• Stars
    star
    137
  • Rank 266,121 (Top 6 %)
  • Language
    Python
  • Created almost 6 years ago
  • Updated almost 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

thinkphp5 rce getshell

tp5-getshell.py - thinkphp5 rce漏洞检测工具


概述

控制器过滤不严导致rce,漏洞详情参考

thinkphp5 RCE漏洞重现及分析


本工具支持单url/批量检测,有phpinfo模式、cmd shell模式、getshell(写一句话)模式,批量检测直接使用getshell模式。

需求

python2.7


pip install -r requirements.txt

快速开始

python tp5-getshell.py -h



单url检测(phpinfo模式)

使用4种poc-phpinfo检测

python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/


单url检测(getshell模式)

使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell

python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/ –exploit



单url检测(cmd shell模式)

python tp5-getshell.py -u http://www.xxx.com/ –cmdshell



批量检测(getshell)

使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell

python tp5-getshell.py -f urls.txt -t 2 -s 10



反馈

博客: http://www.lsablog.com/
gmail: [email protected]
qq: [email protected]
issues: https://github.com/theLSA/tp5-getshell/issues

More Repositories

1

CS-checklist

PC客户端(C-S架构)渗透测试checklist / Client side(C-S) penetration checklist
655
star
2

emergency-response-checklist

应急响应指南 / emergency response checklist
651
star
3

hack-er-tools

emergency response toolkit
Shell
250
star
4

burp-unauth-checker

burpsuite extension for check unauthorized vulnerability
Python
223
star
5

hack-cs-tools

client side (C-S) penetration toolkit
149
star
6

burp-sensitive-param-extractor

burpsuite extension for check and extract sensitive request parameter
Python
109
star
7

ueditor-getshell

ueditor .net getshell
Python
93
star
8

burp-info-extractor

burpsuite extension for extract information from data
Java
84
star
9

awBruter

千倍速一句话木马密码爆破工具
Python
74
star
10

f5-bigip-rce-cve-2020-5902

F5 BIG-IP RCE CVE-2020-5902 automatic check tool
Python
61
star
11

cmsIdentification

多模式cms识别脚本
Python
58
star
12

discuz-ml-rce

discuz ml rce
Python
54
star
13

phpstudy-backdoor-rce

phpstudy(2016/2018) backdoor rce
Python
47
star
14

ecshop-getshell

ecshop rce getshell
Python
30
star
15

s2sniper

针对struts2的漏洞检测工具(可批量)
Python
22
star
16

vbulletin5-rce

CVE-2019-16759 vbulletin 5.0.0 till 5.5.4 pre-auth rce
Python
20
star
17

sunlogin-exp-gui

GUI版向日葵RCE漏洞利用工具 / GUI version of sunlogin exploit tool
Java
17
star
18

sunlogin-exp-cmd

命令行版向日葵RCE漏洞利用工具 / cmd version of sunlogin exploit tool
C++
16
star
19

solr-rce

apache solr 5.x - 8.2.0 rce (with config api)
Python
10
star
20

apache-httpd-path-traversal-checker

apache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)
Python
8
star
21

burp-comment-extractor

burpsuite extension for extract html and js comment.
Java
7
star
22

md5Base64Cracker

Crack md5{d_base64}
Python
6
star
23

lsascan_v1.0_linux

Java
5
star
24

lsascan_v1.0_python

Python
1
star
25

harbor-give-me-admin

harbor(<1.7.6/1.8.3) privilege escalation (CVE-2019-16097)
Python
1
star
26

wooyun_wordcloud

简单的乌云(镜像站)漏洞词云
Python
1
star
27

http_methods

python实现的多种http请求脚本
Python
1
star