Skills
.Work. You
Rest

shiro-attack-cli

Community

CLI tool for Shiro-550 detection & exploitation.

Software Engineering#command-execution#shiro#rememberme#cve-2016-4437#gadget-detection#key-crack
AuthorSummerSec
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This CLI-based solution helps security testers quickly detect Shiro rememberMe deserialization vulnerabilities (Shiro-550) and perform controlled testing, key verification, gadget detection, and payload deployment from a single tool.

Core Features & Use Cases

  • Detect Shiro framework presence and vulnerability indicators.
  • Crack or verify the rememberMe AES key across supported modes and versions.
  • Auto-detect gadget chains, execute commands, inject memory shells, and modify keys.
  • Suitable for targeted security assessments of Java applications using Shiro rememberMe.

Quick Start

Launch the CLI against a target URL and choose detect, crack, exec, memshell, or changekey to begin testing.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: shiro-attack-cli
Download link: https://github.com/SummerSec/ShiroAttack2/archive/main.zip#shiro-attack-cli

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.