MSMAP - Memory WebShell Generator

Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文The idea behind I, The idea behind II Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical InterfaceContainerJava Tomcat7 Tomcat8 Tomcat9 Tomcat10 Resin3 Resin4 WebSphere GlassFish WebLogic JBoss Spring Netty JVM*.NET IISPHPPython*: Default support for Linux Tomcat 8/9, more versions can be adapted according to the advanced guide.WebShell / Proxy / KillerWebShell CMD / SH AntSword JSPJS Behinder GodzillaNo need for modularityProxy: Neo-reGeorg, wsproxyKiller: java-memshell-scanner, ASP.NET-Memshell-ScannerDecoder / Decryptor / HasherDecoder Base64 HexDecryptor XOR RC4 AES128 AES256 RSAHasher MD5 SHA128 SHA256 Usagegit clone git@github.com:hosch3n/msmap.gitcd msmappython generator.py[Warning] MUST set a unique password, Options are case sensitive.AdvancedEdit config/environment.py# Auto Compileauto_build = True# Base64 Encode Class Fileb64_class = True# Generate Script Filegenerate_script = True# Compiler Absolute Pathjava_compiler_path = r"~/jdk1.6.0_04/bin/javac"dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"Edit gist/java/container/tomcat/servlet.py// Servlet Path Patternprivate static String pattern = "*.xml";If an encryption encoder is used in WsFilter, the password needs to be the same as the path (eg /passwd)gist/java/container/jdk/javax.py with lib/servlet-api.jar can be replaced depending on the target container.pip3 install pyperclip to support automatic copying to clipboard.Example CMD / SHCommand with Base64 Encoder | Inject Tomcat Valvepython generator.py Java Tomcat Valve Base64 CMD passwdAntSwordType JSP with default Encoder | Inject Tomcat Valvepython generator.py Java Tomcat Valve RAW AntSword passwdType JSP with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat Listenerpython generator.py Java Tomcat Listener AES128 AntSword passwdType JSP with rc_4_sha256 Encoder | Inject Tomcat Servletpython generator.py Java Tomcat Servlet RC4 AntSword passwdType JSP with xor_md5 Encoder | AgentFiless Inject HttpServletpython generator.py Java JDK JavaX XOR AntSword passwdType JSPJS with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat WsFilterpython generator.py Java Tomcat WsFilter AES128 JSPJS passwd BehinderType default_aes | Inject Tomcat Valvepython generator.py Java Tomcat Valve AES128 Behinder rebeyondType default_xor_base64 | Inject Spring Interceptorpython generator.py Java Spring Interceptor XOR Behinder rebeyond GodzillaType JAVA_AES_BASE64 | Inject Tomcat Valvepython generator.py Java Tomcat Valve AES128 Godzilla superidolType JAVA_AES_BASE64 | AgentFiless Inject HttpServletpython generator.py Java JDK JavaX AES128 Godzilla superidolKnown issue ReferenceGodzillaMemoryShellProjectAntSword-JSP-TemplateAs-Exploits memshell_manageBehinder | wsMemShell | ysomapDownload Msmap

MSMAP  - Memory WebShell Generator


Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文

The idea behind I, The idea behind II





Function

  • Dynamic Menu
  • Automatic Compilation
  • Generate Script
  • Lite Mode
  • Graphical Interface

Container

  • Java
    • Tomcat7
    • Tomcat8
    • Tomcat9
    • Tomcat10
    • Resin3
    • Resin4
    • WebSphere
    • GlassFish
    • WebLogic
    • JBoss
    • Spring
    • Netty
    • JVM*
  • .NET
    • IIS
  • PHP
  • Python

*: Default support for Linux Tomcat 8/9, more versions can be adapted according to the advanced guide.

WebShell / Proxy / Killer

  • WebShell

    • CMD / SH
    • AntSword
    • JSPJS
    • Behinder
    • Godzilla
  • No need for modularity

Proxy: Neo-reGeorg, wsproxy

Killer: java-memshell-scanner, ASP.NET-Memshell-Scanner

Decoder / Decryptor / Hasher

  • Decoder
    • Base64
    • Hex
  • Decryptor
    • XOR
    • RC4
    • AES128
    • AES256
    • RSA
  • Hasher
    • MD5
    • SHA128
    • SHA256

Usage

git clone git@github.com:hosch3n/msmap.git
cd msmap
python generator.py

[Warning] MUST set a unique password, Options are case sensitive.

Advanced

Edit config/environment.py

# Auto Compile
auto_build = True

# Base64 Encode Class File
b64_class = True

# Generate Script File
generate_script = True

# Compiler Absolute Path
java_compiler_path = r"~/jdk1.6.0_04/bin/javac"
dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"

Edit gist/java/container/tomcat/servlet.py

// Servlet Path Pattern
private static String pattern = "*.xml";

If an encryption encoder is used in WsFilter, the password needs to be the same as the path (eg /passwd)

gist/java/container/jdk/javax.py with lib/servlet-api.jar can be replaced depending on the target container.

pip3 install pyperclip to support automatic copying to clipboard.

Example

CMD / SH

Command with Base64 Encoder | Inject Tomcat Valve

python generator.py Java Tomcat Valve Base64 CMD passwd


AntSword

Type JSP with default Encoder | Inject Tomcat Valve

python generator.py Java Tomcat Valve RAW AntSword passwd

Type JSP with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat Listener

python generator.py Java Tomcat Listener AES128 AntSword passwd

Type JSP with rc_4_sha256 Encoder | Inject Tomcat Servlet

python generator.py Java Tomcat Servlet RC4 AntSword passwd

Type JSP with xor_md5 Encoder | AgentFiless Inject HttpServlet

python generator.py Java JDK JavaX XOR AntSword passwd

Type JSPJS with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat WsFilter

python generator.py Java Tomcat WsFilter AES128 JSPJS passwd

Behinder

Type default_aes | Inject Tomcat Valve

python generator.py Java Tomcat Valve AES128 Behinder rebeyond

Type default_xor_base64 | Inject Spring Interceptor

python generator.py Java Spring Interceptor XOR Behinder rebeyond


Godzilla

Type JAVA_AES_BASE64 | Inject Tomcat Valve

python generator.py Java Tomcat Valve AES128 Godzilla superidol

Type JAVA_AES_BASE64 | AgentFiless Inject HttpServlet

python generator.py Java JDK JavaX AES128 Godzilla superidol

Known issue

Reference

GodzillaMemoryShellProject

AntSword-JSP-Template

As-Exploits memshell_manage

Behinder | wsMemShell | ysomap