Kali Linux

MSMAP : Memory WebShell Generator

Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients.

Function

  • Dynamic Menu
  • Automatic Compilation
  • Generate Script
  • Lite Mode
  • Graphical Interface

Container

  • Java
    • Tomcat7
    • Tomcat8
    • Tomcat9
    • Tomcat10
    • Resin3
    • Resin4
    • WebSphere
    • GlassFish
    • WebLogic
    • JBoss
    • Spring*
    • Netty
    • JVM*
  • .NET
    • IIS
  • PHP
  • Python

*: SpringHandler only support for JDK8+

*: Default support for Linux Tomcat 8/9, more versions can be adapted according to the advanced guide.

WebShell / Proxy / Killer

  • WebShell
    • CMD / SH
    • AntSword
    • JSPJS
    • Behinder
    • Godzilla
  • No need for modularity

Proxy: Neo-reGeorg, wsproxy

Killer: java-memshell-scanner, ASP.NET-Memshell-Scanner

Decoder / Decryptor / Hasher

  • Decoder
    • Base64
    • Hex
  • Decryptor
    • XOR
    • RC4
    • AES128
    • AES256
    • RSA
  • Hasher
    • MD5
    • SHA128
    • SHA256

Usage

git clone git@github.com:hosch3n/msmap.git
cd msmap
python generator.py

[Warning] MUST set a unique password, Options are case sensitive.

Advanced

Edit config/environment.py

# Auto Compile
auto_build = True

# Base64 Encode Class File
b64_class = True

# Generate Script File
generate_script = True

# Compiler Absolute Path
java_compiler_path = r"~/jdk1.6.0_04/bin/javac"
dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"

Edit gist/java/container/tomcat/servlet.py

// Servlet Path Pattern
private static String pattern = "*.xml";

If an encryption encoder is used in WsFilter, the password needs to be the same as the path (eg /passwd)

gist/java/container/jdk/javax.py with lib/servlet-api.jar can be replaced depending on the target container.

pip3 install pyperclip to support automatic copying to clipboard.

Example

CMD / SH
AntSword
Behinder
Godzilla

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago