Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients.
*: SpringHandler only support for JDK8+
*: Default support for Linux Tomcat 8/9
, more versions can be adapted according to the advanced guide.
Proxy: Neo-reGeorg, wsproxy
Killer: java-memshell-scanner, ASP.NET-Memshell-Scanner
git clone git@github.com:hosch3n/msmap.git cd msmap python generator.py
[Warning] MUST set a unique password, Options are case sensitive.
Edit config/environment.py
# Auto Compile auto_build = True # Base64 Encode Class File b64_class = True # Generate Script File generate_script = True # Compiler Absolute Path java_compiler_path = r"~/jdk1.6.0_04/bin/javac" dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"
Edit gist/java/container/tomcat/servlet.py
// Servlet Path Pattern private static String pattern = "*.xml";
If an encryption encoder is used in WsFilter, the password needs to be the same as the path (eg /passwd
)
gist/java/container/jdk/javax.py
with lib/servlet-api.jar
can be replaced depending on the target container.
pip3 install pyperclip
to support automatic copying to clipboard.
CMD / SH
AntSword
Behinder
Godzilla
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…