ShiroAttack2 CLI

Command-line toolkit to detect, brute-force keys, and exploit Apache Shiro rememberMe deserialization vulnerabilities (CVE-2016-4437) for authorized security te

triggers:shirorememberMeshiro attackCVE-2016-4437shiro-550爆破 Shiro key利用 Shiro

GitHub SKILL.md

What it does

ShiroAttack2 CLI is a Java-based command-line toolkit for detecting Apache Shiro rememberMe deserialization vulnerabilities, brute-forcing AES keys, executing commands, injecting in-memory web shells, and changing target Shiro keys. It runs from a fat JAR and supports structured JSON output for automation.

When to use it

Use this skill during authorized security assessments or penetration tests when you need to: detect if a target uses Shiro, verify or brute-force the rememberMe AES key, run commands via gadget chains, inject memory shells for post-exploitation (with permission), or attempt key replacement. Not for unauthorized use.

What's included

Scripts: none inside the skill directory, but the repo ships a runnable fat JAR and data files (shiro_keys.txt) for key cracking.
References: repository README and GitHub Releases for JAR downloads.
Instructions: how to run detect, crack, exec, memshell, and changekey commands; JSON output mode for automation; recommended AES modes (CBC/GCM) per Shiro version.

Compatible agents

Likely to be used by security-focused agent integrations that can execute CLI tools and parse JSON output (local automation, red-team tooling, or integration with security orchestration agents).

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: shiroattack2
Stars: 2,536
Installs: 0

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.

Back to Skills

ShiroAttack2 CLI

from shiroattack22,536

Command-line toolkit to detect, brute-force keys, and exploit Apache Shiro rememberMe deserialization vulnerabilities (CVE-2016-4437) for authorized security te

triggers:shirorememberMeshiro attackCVE-2016-4437shiro-550爆破 Shiro key利用 Shiro

GitHub SKILL.md

What it does

When to use it

What's included

Scripts: none inside the skill directory, but the repo ships a runnable fat JAR and data files (shiro_keys.txt) for key cracking.
References: repository README and GitHub Releases for JAR downloads.
Instructions: how to run detect, crack, exec, memshell, and changekey commands; JSON output mode for automation; recommended AES modes (CBC/GCM) per Shiro version.

Compatible agents

Likely to be used by security-focused agent integrations that can execute CLI tools and parse JSON output (local automation, red-team tooling, or integration with security orchestration agents).

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: shiroattack2
Stars: 2,536
Installs: 0

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.

ShiroAttack2 CLI

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills

ShiroAttack2 CLI

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills