MSMAP - Memory WebShell Generator
Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文
The idea behind I, The idea behind II
Function
- Dynamic Menu
- Automatic Compilation
- Generate Script
- Lite Mode
- Graphical Interface
Container
- Java
- Tomcat7
- Tomcat8
- Tomcat9
- Tomcat10
- Resin3
- Resin4
- WebSphere
- GlassFish
- WebLogic
- JBoss
- Spring
- Netty
- JVM*
- .NET
- IIS
- PHP
- Python
*: Default support for Linux Tomcat 8/9
, more versions can be adapted according to the advanced guide.
WebShell / Proxy / Killer
-
WebShell
- CMD / SH
- AntSword
- JSPJS
- Behinder
- Godzilla
-
No need for modularity
Proxy: Neo-reGeorg, wsproxy
Killer: java-memshell-scanner, ASP.NET-Memshell-Scanner
Decoder / Decryptor / Hasher
- Decoder
- Base64
- Hex
- Decryptor
- XOR
- RC4
- AES128
- AES256
- RSA
- Hasher
- MD5
- SHA128
- SHA256
Usage
git clone [email protected]:hosch3n/msmap.gitcd msmappython generator.py
[Warning] MUST set a unique password, Options are case sensitive.
Advanced
Edit config/environment.py
# Auto Compileauto_build = True# Base64 Encode Class Fileb64_class = True# Generate Script Filegenerate_script = True# Compiler Absolute Pathjava_compiler_path = r"~/jdk1.6.0_04/bin/javac"dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"
Edit gist/java/container/tomcat/servlet.py
// Servlet Path Patternprivate static String pattern = "*.xml";
If an encryption encoder is used in WsFilter, the password needs to be the same as the path (eg /passwd
)
gist/java/container/jdk/javax.py
with lib/servlet-api.jar
can be replaced depending on the target container.
pip3 install pyperclip
to support automatic copying to clipboard.
Example
CMD / SHCommand with Base64 Encoder | Inject Tomcat Valve
python generator.py Java Tomcat Valve Base64 CMD passwd
AntSword
Type JSP with default Encoder | Inject Tomcat Valve
python generator.py Java Tomcat Valve RAW AntSword passwd
Type JSP with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat Listener
python generator.py Java Tomcat Listener AES128 AntSword passwd
Type JSP with rc_4_sha256 Encoder | Inject Tomcat Servlet
python generator.py Java Tomcat Servlet RC4 AntSword passwd
Type JSP with xor_md5 Encoder | AgentFiless Inject HttpServlet
python generator.py Java JDK JavaX XOR AntSword passwd
Type JSPJS with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat WsFilter
python generator.py Java Tomcat WsFilter AES128 JSPJS passwd
Type default_aes | Inject Tomcat Valve
python generator.py Java Tomcat Valve AES128 Behinder rebeyond
Type default_xor_base64 | Inject Spring Interceptor
python generator.py Java Spring Interceptor XOR Behinder rebeyond
Godzilla
Type JAVA_AES_BASE64 | Inject Tomcat Valve
python generator.py Java Tomcat Valve AES128 Godzilla superidol
Type JAVA_AES_BASE64 | AgentFiless Inject HttpServlet
python generator.py Java JDK JavaX AES128 Godzilla superidol
Reference
Behinder | wsMemShell | ysomap
Source: www.kitploit.com