关联漏洞
描述
Advanced AI-Powered Exploitation Framework | CVE-2025-4664 & CVE-2025-2783 & CVE-2025-2857 & CVE-2025-30397 |
介绍
# ChromSploit Framework v2.2 🚀
<div align="center">
[](https://www.python.org/downloads/)
[](LICENSE)
[]()
[]()
[]()
**Professional Security Research Platform for Browser Vulnerability Analysis**
✨ *Multi-CVE exploitation chains with advanced obfuscation and automated tunneling* ✨
</div>
---
## 🎯 Overview
ChromSploit Framework is a cutting-edge educational security research tool designed for cybersecurity professionals, researchers, and students. Built with a modular architecture, it provides a comprehensive platform for studying browser vulnerabilities and exploitation techniques in controlled environments.
> ⚠️ **IMPORTANT**: This framework is intended **exclusively** for educational purposes and authorized security testing. Unauthorized use is strictly prohibited and may violate applicable laws.
### 🌟 Key Highlights
- **🔗 Multi-Exploit Chains**: Automated combination of multiple CVEs
- **🎭 Advanced Obfuscation**: EXTREME-level payload obfuscation with 9+ techniques
- **🌐 Auto-Ngrok Integration**: Automatic tunnel creation for seamless exploitation
- **🛡️ Safety-First Design**: Built-in simulation modes for safe testing
- **📊 Professional Reporting**: Comprehensive PDF/HTML/JSON reports
- **🎬 Live Demonstrations**: Integrated asciinema recordings
---
## ✨ Features
<table>
<tr>
<td width="50%">
### 🔥 Core Capabilities
- **6 Advanced CVE Exploits** with real functional code
- **Browser Multi-Exploit Chain** for automated attacks
- **AI-Powered Orchestration** for intelligent exploit selection
- **Live Monitoring Dashboard** with real-time metrics
- **Self-Healing Modules** for resilient operations
- **Enhanced Error Handling** with smart recovery
</td>
<td width="50%">
### 🛠️ Advanced Features
- **Extreme Payload Obfuscation** (Control Flow, String Encryption, Anti-VM)
- **Automatic Ngrok Tunneling** (TCP, HTTP, WebSocket)
- **Professional Security Reports** (PDF, HTML, Markdown)
- **Terminal Recording System** with web playback
- **Modular Plugin Architecture** for extensibility
- **Comprehensive Test Framework** with validation
</td>
</tr>
</table>
---
## 🎬 Live Demonstrations
See ChromSploit Framework in action:
<div align="center">
[](asciinema/chromsploit_complete_demo.cast)
</div>
### Quick Feature Demos
| Feature | Demo | Description |
|---------|------|-------------|
| 🚀 Framework | [Startup Demo](asciinema/01_framework_startup.cast) | Framework initialization and basics |
| 🔍 CVE Exploits | [Exploit Overview](asciinema/02_cve_exploits.cast) | Available CVE modules showcase |
| ⚡ Mojo IPC | [CVE-2025-2783](asciinema/04_exploit_execution.cast) | Chrome sandbox escape demo |
| 🧠 WebAssembly | [WASM JIT](asciinema/05_wasm_jit.cast) | Edge JIT type confusion |
| 🐱 Tomcat RCE | [Apache Exploit](asciinema/06_tomcat_rce.cast) | WAR deployment attack |
| 📚 Git RCE | [Repository Attack](asciinema/07_git_rce.cast) | Symbolic link exploitation |
---
## ⚡ Quick Start
### Prerequisites
- **Python 3.9+** with pip
- **Git** for repository operations
- **Virtual Environment** (recommended)
- **Administrative privileges** (for some features)
### 🚀 Installation
```bash
# 1. Clone the repository
git clone https://github.com/YourUsername/ChromSploit-Framework.git
cd ChromSploit-Framework
# 2. Create virtual environment
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# 3. Install dependencies
