{"id":13576065,"url":"https://github.com/yzddmr6/As-Exploits","last_synced_at":"2025-04-05T05:30:38.551Z","repository":{"id":47096812,"uuid":"312134883","full_name":"yzddmr6/As-Exploits","owner":"yzddmr6","description":"中国蚁剑后渗透框架","archived":false,"fork":false,"pushed_at":"2024-01-18T09:16:17.000Z","size":6985,"stargazers_count":916,"open_issues_count":2,"forks_count":161,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-04-03T17:13:35.353Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yzddmr6.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-12T01:28:37.000Z","updated_at":"2025-03-24T02:41:13.000Z","dependencies_parsed_at":"2022-08-12T13:11:36.804Z","dependency_job_id":"4e13e9c2-118f-4a65-8e6a-180b23dbffbd","html_url":"https://github.com/yzddmr6/As-Exploits","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yzddmr6%2FAs-Exploits","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yzddmr6%2FAs-Exploits/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yzddmr6%2FAs-Exploits/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yzddmr6%2FAs-Exploits/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yzddmr6","download_url":"https://codeload.github.com/yzddmr6/As-Exploits/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247294047,"owners_count":20915329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T15:01:06.714Z","updated_at":"2025-04-05T05:30:36.062Z","avatar_url":"https://github.com/yzddmr6.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","其他_安全与渗透","Java (504)","红队\u0026渗透测试"],"sub_categories":["网络服务_其他"],"readme":"# As-Exploits v 1.5\n中国蚁剑后渗透框架\n\n详细介绍:http://yzddmr6.com/posts/as-exploits/\n\n支持类型:php/jsp/jspjs/aspx/aspxcsharp\n\nPayload部分很多借鉴了[冰蝎](https://github.com/rebeyond/Behinder)跟[哥斯拉](https://github.com/BeichenDream/Godzilla)的实现,向其开发者们表示感谢!\n\n## 404StarLink 2.0 - Galaxy\n![](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)\n\nAs-Exploits 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy)中的一环,如果对As-Exploits 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。\n\n- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)\n\n## 支持列表\n\n| 模块名称\\Shell类型 | PHP | ASPX | JSP | JSPJS | ASPXCsharp |\n| :---------------: | :--: | :--: | :--: | ----------------- | ----------------- |\n| 基本信息 | √ | √ | √ | √ | √ |\n| 反弹Shell | √ | √ | √ | √ | √ |\n| 内存马 | | √ | √ | √ | √ |\n| 内存马管理 | | √ | √ | √ | √ |\n| 杀软识别 | √ | √ | √ | √ | √ |\n| 提权辅助 | √ | √ | √ | √ | √ |\n| 屏幕截图 | | √ | √ | √ | √ |\n| ShellCode加载器 | | √ | √ | √ | √ |\n| Jar加载器 | | | √ | √ | |\n| Bypass OpenRASP | | | √ | √ | |\n| 自定义代码执行 | √ | √ | √ | √ | √ |\n| SharpLoader | | √ | | | √ |\n| JS引擎执行 | | | √ | √ | |\n\n\n\n## 模块介绍\n\n[As-Exploits Wiki](https://github.com/yzddmr6/As-Exploits/wiki#模块介绍)\n\n## 更新日志\n\n### v 1.5 (2023/10/21)\n\n- 新增支持jspjs/aspxcsharp类型\n- 除内存马/内存马管理模块以外,均支持Tomcat10\n- 内存马注入模块更新:\n - Filter类型:新增PystingerFilter,SorFilter\n - 新增WebSocket类型:CmdWs,CmdBase64Ws,JSPJSWs,JSPJSBase64Ws\n - 不再支持Servlet内存马\n\n\n- 内存马管理模块新增Listener、Tomcat-Value、Timer、Websocket 、Upgrade 、ExecutorShell内存马的查杀检测(thx https://github.com/ruyueattention/java-memshell-scanner)\n- Jar加载器模块内存加载功能BUG修复\n- ShellCode加载-JNA模块更新,提高兼容性跟稳定性\n- execPayload模块支持新增额外参数\n- 新增Js引擎执行模块,可用Payload见:https://github.com/yzddmr6/Java-Js-Engine-Payloads\n- aspxcsharp类型支持回显自定义分隔符\n- aspxcsharp新增SharpLoader模块,支持内存加载、远程加载Assembly;支持获取已加载过的Assembly,无需重复上传;支持传递命令行参数,自动获取输入输出。\n\n### v 1.4 (2021/7/24)\n\n* aspx新增 内存马 模块\n* aspx新增 内存马管理 模块\n* jsp新增filter内存马\n* jsp内存马管理模块增强,支持filter、servlet(thx: tomcat-memshell-killer项目)\n* 新增 执行自定义payload 模块\n* 解决html渲染中文乱码\n\n### v 1.3 (2021/5/14)\n\n* equals支持数组传参方式,兼容各种容器\n* jsp新增 ShellCode加载器模块,内置两种分别基于jna跟java agent的shellcode加载方式\n* jsp新增 Bypass OpenRASP 模块,thx@Godzilla\n* JarLoader模块 新增手动上传方式,解决因Tomcat最大POST长度为2m导致无法加载内存Jar的问题\n* reGeorg内存马改为更稳定的neo-reGeorg,默认密码:asexploits\n* 冰蝎内存马支持3.7,去除pageContext依赖,兼容Spring等容器\n* 各模块兼容JDK5\n\n### v 1.2 (2021/3/24)\n\n* aspx增加`屏幕截图`模块\n* jsp增加`Jar加载器`模块。直接打入内存,文件不落地。\n* 支持返回包加密\n* `内存马管理`模块支持Tomcat(5-9)、Spring\n* `内存马`模块中`AntSword`类型支持Tomcat(5-9)、Spring\n* 报错信息优化\n\n### v 1.1 (2021/1/25)\n\n- 增加对aspx类型的支持\n- 增加`提权辅助`模块(aspx/jsp/php)\n- 增加`屏幕截图`模块(jsp)\n- 增加`shellcode加载器`模块(aspx)\n- 仅展示当前类型可用模块,不可用模块不再显示\n\n### v 1.0 (2020/12/1)\n\n- release\n\n## 注意事项\n\n本插件仅供合法的渗透测试以及爱好者参考学习,请勿用于非法用途,否则自行承担相关责任。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyzddmr6%2FAs-Exploits","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyzddmr6%2FAs-Exploits","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyzddmr6%2FAs-Exploits/lists"}