Light

sv3nbeast / shiroscan Goto Github PK

View Code? Open in Web Editor NEW

946.0 8.0 142.0 71.63 MB

Shiro<=1.2.4反序列化，一键检测工具

Python 100.00%

shiroscan's Introduction

ShiroScan

Shiro<=1.2.4反序列化，一键检测工具

2021·1·15:
改动内容：1.删除CC8利用链
改动内容：2.新增xray总结的k1到k4这4个利用链
改动内容：3.新增Jdk8u20的利用链
改动内容：4.新增GCM加密发包

过往:
改动内容：1.新增17个利用链模块,共28个利用链，预计增加成功率30%，已打包成新ysoserial的jar包，请勿更换
改动内容：2.可直接获得目标使用key值
改动内容：3.新增30个key(再多意义也不大)
改动内容：4.输入命令自动进行bash编码，防止未了解此漏洞的人踩坑,但要注意的是如果执行的命令为携带``符号，常用于dnslog外带命令，需自行传入bash编码，否则终端会自行将本地执行结果带入命令中

共集成51个key进行fuzz

如果有帮助，请点个star哦， blog：https://www.svenbeast.com
pip3 install -r requirments.txt
若import模块错误，安装不成功，请到linux系统安装运行，或者去python库将crypto首字母改为大写并尝试pip install pycryptodome")
如果存在异常java信息，请使用jdk1.8环境运行，避免使用高版本java运行
Usage：python3 shiro.py url command
Usage：python3 shiro.py http://url.com whoami
http://www.dnslog.cn/ 验证推荐使用这个dnslog平台，速度比ceye.io要快很多
执行的命令带空格记得用""引起来
usage：python3 shiro.py http://url.com "ping dnslog.cn"
28个模块全部跑一遍,然后去dnslog平台查看是否收到请求，不出来就GG，也可能是因为目标使用的编码很冷门，可使用其他工具
请自行收集编码，在moule下的key.log中自行添加即可(格式: key:任意值)

本着尽可能的检测目标是否存在漏洞为目的所开发，并未对利用链进行大量删减

不推荐当做exp使用，效率问题

内置的yso的jar包存在tomcat回显链，并未集成到工具中，初衷是漏洞检测工具，有条件的可自行生成payload，header加入cmd:whoami即可

仅供安全人员验证,测试是否存在此漏洞

shiroscan's People

Contributors

Stargazers

Watchers

Forkers

dajjboom t4di5 whojeff ffpepwowa test123test111 r0bbit xiaoshuier lxl315 jar711red sry309 rainser seeksec hkylin thelostworldfree xxxxxyyyy wolfwhoami llhl001 adamloveve anhilo qing-q mea0w wj158 bubblemask sharpbladelab fengzihk yogistudio xiaobaidebai sholway bailongwang1 hyunwen pt001 5l1v3r1 bloodandwolf 3ecurity dycsy dlzdy l3ngd0n lordsky h4ckforjob mekoko s0k pumaxiaoyao zebta ctfer-stao shenmaoj w20di evil0xxx fqiaoming aetkrad muyuxx hatjie hihihimimimi mmg1 c0d1007 playboy666 colacy heartsleep slowmistio icysun renjunfeng anquanzhu m3g4byt3 leexuan yinhongji gayhub-blackerie javalangclass naozibuhao forktopot dengyigefeng wang0098 iamjazz shad0w008 dawson0x00 qianniaoge yoghourt010 sxhcomg p4yche te5t321 pentration rassec mrawb brucetyler0 simith003 guodongge gha193 zero2one-none vv4r1ock deepwebhacker haoirui wind-feather muqiyip asdlei99 h3xhash sashka3076 lcl99 amd6700k dayorday ifishzz devilmaycrying moyuwa

shiroscan's Issues

关于ysoserial.jar

老兄请教个问题，一般ysoserial.jar分为ysoserial.jar 和ysoserial-all.jar，一个一百多k，一个几十兆。
老兄研究过这两个有啥区别么，或者说在什么情况下小的那个可以代替？

安装依赖包报错

pip3 install -r requirments.txt
ERROR: Could not find a version that satisfies the requirement os (from -r requirments.txt (line 1)) (from versions: none)
ERROR: No matching distribution found for os (from -r requirments.txt (line 1))

是不是不能对https的网站进行检测

HTTPSConnectionPool(host='xx.xx.xx', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
HTTPSConnectionPool(host='xx.xx.xx', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
HTTPSConnectionPool(host='xx.xx.xx', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
HTTPSConnectionPool(host='xx.xx.xx', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
HTTPSConnectionPool(host='xx.xx.xx', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
HTTPSConnectionPool(host='xx.xx.xx', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

对使用https的网站出现以下报错。。请大神指点迷津

HTTPSConnectionPool(host='xxx.xx.xxx.xxx', port=xxx): Max retries exceeded with url:/login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

疑问

你好，请问你收集了几个版本的硬编码key?

用户指定key文件

大佬，能不能增加一个参数，让用户指定一个包含key的文件。

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.