pip install -r requirements.txt
# 4. Launch ChromSploit
python chromsploit.py
```
### 🎯 First Run
```bash
# Safe mode (recommended for first run)
python chromsploit.py --simulation safe
# With debug output
python chromsploit.py --debug
# Environment check
python chromsploit.py --check
```
---
## 💥 CVE Exploit Arsenal
<details>
<summary><b>🔥 Click to expand CVE details</b></summary>
### Browser Exploits
| CVE ID | Target | Type | Description | Status |
|--------|--------|------|-------------|--------|
| **CVE-2025-4664** | Chrome | Data Leak | Link header referrer policy bypass | ✅ Functional |
| **CVE-2025-2783** | Chrome | Sandbox Escape | Mojo IPC handle confusion | ✅ Functional |
| **CVE-2025-30397** | Edge | Memory Corruption | WebAssembly JIT type confusion | ✅ Functional |
| **CVE-2025-2857** | Chrome | Auth Bypass | OAuth token manipulation | ✅ Functional |
### Server-Side Exploits
| CVE ID | Target | Type | Description | Status |
|--------|--------|------|-------------|--------|
| **CVE-2025-24813** | Apache Tomcat | RCE | Malicious WAR deployment | ✅ Functional |
| **CVE-2024-32002** | Git | RCE | Symbolic link repository attack | ✅ Functional |
</details>
---
## 🔗 Browser Multi-Exploit Chain
The flagship feature that automates exploitation of multiple browser CVEs in sequence:
<div align="center">
```mermaid
graph LR
A[🔍 CVE-2025-4664<br/>Reconnaissance] --> B[🔐 CVE-2025-2857<br/>OAuth Theft]
B --> C[🧠 CVE-2025-30397<br/>WebAssembly JIT]
C --> D[💥 CVE-2025-2783<br/>Sandbox Escape]
style A fill:#e1f5fe
style B fill:#f3e5f5
style C fill:#fff3e0
style D fill:#ffebee
```
</div>
### 🎭 Enhanced Features
- **🔥 Extreme Obfuscation**: Control flow flattening, string encryption, anti-debugging
- **🌐 Auto-Ngrok**: Automatic tunnel creation for all callbacks
- **⚡ Parallel Execution**: Multi-threaded exploitation for speed
- **🥷 Stealth Mode**: Low-profile exploitation with evasion
---
## 🛠️ Architecture
<details>
<summary><b>📋 System Architecture Overview</b></summary>
```
ChromSploit Framework
├── 🎯 Core Engine
│ ├── Enhanced Menu System
│ ├── Module Loader
│ ├── Exploit Chain Manager
│ └── Error Handler
├── 💥 Exploit Modules
│ ├── Browser CVEs (4)
│ ├── Server CVEs (2)
│ └── Custom Exploits
├── 🎭 Obfuscation Engine
│ ├── JavaScript Obfuscation
│ ├── Binary Data Encryption
│ ├── Control Flow Flattening
│ └── Anti-Analysis
├── 🌐 Network Integration
│ ├── Ngrok Manager
│ ├── HTTP Servers
│ └── WebSocket Handlers
└── 📊 Reporting System
├── PDF Generation
├── HTML Reports
└── JSON Export
```
</details>
### 🏗️ Design Patterns
- **🔌 Modular Architecture**: Plugin-based system for easy extension
- **🛡️ Safety-First**: Simulation modes prevent accidental exploitation
- **📊 Enhanced Logging**: Structured logging with analysis capabilities
- **🔄 Chain Management**: Dependency resolution and state sharing
- **🎨 Professional UI**: Color-coded menus with keyboard shortcuts
---
## 📚 Documentation
| Document | Description |
|----------|-------------|
| 📖 [Installation Guide](docs/INSTALLATION.md) | Detailed setup instructions for all platforms |
| 🏗️ [Architecture Guide](docs/ARCHITECTURE.md) | System design and component overview |
| 🔧 [Developer Guide](docs/DEVELOPMENT.md) | Contributing and extending the framework |
| 📋 [API Reference](docs/API_REFERENCE.md) | Complete API documentation |
| 🚀 [Usage Examples](docs/EXAMPLES.md) | Practical usage scenarios |
