├── README.md ├── Xnip2020-11-05_23-19-43.jpg ├── Xnip2020-11-05_23-20-11.jpg ├── Xnip2020-11-05_23-20-41.jpg ├── Xnip2020-11-05_23-20-55.jpg └── jce.py /README.md: -------------------------------------------------------------------------------- 1 | # JCE 2 | JCE - JSP/JPSX CodeEncode - 用于 Webshell 逃避静态查杀的辅助脚本 3 | 4 | # 简介 5 | JCE 是一个用于 Webshell 逃避静态查杀的辅助脚本,可以将 JSP/JSPX 脚本编码成 HTML/Unicode/CDATA 内容格式。 6 | 7 | # 更新 8 | - 增加 All 参数,选择该参数后三种编码随机交叉使用 9 | - 填坑,应该是最后一版了,修复若干 Bug,优化内部代码逻辑 10 | 11 | # 测试环境 12 | Apache Tomcat/8.0.30 13 | 14 | # 使用 15 | 16 | 推荐编码 17 | unicode > html = cdata = all 18 | 19 | ``` 20 | python3 jce.py -i infile.jsp -o outfile.jsp [-t](html/unicode/cdata/all) 21 | ``` 22 | 原文件 23 | ![](./Xnip2020-11-05_23-20-55.jpg) 24 | 25 | 编码后 26 | ![](./Xnip2020-11-05_23-20-41.jpg) 27 | # 注意 28 | 1. 原代码过长进行编码时候会出现了 HTTP Status 500 等一些报错,基本可以忽略,重新请求多几次即可 29 | 2. 推荐使用 unicode 进行编码 30 | -------------------------------------------------------------------------------- /Xnip2020-11-05_23-19-43.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ch1ngg/JCE/d02a5d4ee98e794dc4b0f3fcc448d9f993c420f7/Xnip2020-11-05_23-19-43.jpg -------------------------------------------------------------------------------- /Xnip2020-11-05_23-20-11.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ch1ngg/JCE/d02a5d4ee98e794dc4b0f3fcc448d9f993c420f7/Xnip2020-11-05_23-20-11.jpg -------------------------------------------------------------------------------- /Xnip2020-11-05_23-20-41.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ch1ngg/JCE/d02a5d4ee98e794dc4b0f3fcc448d9f993c420f7/Xnip2020-11-05_23-20-41.jpg -------------------------------------------------------------------------------- /Xnip2020-11-05_23-20-55.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ch1ngg/JCE/d02a5d4ee98e794dc4b0f3fcc448d9f993c420f7/Xnip2020-11-05_23-20-55.jpg -------------------------------------------------------------------------------- /jce.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | import re 3 | import sys 4 | import random 5 | import logging 6 | import argparse 7 | import binascii 8 | 9 | logging.basicConfig(level=logging.DEBUG,format="%(message)s") 10 | 11 | def returnUnicode(keyword): 12 | newkeyword = "\\u00" + binascii.b2a_hex(keyword.encode('utf-8')).decode() 13 | return newkeyword 14 | 15 | def returnHTML(keyword): 16 | newkeyword = "&#x" + binascii.b2a_hex(keyword.encode('utf-8')).decode() + ";" 17 | return newkeyword 18 | 19 | def returnCDATA(keyword): 20 | newkeyword = "" 21 | return newkeyword 22 | 23 | def ConvertJavaCodeToUnicode(inpath,topath): 24 | with open(inpath,'r') as f: 25 | contentlines = f.readlines() 26 | newContents = "" 27 | for i in contentlines: 28 | if 'jsp:root' in i or 'jsp:declaration' in i or 'jsp:scriptlet' in i or 'jsp:directive.page' in i or '' in i: 29 | newContents += i 30 | continue 31 | if "page import" in i or "page pageEncoding" in i or "page contentType" in i: 32 | oldstr = i[i.find('"') + 1 :i.rfind('"')] 33 | temp = "" 34 | for n in oldstr: 35 | if re.match(r"\w",n) != None: 36 | temp += returnUnicode(n) 37 | else: 38 | temp += n 39 | newContents += i.replace(oldstr,temp) 40 | continue 41 | for n in i: 42 | if re.match(r"\w",n) != None: 43 | newContents += returnUnicode(n) 44 | else: 45 | newContents += n 46 | with open(topath,'w+') as fs: 47 | fs.write(newContents) 48 | f.close() 49 | fs.close() 50 | 51 | def ConvertJavaCodeToHTML(inpath,topath): 52 | with open(inpath,'r') as f: 53 | contentlines = f.readlines() 54 | newContents = "" 55 | for i in contentlines: 56 | if 'jsp:root' in i or 'jsp:declaration' in i or 'jsp:scriptlet' in i or 'jsp:directive.page' in i or '' in i: 57 | newContents += i 58 | continue 59 | if "page import" in i or "page pageEncoding" in i or "page contentType" in i: 60 | oldstr = i[i.find('"') + 1 :i.rfind('"')] 61 | temp = "" 62 | for n in oldstr: 63 | if re.match(r"\w",n) != None: 64 | temp += returnHTML(n) 65 | else: 66 | temp += n 67 | newContents += i.replace(oldstr,temp) 68 | continue 69 | for n in i: 70 | if re.match(r"\w",n) != None: 71 | newContents += returnHTML(n) 72 | else: 73 | newContents += n 74 | with open(topath,'w+') as fs: 75 | fs.write(newContents) 76 | f.close() 77 | fs.close() 78 | 79 | def ConvertJavaCodeToCDATA(inpath,topath): 80 | with open(inpath,'r') as f: 81 | contentlines = f.readlines() 82 | newContents = "" 83 | for i in contentlines: 84 | if 'jsp:root' in i or 'jsp:declaration' in i or 'jsp:scriptlet' in i or 'jsp:directive.page' in i or '' in i: 85 | newContents += i 86 | continue 87 | if "page import" in i or "page pageEncoding" in i or "page contentType" in i: 88 | oldstr = i[i.find('"') + 1 :i.rfind('"')] 89 | temp = "" 90 | for n in oldstr: 91 | if re.match(r"\w",n) != None: 92 | temp += returnCDATA(n) 93 | else: 94 | temp += n 95 | newContents += i.replace(oldstr,temp) 96 | continue 97 | for n in i: 98 | if re.match(r"\w",n) != None: 99 | newContents += returnCDATA(n) 100 | else: 101 | newContents += n 102 | with open(topath,'w+') as fs: 103 | fs.write(newContents) 104 | f.close() 105 | fs.close() 106 | 107 | def JavaCodeRandomEncode(inpath,topath): 108 | with open(inpath,'r') as f: 109 | contentlines = f.readlines() 110 | newContents = "" 111 | for i in contentlines: 112 | if 'jsp:root' in i or 'jsp:declaration' in i or 'jsp:scriptlet' in i or 'jsp:directive.page' in i or '' in i: 113 | newContents += i 114 | continue 115 | if "page import" in i or "page pageEncoding" in i or "page contentType" in i: 116 | oldstr = i[i.find('"') + 1 :i.rfind('"')] 117 | temp = "" 118 | for n in oldstr: 119 | if re.match(r"\w",n) != None: 120 | space = random.randint(1,9) 121 | if space <= 3: 122 | temp += returnUnicode(n) 123 | elif space > 3 and space <= 6: 124 | temp += returnHTML(n) 125 | elif space > 6: 126 | temp += returnCDATA(n) 127 | else: 128 | temp += n 129 | newContents += i.replace(oldstr,temp) 130 | continue 131 | for n in i: 132 | if re.match(r"\w",n) != None: 133 | space = random.randint(1,9) 134 | if space <= 3: 135 | newContents += returnUnicode(n) 136 | elif space > 3 and space <= 6: 137 | newContents += returnHTML(n) 138 | elif space > 6: 139 | newContents += returnCDATA(n) 140 | else: 141 | newContents += n 142 | with open(topath,'w+') as fs: 143 | fs.write(newContents) 144 | f.close() 145 | fs.close() 146 | 147 | if __name__ == "__main__": 148 | parser = argparse.ArgumentParser(description = 'JCE - JSP/JPSX CodeEncode') 149 | parser.add_argument('-i', '--infile', help = 'Need Encode JSP/JSPX File') 150 | parser.add_argument('-o', '--outfile',help = 'Save Encode JSP/JSPX File') 151 | parser.add_argument('-t', '--type', help = 'Unicode/HTML/CDATA/All default is unicode',default="unicode") 152 | args = parser.parse_args() 153 | if args.infile and args.outfile: 154 | if args.type.lower() == "unicode": 155 | try: 156 | ConvertJavaCodeToUnicode(args.infile,args.outfile) 157 | logging.info("\033[1;36m Convert To Unicode Success !\033[0m") 158 | except Exception as e: 159 | logging.info("\033[1;31m "+ e +" \033[0m") 160 | elif args.type.lower() == "html": 161 | try: 162 | ConvertJavaCodeToHTML(args.infile,args.outfile) 163 | logging.info("\033[1;36m Convert To HTML Success !\033[0m") 164 | except Exception as e: 165 | logging.info("\033[1;31m "+ e +" \033[0m") 166 | elif args.type.lower() == "all": 167 | try: 168 | JavaCodeRandomEncode(args.infile,args.outfile) 169 | logging.info("\033[1;36m Convert To RandomEncode Success !\033[0m") 170 | except Exception as e: 171 | logging.info("\033[1;31m "+ e +" \033[0m") 172 | else: 173 | try: 174 | ConvertJavaCodeToCDATA(args.infile,args.outfile) 175 | logging.info("\033[1;36m Convert To CDATA Success !\033[0m") 176 | except Exception as e: 177 | logging.info("\033[1;31m "+ e +" \033[0m") 178 | else: 179 | logging.info("\033[1;31m Please -h ! \033[0m") 180 | --------------------------------------------------------------------------------