect fill=\"rgba(0,0,0,0)\" height=\"20\" width=\"17.0\" x=\"49.6\"/\u003e\u003c/a\u003e\n\t\u003c/p\u003e\n\n\n\n## 前言\n\n关于该工具更新内容介绍后续会更新到博客下面**https://shiro.sumsec.me/**\n\n## 工具特点\n\n* javafx\n* 处理没有第三方依赖的情况\n* 支持多版本CommonsBeanutils的gadget\n* 支持内存马\n* 采用直接回显执行命令\n* 添加了更多的CommonsBeanutils版本gadget\n* 支持修改rememberMe关键词\n* 支持直接爆破利用gadget和key\n* 支持代理\n* 添加修改shirokey功能（使用内存马的方式）**可能导致业务异常**\n* 支持内存马小马\n* 添加DFS算法回显（AllECHO） \n* 支持自定义请求头，格式：abc:123\u0026\u0026\u0026test:123\n\n## FAQ 常见问题见\n\n[FAQ](./docs/FAQ.md)\n\n\n\n## 使用方法\n\n直接使用shiro_attack-{version}-SNAPSHOT-all.jar第三版\n\n![image-20211130114603322](https://img.sumsec.me//49u5049ec49u5049ec.png)\n\n在jar的当前目录下创建一个data文件夹，里面创建一个shiro_keys.txt文件，文件内容是shiro_key。lib目前是CommonsBeanutils依赖的版本。\n\n![image-20211130113559530](https://img.sumsec.me//44u5044ec44u5044ec.png)\n\n\n\n---\n\n## :b:免责声明\n\n该工具仅用于安全自查检测\n\n由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。\n\n本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许，不得善自使用本工具进行任何攻击活动，不得以任何方式将其用于商业目的。\n\n该工具只授权于企业内部进行问题排查，请勿用于非法用途，请遵守网络安全法，否则后果作者概不负责\n\n----\n\n![as](https://starchart.cc/SummerSec/ShiroAttack2.svg)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsummersec%2Fshiroattack2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsummersec%2Fshiroattack2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsummersec%2Fshiroattack2/lists"}