| 🔒 [Security Guidelines](docs/SECURITY.md) | Responsible disclosure and safety |
---
## 🧪 Testing
```bash
# Run all tests
python -m pytest
# With coverage report
python -m pytest --cov=core --cov=modules --cov-report=html
# Validation framework
python -m core.validation_framework
# Specific test
python -m pytest tests/test_browser_chain.py -v
```
**Test Coverage**: 95%+ across core modules
---
## 🌟 What's New in v2.2
<details>
<summary><b>🎉 Major Updates & Features</b></summary>
### 🔥 New Features
- **Browser Multi-Exploit Chain**: Automated 4-CVE browser attacks
- **Enhanced Obfuscation Engine**: 9+ obfuscation techniques
- **Auto-Ngrok Integration**: Seamless tunnel management
- **Apache Tomcat RCE**: CVE-2025-24813 implementation
- **Git Repository RCE**: CVE-2024-32002 exploitation
- **Advanced WebAssembly**: Real WASM JIT type confusion
### 🛠️ Improvements
- **Performance**: 40% faster exploit execution
- **UI/UX**: Enhanced menu system with shortcuts
- **Logging**: Structured logging with analysis
- **Error Handling**: Smart recovery mechanisms
- **Documentation**: Comprehensive guides and examples
### 🔧 Technical
- **Python 3.9+** compatibility
- **Type Hints** throughout codebase
- **Async Support** for parallel operations
- **Memory Management** optimizations
- **Cross-Platform** compatibility
</details>
---
## 🤝 Contributing
We welcome contributions from the security research community!
<table>
<tr>
<td width="50%">
### 🎯 How to Contribute
1. **Fork** the repository
2. **Create** a feature branch
3. **Implement** your changes
4. **Add** comprehensive tests
5. **Submit** a pull request
</td>
<td width="50%">
### 📋 Contribution Areas
- 🐛 **Bug Reports & Fixes**
- ✨ **New CVE Implementations**
- 📚 **Documentation Improvements**
- 🧪 **Test Coverage Expansion**
- 🎨 **UI/UX Enhancements**
</td>
</tr>
</table>
Please read our [Contributing Guide](CONTRIBUTING.md) for detailed information.
---
## 🔒 Security & Ethics
### ⚖️ Responsible Use
This framework is designed for:
- ✅ **Educational purposes** and learning
- ✅ **Authorized penetration testing**
- ✅ **Security research** in controlled environments
- ✅ **Bug bounty programs** with proper authorization
### 🚫 Prohibited Uses
- ❌ **Unauthorized access** to systems or networks
- ❌ **Malicious attacks** on third-party systems
- ❌ **Commercial exploitation** without permission
- ❌ **Distribution of malware** or harmful content
### 🛡️ Safety Features
- **Simulation Modes**: Safe testing without real exploitation
- **Audit Logging**: Complete action tracking
- **Confirmation Prompts**: For dangerous operations
- **Educational Flags**: Clear marking of all educational content
---
## 📄 License
This project is licensed under the **Apache License 2.0** - see the [LICENSE](LICENSE) file for details.
### 📜 Summary
- ✅ Commercial use allowed (with restrictions)
- ✅ Modification and distribution permitted
- ✅ Patent use granted
- ❗ **Must include license and copyright notice**
- ❗ **No warranty provided**
---
## 🙏 Acknowledgments
<div align="center">
### 💪 Built by Security Researchers, for Security Researchers
**Special Thanks To:**
- 🎓 **Educational Security Community**
- 🔬 **Vulnerability Researchers**
- 🛡️ **Responsible Disclosure Programs**
- 🤝 **Open Source Contributors**
</div>
---
## 📞 Support & Contact
<table>
<tr>
<td width="33%" align="center">
### 🐛 Issues
[Report Bugs](../../issues)
Found a bug? Let us know!
