MSMAP - Memory WebShell Generator
Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文The idea behind I, The idea behind II Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical InterfaceContainerJava Tomcat7 Tomcat8 Tomcat9 Tomcat10 Resin3 Resin4 WebSphere GlassFish WebLogic JBoss Spring Netty JVM*.NET IISPHPPython*: Default support for Linux Tomcat 8/9, more versions can be adapted according to the advanced guide.WebShell / Proxy / KillerWebShell CMD / SH AntSword JSPJS Behinder GodzillaNo need for modularityProxy: Neo-reGeorg, wsproxyKiller: java-memshell-scanner, ASP.NET-Memshell-ScannerDecoder / Decryptor / HasherDecoder Base64 HexDecryptor XOR RC4 AES128 AES256 RSAHasher MD5 SHA128 SHA256 Usagegit clone git@github.com:hosch3n/msmap.gitcd msmappython generator.py[Warning] MUST set a unique password, Options are case sensitive.AdvancedEdit config/environment.py# Auto Compileauto_build = True# Base64 Encode Class Fileb64_class = True# Generate Script Filegenerate_script = True# Compiler Absolute Pathjava_compiler_path = r"~/jdk1.6.0_04/bin/javac"dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"Edit gist/java/container/tomcat/servlet.py// Servlet Path Patternprivate static String pattern = "*.xml";If an encryption encoder is used in WsFilter, the password needs to be the same as the path (eg /passwd)gist/java/container/jdk/javax.py with lib/servlet-api.jar can be replaced depending on the target container.pip3 install pyperclip to support automatic copying to clipboard.Example CMD / SHCommand with Base64 Encoder | Inject Tomcat Valvepython generator.py Java Tomcat Valve Base64 CMD passwdAntSwordType JSP with default Encoder | Inject Tomcat Valvepython generator.py Java Tomcat Valve RAW AntSword passwdType JSP with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat Listenerpython generator.py Java Tomcat Listener AES128 AntSword passwdType JSP with rc_4_sha256 Encoder | Inject Tomcat Servletpython generator.py Java Tomcat Servlet RC4 AntSword passwdType JSP with xor_md5 Encoder | AgentFiless Inject HttpServletpython generator.py Java JDK JavaX XOR AntSword passwdType JSPJS with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat WsFilterpython generator.py Java Tomcat WsFilter AES128 JSPJS passwd BehinderType default_aes | Inject Tomcat Valvepython generator.py Java Tomcat Valve AES128 Behinder rebeyondType default_xor_base64 | Inject Spring Interceptorpython generator.py Java Spring Interceptor XOR Behinder rebeyond GodzillaType JAVA_AES_BASE64 | Inject Tomcat Valvepython generator.py Java Tomcat Valve AES128 Godzilla superidolType JAVA_AES_BASE64 | AgentFiless Inject HttpServletpython generator.py Java JDK JavaX AES128 Godzilla superidolKnown issue ReferenceGodzillaMemoryShellProjectAntSword-JSP-TemplateAs-Exploits memshell_manageBehinder | wsMemShell | ysomapDownload Msmap
hackeridiot
Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文
The idea behind I, The idea behind II
Function
- Dynamic Menu
- Automatic Compilation
- Generate Script
- Lite Mode
- Graphical Interface
Container
- Java
- Tomcat7
- Tomcat8
- Tomcat9
- Tomcat10
- Resin3
- Resin4
- WebSphere
- GlassFish
- WebLogic
- JBoss
- Spring
- Netty
- JVM*
- .NET
- IIS
- PHP
- Python
*: Default support for Linux Tomcat 8/9, more versions can be adapted according to the advanced guide.
WebShell / Proxy / Killer
WebShell
- CMD / SH
- AntSword
- JSPJS
- Behinder
- Godzilla
No need for modularity
Proxy: Neo-reGeorg, wsproxy
Killer: java-memshell-scanner, ASP.NET-Memshell-Scanner
Decoder / Decryptor / Hasher
- Decoder
- Base64
- Hex
- Decryptor
- XOR
- RC4
- AES128
- AES256
- RSA
- Hasher
- MD5
- SHA128
- SHA256
Usage
git clone git@github.com:hosch3n/msmap.git
cd msmap
python generator.py[Warning] MUST set a unique password, Options are case sensitive.
Advanced
Edit config/environment.py
# Auto Compile
auto_build = True
# Base64 Encode Class File
b64_class = True
# Generate Script File
generate_script = True
# Compiler Absolute Path
java_compiler_path = r"~/jdk1.6.0_04/bin/javac"
dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"Edit gist/java/container/tomcat/servlet.py
// Servlet Path Pattern
private static String pattern = "*.xml";If an encryption encoder is used in WsFilter, the password needs to be the same as the path (eg /passwd)
gist/java/container/jdk/javax.py with lib/servlet-api.jar can be replaced depending on the target container.
pip3 install pyperclip to support automatic copying to clipboard.
Example
CMD / SHCommand with Base64 Encoder | Inject Tomcat Valve
python generator.py Java Tomcat Valve Base64 CMD passwd
AntSword
Type JSP with default Encoder | Inject Tomcat Valve
python generator.py Java Tomcat Valve RAW AntSword passwd
Type JSP with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat Listener
python generator.py Java Tomcat Listener AES128 AntSword passwd
Type JSP with rc_4_sha256 Encoder | Inject Tomcat Servlet
python generator.py Java Tomcat Servlet RC4 AntSword passwd
Type JSP with xor_md5 Encoder | AgentFiless Inject HttpServlet
python generator.py Java JDK JavaX XOR AntSword passwd
Type JSPJS with aes_128_ecb_pkcs7_padding_md5 Encoder | Inject Tomcat WsFilter
python generator.py Java Tomcat WsFilter AES128 JSPJS passwd
Type default_aes | Inject Tomcat Valve
python generator.py Java Tomcat Valve AES128 Behinder rebeyond
Type default_xor_base64 | Inject Spring Interceptor
python generator.py Java Spring Interceptor XOR Behinder rebeyond
Godzilla
Type JAVA_AES_BASE64 | Inject Tomcat Valve
python generator.py Java Tomcat Valve AES128 Godzilla superidol
Type JAVA_AES_BASE64 | AgentFiless Inject HttpServlet
python generator.py Java JDK JavaX AES128 Godzilla superidol
Reference
Behinder | wsMemShell | ysomap
