Coder Social home page Coder Social logo

springexploit's Introduction

SpringExploit SpringExploit Forks Release Stars Follower Visitor SecSummers

📝 TODO

  • 添加支持CVE-2022-22947 (Spring Cloud Gateway SpELRCE)
  • 添加支持CVE-2022-22963 (Spring Cloud Function SpEL RCE)
  • 添加支持CVE-2021-26084 (Atlassian Confluence RCE)
  • 添加支持CVE-2022-26134 (Atlassian Confluence Unauth RCE)
  • 添加支持CVE-2022-22965 (Spring Core RCE)
  • 添加支持CVE-2022-1388 (F5 BIG-IP RCE)
  • 自定义并发
  • 自定义输出日志位置
  • 自定义结果输出位置
  • 支持自定义漏洞利用
  • 支持指定ip段eg: 192.168.0.0/24
  • 命令执行漏洞式支持交互式执行命令
  • 验证url是否存活
  • 增加自动更新参数,增加判断是否存在是最新版本 (-version参数)
  • 随机User-Agent请求头

………

🐉 来龙去脉

为了学习一下golang,花了两天时间,写了这款框架式的exp利用工具练练手,后续还会支持其他的漏洞。初学golang,代码还是很粗糙。一开始是打算就支持Spring系列漏洞的利用,但写到后面自我感觉能够集成其他的漏洞利用。具体会支持那些漏洞,作者会根据情况自我判断,可以提建议,但不一定被采纳。亦可以提交pr。可以查看源代码写poc和exp,写了很多注释,很容易懂。

本项目集成的漏洞基本上都是能会被利用的,直接或间接执行命令或者连接webshell,且本地测试通过的。

项目已经开了讨论区,如果有建议可以在讨论区提出。

⚡下载安装

release界面下载对应操作系统版本,因为本项目使用GitHub Action自动编译,不存在后门风险,如果需要自己下载源码手动编译,请自行百度,不会解答这类问题。

🎬 使用方法

-f 指定文件 -p 指定poc(如果没有-p参数默认跑全部pocs) -m 1 开启debug日志, 默认不开启 -t threads数量 

SpringExploit -f urls.txt -p CVE20221388 -m 1 -t 10 

-proxy 设置代理 -o 保存结果文件位置 -log 日志文件输出位置默认logs/logs-{time}.txt 
SpringExploit -u https://www.baidu.com/  -proxy http://127.0.0.1:1080 -o result.txt -log logs/logs.txt

还有更多好玩的组合方式,自行探索。除了-f -u -i 三个不能在一个组合命令出现,其他都可以组合成命令。

example usages:

SpringExploit -f urls.txt -t 50 
SpringExploit -u https://www.baidu.com/ -proxy http://127.0.0.1:1080
SpringExploit -i 127.0.0.1/24
SpringExploit -u https://www.baidu.com/ -p CVE202222947,CVE202222963
SpringExploit -u https://www.baidu.com/ -p CVE20221388 -shell

使用head请求判断url是否alive,如果url失效,默认不会跑所有的pocs,如果需要不判断是否alive请使用-p参数指定poc,如果仅仅需要判断url是否存活可以使用-p ISAlIVEURL
SpringExploit -sp

image-20220422190411847

🅱️ 免责声明

该工具仅用于安全自查检测

由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。

本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许,不得善自使用本工具进行任何攻击活动,不得以任何方式将其用于商业目的。

该工具只授权于企业内部进行问题排查,请勿用于非法用途,请遵守网络安全法,否则后果作者概不负责

as

springexploit's People

Contributors

github-actions[bot] avatar summersec avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

zzhsec phuong39 nucleareris changheluor007 crackercat inknull istoliving 482949203 kenuoseclab aqimmm 1203731177 silentsoul04 harry1080 zha0 lmao2020 ko-sec diggid4ever 5l1v3r1 evi1hack qaz7791869 sec-fork r1is happray asura88 ibeginer yx2124538 lllliiillll sylviagaytaneh2021 xunyang1 fostane runningoutoftimeu fanyibo2009 zo-zero-one hackerxj007 bbbfkl cc106047428 nd230 asnblock ru0ch3n imemaker savior-only h1ck0r hypoch flyr4nk ran222 msr00t ofalwl beike2020 julianvolodia ivonne2017 testitok jack1024z

springexploit's Issues

ERROR 

./main -f test.txt -t 50 -timeout 5 -proxy http://127.0.0.1:8080

……

/SpringExploit/cmd/commons/core/runner.go:104 github.com/SummerSec/SpringExploit/cmd/commons/core.Start.func1()  Runner panic: interface conversion: interface {} is nil, not bool

使用报错

m1pro
麻烦师傅了,不知道什么问题。
�[36mINFO�[0m[2022-05-12T16:48:09+08:00]/home/runner/work/SpringExploit/SpringExploit/cmd/commons/core/runner.go:30 github.com/SummerSec/SpringExploit/cmd/commons/core.(Runner).Run() Starting SpringExploit
�[36mINFO�[0m[2022-05-12T16:48:09+08:00]/home/runner/work/SpringExploit/SpringExploit/cmd/commons/utils/readfile.go:13 github.com/SummerSec/SpringExploit/cmd/commons/utils.ReadFile() Reading file: url.txt
�[36mINFO�[0m[2022-05-12T16:48:09+08:00]/home/runner/work/SpringExploit/SpringExploit/cmd/commons/core/runner.go:85 github.com/SummerSec/SpringExploit/cmd/commons/core.Start() Runner started
�[36mINFO�[0m[2022-05-12T16:48:09+08:00]/home/runner/work/SpringExploit/SpringExploit/cmd/commons/core/runner.go:86 github.com/SummerSec/SpringExploit/cmd/commons/core.Start() testing URL: http://10.242.23.49:1951
�[36mINFO�[0m[2022-05-12T16:48:09+08:00]/home/runner/work/SpringExploit/SpringExploit/cmd/commons/attack/attack.go:60 github.com/SummerSec/SpringExploit/cmd/commons/attack.attack() [] attack all pocs

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.