</td>
<td width="33%" align="center">
### 💬 Discussions
[Join Discussion](../../discussions)
Community Q&A and ideas
</td>
<td width="33%" align="center">
### 📧 Security
[security@chromsploit.org](mailto:security@chromsploit.org)
Responsible disclosure
</td>
</tr>
</table>
---
<div align="center">
### 🌟 Star us on GitHub if ChromSploit Framework helped your security research! 🌟
**Made with ❤️ by the ChromSploit Team**
[](../../stargazers)
[](../../network/members)
</div>
文件快照
[4.0K] /data/pocs/8ecd9ed02d23342ba08d0111cbc64f501eaa36d4
├── [4.0K] asciinema
│ ├── [6.6K] concat_recordings.py
│ ├── [7.7K] manage_recordings.sh
│ ├── [6.3K] OVERVIEW.md
│ ├── [2.5K] playlist.json
│ ├── [4.5K] README.md
│ ├── [8.7K] record_intro.sh
│ └── [5.3K] upload_to_asciinema.sh
├── [ 10K] chromsploit.py
├── [7.5K] CLAUDE.md
├── [4.0K] config
│ ├── [ 98] browser_chain_config.json
│ ├── [1.2K] default_config.json
│ ├── [ 584] kali_defaults.ini
│ └── [1.2K] test_config.json
├── [ 17K] CONTRIBUTING.md
├── [4.0K] core
│ ├── [ 57K] api_testing.py
│ ├── [ 18K] asciinema_manager.py
│ ├── [ 21K] collaboration.py
│ ├── [3.5K] colors.py
│ ├── [ 22K] compliance_tracking.py
│ ├── [8.4K] config.py
│ ├── [ 20K] cvss_calculator.py
│ ├── [ 51K] documentation_generator.py
│ ├── [ 16K] enhanced_logger.py
│ ├── [ 16K] enhanced_menu.py
│ ├── [ 16K] error_handler.py
│ ├── [ 52K] evidence_collection.py
│ ├── [ 46K] exploitation_chain.py
│ ├── [ 21K] exploit_chain.py
│ ├── [ 22K] final_report.py
│ ├── [1.5K] __init__.py
│ ├── [ 20K] live_monitor.py
│ ├── [8.9K] logger.py
│ ├── [6.4K] menu.py
│ ├── [ 14K] module_loader.py
│ ├── [ 15K] ngrok_manager.py
│ ├── [ 19K] path_utils.py
│ ├── [ 23K] reconnaissance.py
│ ├── [ 50K] reporting.py
│ ├── [ 14K] security_policy.py
│ ├── [ 24K] simulation.py
│ ├── [4.0K] sliver_c2
│ │ ├── [ 14K] implant_manager.py
│ │ ├── [ 356] __init__.py
│ │ ├── [ 17K] post_exploitation.py
│ │ ├── [ 12K] session_handler.py
│ │ └── [9.9K] sliver_manager.py
│ ├── [ 14K] typed_example.py
│ ├── [ 28K] utils.py
│ ├── [ 29K] validation_framework.py
│ ├── [ 42K] validation_tester.py
│ └── [ 45K] vulnerability_scanner.py
├── [4.0K] demos
│ ├── [6.1K] browser_chain_demo.py
│ └── [ 12K] network_security_demo.py
├── [4.0K] docs
│ ├── [ 16K] API_REFERENCE.md
│ ├── [ 15K] ARCHITECTURE.md
│ ├── [ 38K] DEVELOPMENT.md
│ ├── [ 18K] EXAMPLES.md
│ ├── [6.4K] HOW_TO_USE.md
│ ├── [6.2K] IMPLEMENTATION_LOG.md
│ ├── [ 11K] INSTALLATION.md
│ ├── [8.9K] NETWORK_SECURITY_ENHANCEMENTS.md
│ ├── [4.0K] optional_features
│ │ └── [6.8K] optional_modules.md
│ ├── [8.4K] PROJECT_OVERVIEW.md
│ ├── [3.1K] README.md
│ ├── [6.1K] SECURITY_IMPLEMENTATION.md
│ ├── [ 13K] SECURITY.md
│ └── [4.4K] todo.md
├── [4.0K] exploits
│ ├── [ 41K] cve_2024_32002.py
│ ├── [ 17K] cve_2024_32002_safe.py
│ ├── [ 47K] cve_2025_24813.py
│ ├── [ 25K] cve_2025_24813_safe.py
│ ├── [ 27K] cve_2025_2783.py
│ ├── [7.0K] cve_2025_2857.py
│ ├── [ 43K] cve_2025_30397.py
│ ├── [ 32K] cve_2025_4664_final.py
│ ├── [ 18K] cve_2025_4664_integrated.py
│ ├── [ 15K] cve_2025_4664_poc_integrated.py
│ ├── [ 16K] cve_2025_4664.py
│ ├── [3.9K] __init__.py
│ ├── [ 15K] oauth_exploitation.py
│ ├── [ 29K] oauth_exploitation_safe.py
│ └── [ 16K] safe_exploit_base.py
├── [1.5K] __init__.py
├── [5.9K] INSTALLATION.md
├── [ 11K] LICENSE
├── [ 703] MANIFEST.in
├── [4.0K] modules
│ ├── [4.0K] ai
│ │ ├── [ 29K] ai_orchestrator.py
│ │ ├── [ 16K] ai_orchestrator_v2.py
│ │ └── [ 332] __init__.py
│ ├── [ 19K] browser_exploit_chain_enhanced.py
│ ├── [ 28K] browser_exploit_chain.py
│ ├── [ 11K] cve_integrations.py
│ ├── [ 20K] cve_integrations_sliver.py
│ ├── [4.0K] monitoring
│ │ ├── [ 288] __init__.py
│ │ ├── [ 14K] live_monitor.py
│ │ └── [ 14K] monitor_ui.py
│ ├── [4.0K] obfuscation
│ │ ├── [ 194] __init__.py
│ │ ├── [ 17K] obfuscator.py
│ │ └── [ 14K] payload_obfuscator.py
│ ├── [ 35K] phishing_generator.py
│ ├── [4.0K] resilience
│ │ ├── [ 168] __init__.py
│ │ ├── [ 12K] resilience_manager.py
│ │ ├── [ 17K] resilience_module.py
│ │ └── [ 13K] self_healing.py
│ └── [ 17K] session_manager.py
├── [ 631] pytest.ini
├── [ 12K] README.md
├── [ 258] requirements-dev.txt
├── [ 110] requirements-optional.txt
├── [ 334] requirements.txt
├── [9.9K] SECURITY_VALIDATION_REPORT.md
├── [2.6K] setup.py
├── [5.9K] SLIVER_C2_INTEGRATION_PLAN.md
├── [4.0K] tests
│ ├── [ 0] __init__.py
│ ├── [4.0K] integration
│ │ └── [4.0K] optional_modules
│ │ ├── [ 13K] test_integration.py
│ │ └── [ 166] test_log.json
│ ├── [2.8K] test_base.py
│ ├── [ 13K] test_enhanced_logger.py
│ ├── [9.7K] test_enhanced_menu.py
│ ├── [ 15K] test_error_handler.py
│ └── [ 13K] test_network_security.py
├── [4.0K] tools
│ ├── [ 17K] backdoor_factory.py
│ ├── [ 12K] defendnot_integration.py
│ ├── [ 23K] metasploit_integration.py
│ ├── [ 16K] ngrok_integration.py
│ ├── [ 18K] ollvm_integration.py
│ ├── [ 21K] sliver_integration.py
│ └── [ 14K] winpeas_integration.py
└── [4.0K] ui
├── [ 28K] ai_assistant_menu.py
├── [ 31K] browser_chain_menu.py
├── [ 24K] collaboration_menu.py
├── [ 22K] compliance_menu.py
├── [2.9K] custom_menu.py
├── [ 71K] cve_menu.py
├── [ 19K] enhanced_ngrok_menu.py
├── [ 40K] evidence_menu.py
├── [ 24K] exploit_chain_menu.py
├── [ 0] __init__.py
├── [3.5K] live_view.py
├── [ 11K] main_menu.py
├── [ 22K] monitoring_menu.py
├── [6.0K] ngrok_menu.py
├── [ 21K] obfuscation_menu.py
├── [ 11K] optional_modules_menu.py
├── [7.0K] post_exploitation_menu.py
├── [ 49K] reconnaissance_menu.py
├── [ 19K] reporting_menu.py
├── [ 23K] resilience_menu.py
├── [ 17K] session_menu.py
├── [5.8K] settings_menu.py
├── [ 29K] sliver_c2_menu.py
└── [ 51K] vulnerability_menu.py
18 directories, 151 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。