https://github.com/bigsizeme/shiro-check

Shiro反序列化回显利用、内存shell、检查 Burp插件
https://github.com/bigsizeme/shiro-check

Last synced: 3 months ago
JSON representation

Shiro反序列化回显利用、内存shell、检查 Burp插件

• Host: GitHub
• URL: https://github.com/bigsizeme/shiro-check
• Owner: bigsizeme
• Created: 2020-06-16T07:50:19.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2022-09-01T23:28:40.000Z (about 2 years ago)
• Last Synced: 2024-04-12T20:40:17.181Z (7 months ago)
• Language: Java
• Homepage:
• Size: 160 KB
• Stars: 214
• Watchers: 5
• Forks: 18
• Open Issues: 3
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - bigsizeme/shiro-check - Shiro反序列化回显利用、内存shell、检查 Burp插件 (Java)

README

        
# shiro-check

3.0增加了几种回显payload，增加了基于Filter（需要对冰蝎客户端pageContext进行改造）和servlet（部分环境需要把参数据进行URL转码）内存冰蝎的支持。(release提供下载)

2.0增加了回显，及100keys,20keys扫描选项，

利用了burp内置的 dnslog api（Collaborator） 基于ysoserial的Gadgets URLDNS进行DNS查询验证此漏洞!

#release中提供下载

![Alt text](https://github.com/bigsizeme/shiro-check/blob/master/img/shell.png)

![Alt text](https://github.com/bigsizeme/shiro-check/blob/master/img/ZV%605%24%5BAM%7D~LW7Z%24H2316Q%24T.png)

![Alt text](https://github.com/bigsizeme/shiro-check/blob/master/img/check.png)