Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
P4r4d1se/heapdump_shiro_vuln

P4r4d1se/heapdump_shiro_vuln

A heapdump leads to Shiro key leaks causing a remote code execution (RCE) vulnerability environment.

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

Incident Response Tools
Vulnerability Disclosure
Security Training Platforms

Tags

Application Security
Exploit Development
Security Auditing
Vulnerability Scanning
Red Team Operations

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

AI Red Teaming Playground Labs

AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.

Red Team Testing Vulnerability Scanning

Cybersecurity AI

Cybersecurity AI (CAI) is an open Bug Bounty-ready Artificial Intelligence framework for enhancing security operations.

Open Source Bug Bounty

Overview

The heapdump_shiro_vuln repository provides a vulnerable environment that demonstrates how heapdump can leak the Shiro key leading to RCE vulnerabilities.

Key Features

Vulnerability Demonstration: The environment showcases a Shiro deserialization vulnerability that can be exploited if the Shiro key is obtained.
Docker Support: The project can be easily run using Docker, allowing for quick setup and testing in isolated environments.
Heapdump Access: Users can access the /actuator/heapdump endpoint to obtain the heapdump file and extract the Shiro key.
Version Compatibility: Demonstrates vulnerabilities specific to Shiro version 1.8.0.

Benefits

Educational Tool: Ideal for security researchers and developers to understand the risks associated with Shiro key leaks.
Hands-On Experience: Allows users to practice exploitation techniques in a controlled setting, enhancing security skillsets.

Highlights

The repository is actively maintained and updated for usability and improved functionality.