ShiroEXP

Shiro漏洞综合利用工具

Environment

JDK 8u431 | Intellij 2025

⚠️ 使用其他JDK版本可能出现未知的错误

Features

爆破rememberMe
漏洞探测(Shiro550、Shiro721)
探测回显链
探测依赖（FindClassByURLDNS、FindClassByBomb）
命令执行
注入内存马
全局代理

Help

Demonstrate

Shiro550

Shiro721

FindClassByURLDNS

自定义探测类

FindClassByBomb

命令执行

内存马注入

自定义内存马

Build

自行编译打jar包时，可能会遇到找不到或无法加载主类的问题，经排查是因为bcprov包中的签名文件，打包后删除*.DSA、*.SF文件即可

Thanks

@frohoff https://github.com/frohoff/ysoserial

@SummerSec https://github.com/SummerSec/ShiroAttack2

@c0ny1 https://github.com/woodpecker-framework/ysoserial-for-woodpecker

@feihong-cs https://github.com/feihong-cs/ShiroExploit-Deprecated

Warnning

本工具仅可用作学习用途和授权渗透测试，使用本工具造成的后果由使用者自行承担。

Name		Name	Last commit message	Last commit date
Latest commit History 47 Commits
.idea		.idea
config		config
img		img
misc		misc
src		src
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
dependency-reduced-pom.xml		dependency-reduced-pom.xml
pom.xml		pom.xml
scenicView.properties		scenicView.properties

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ShiroEXP

Environment

Features

Help

Demonstrate

Shiro550

Shiro721

FindClassByURLDNS

FindClassByBomb

命令执行

内存马注入

Build

Thanks

Warnning

About

Uh oh!

Releases 4

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

License

Y5neKO/ShiroEXP

Folders and files

Latest commit

History

Repository files navigation

ShiroEXP

Environment

Features

Help

Demonstrate

Shiro550

Shiro721

FindClassByURLDNS

FindClassByBomb

命令执行

内存马注入

Build

Thanks

Warnning

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 4

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages