# tp5-getshell **Repository Path**: fengzihk/tp5-getshell ## Basic Information - **Project Name**: tp5-getshell - **Description**: thinkphp5 rce getshell - **Primary Language**: Python - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 1 - **Forks**: 0 - **Created**: 2020-03-29 - **Last Updated**: 2023-04-17 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README tp5-getshell.py - thinkphp5 rce漏洞检测工具 == ----------------------- # 概述 控制器过滤不严导致rce,漏洞详情参考 [thinkphp5 RCE漏洞重现及分析](http://www.lsablog.com/networksec/penetration/thinkphp5-rce-analysis/)
本工具支持单url/批量检测,有phpinfo模式、cmd shell模式、getshell(写一句话)模式,批量检测直接使用getshell模式。
----------------------- # 需求 python2.7
pip install -r requirements.txt
----------------------- # 快速开始 python tp5-getshell.py -h
![](https://github.com/theLSA/tp5-getshell/raw/master/demo/p4.png)

单url检测(phpinfo模式)
使用4种poc-phpinfo检测
python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/
![](https://github.com/theLSA/tp5-getshell/raw/master/demo/p3.png)

单url检测(getshell模式)
使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell
python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/ –exploit
![](https://github.com/theLSA/tp5-getshell/raw/master/demo/p2.png)

单url检测(cmd shell模式)
python tp5-getshell.py -u http://www.xxx.com/ –cmdshell
![](https://github.com/theLSA/tp5-getshell/raw/master/demo/p1.png)

批量检测(getshell)
使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell
python tp5-getshell.py -f urls.txt -t 2 -s 10
![](https://github.com/theLSA/tp5-getshell/raw/master/demo/p0.png)

---------------------- # 反馈 博客: http://www.lsablog.com/
gmail: lsasguge196@gmail.com
qq: 2894400469@qq.com
issues: https://github.com/theLSA/tp5-getshell/issues