针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
-
Updated
Sep 8, 2024 - Python
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]
Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.
Spring4Shell - Spring Core RCE - CVE-2022-22965
CVE-2022-22965 : about spring core rce
spring4shell | CVE-2022-22965
CVE-2022-22965 - CVE-2010-1622 redux
This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell".
Lazy SPL to detect Spring4Shell exploitation
This enforces F5 WAF signatures for Spring4Shell and Spring Cloud vulnerabilities across all policies on a BIG-IP ASM device
Nmap Spring4Shell NSE script for Spring Boot RCE (CVE-2022-22965)
Spring4Shell Vulnerability Scanner for Windows
CVE-2022-22965 (Spring4Shell) Proof of Concept
Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+ (CVE-2022-22965 aka "Spring4Shell")
Spring4Shell - CVE-2022-22965
CVE-2022-22965 Spring4Shell research & PoC
Add a description, image, and links to the cve-2022-22965 topic page so that developers can more easily learn about it.
To associate your repository with the cve-2022-22965 topic, visit your repo's landing page and select "manage topics."