Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/adhdproject/java-web-attack
Java Encoder for Metasploit Payloads
https://github.com/adhdproject/java-web-attack
Last synced: 14 days ago
JSON representation
Java Encoder for Metasploit Payloads
- Host: GitHub
- URL: https://github.com/adhdproject/java-web-attack
- Owner: adhdproject
- License: other
- Created: 2020-06-09T22:36:04.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-06-10T18:33:37.000Z (over 4 years ago)
- Last Synced: 2024-08-02T06:15:40.270Z (4 months ago)
- Language: HTML
- Size: 40 KB
- Stars: 2
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
This progam was heavily inspired by, and uses code from, the Social Engineering Toolkit.
https://www.trustedsec.com/social-engineer-toolkit/
Specifically, this project aims to break out the Java Applet Web Attack method from SET into a standalone tool. It was written in order to be used in the Active Defense Harbinger Distribution (ADHD), but can likely be used in other Ubuntu/Debian variants.
http://sourceforge.net/projects/adhd/
* clone.sh - Clones any web page and saves output to index.html.
* weaponize.py - Generates payloads using msfvenom for all 3 major OS's. You can customize the payload used for each operating system. You can even use a custom executable by replacing the appropriate file in the resulting output directory.g Reads in an html file and inserts Java applet tag into it. Also creates a Metasploit resource script to launch listeners for each of the payloads.
* serve.sh - Starts up a basic web server to use for delivering the payloads and cloned web page. Launches Metasploit using the generated resource script.
* applet.jar - The Java applet used in the web attack. It is signed by a legitimate code signing certificate.
* Java.java - The Java applet source code taken directly from SET. This is used to compile applet.jar.
* example_gmail.html - Example html page included to use in weaponizing.Example usage:
```
./clone.sh https://gmail.com/
./weaponize.py index.html 127.0.0.1
./serve.sh
```