[Java] Guardian Gift Box: Godzilla Shell Management Tool

4 minute read

During the network protection period, the wafs of major manufacturers continued to intercept webshells in static detection and killing and traffic communication. The Red Team urgently needed an excellent authority management tool. The release of Ice Scorpion 3.0 may alleviate the dilemma of traffic encryption. However, there are many bugs in Bingscorpion 3.0, and many friends can’t even connect to BeichenDream’s shell, so @BeichenDream decided to publish a shell permission management tool he developed, called “ Godzilla”.

Simple usage

Before installing Godzilla, you need to install jdk1.8 environment. Double-click Godzilla.jar to open it, and the data.db database will be generated in the same directory to store the data. Homepage looks like this image.png

Click Manage-Add to generate the required webshell. Godzilla supports various payloads such as jsp, php, aspx, etc. The payloads of java and c# are natively encrypted with AES, and PHP is also encrypted. When generating, you need to remember your own generation configuration for linking. image.png

Take java jsp as an example, fill in the password and key to generate jsp/jspx. This article uses tomcat7 to demonstrate some functions. Put shell.jsp into tomcat to use Godzilla link. Click Target-Add image.png


Right-click the shell and select Enter to enter the shell management interface.


The shell function of jsp/jspx is shown in the figure image.png

The function of php is shown in the figure image.png

The function of aspx/ashx/asmx is shown in the figure image.png

That’s it for a brief introduction.

Some features

Why do I have ice scorpions, ant swords and other scorpions that do not use your Godzilla?

  1. All types of Godzilla’s shells have passed all static checks on the market
  2. Godzilla traffic has encrypted all traffic waf on the market
  3. Godzilla’s built-in plug-ins are incomparable to Ice Scorpion and Ant Sword

Let’s not talk about static immunity. After the tool is released, it may not work for a period of time. Of course, you can continue to change it. The point is to look at traffic encryption and some built-in plug-ins.

Traffic encryption

Let’s look at traffic encryption first, still taking jsp as an example, modify the proxy option in the link configuration to http proxy to proxy the traffic to Burp.


Request package for executing dir command


Response packet image.png

Maybe you said that some ua and Accept in the headers are too eye-catching, don’t worry, these can be configured by yourself. Modify in the request configuration of shell editing image.png

Or modify in Configuration-Global Configuration image.png

At this time, looking at the request packet and response packet, there is no feature at all image.png


And thisisleftData and thisisrightData in the request packet can be modified to other messy data to interfere. Haven’t you said here Godzilla No. 1?

Plug-in module

Some basic modules such as: basic information, file management, and command execution I will not repeat them here.

Database Management

I believe that when you use Ant Sword, you often encounter the situation where the database cannot be connected. I have encountered an environment where the shell is located in the tomcat container. There is no jdbc jar package dependency and the database cannot be connected. However, Ant Sword is nothing good. Method. In Godzilla, there is no need to worry about this problem. In database management, Godzilla will first load the available jdbc from the container, and if not, load the jar driver through the memory to link the database.

Memory shell

The memory shell module realizes registration and unloading of memory horses in tomcat


You can directly register a Godzilla horse or ice scorpion, chopper horse, or even regeorg. image.png

For example, register a /Godzillashell to enter image.png

Visit found to exist image.png

Direct Godzilla link will do. **The memory shell has no logs and will disappear after tomcat restarts. **


Clicking the screenshot will automatically save the preview, and the shell authority needs to be large enough on windows. image.png

Virtual Terminal

This function actually monitors the port locally, and realizes cmdshell through shell interaction with the server. After clicking start, execute nc 4444 to link local 4444 to get cmdshell.


If you don’t use the nc link, it will always occupy the local 4444 port. Please exit or click stop when finished.



Needless to say, just look at the picture


Used to manage servlets, to facilitate the management of memory shells. image.png



Use it to load jar packages, the main purpose is to load jdbc.



Good assistant for packing the whole station.





The note module is a module that jsp\php\aspx has image.png


Load shellcode directly through shell, or play meterpreter



mimikatz requires high permissions image.png


Grasp common software passwords image.png



Privilege escalation module, from https://github.com/BeichenDream/BadPotato



Reference https://github.com/djhohnstein/SharpWeb



Right escalation module

other options

Configuration-The font size can be modified in the program configuration and it will take effect after restarting. image.png

Turning off the prompt language does not explain, and turning on God mode will complicate file management. image.png


  1. The program is only for server management and use, and must not be used for illegal purposes. All consequences caused by illegal use are borne by yourself and have nothing to do with the author.
  2. All consequences caused by user abuse have nothing to do with the author.
  3. Please consciously abide by local laws and regulations when using this program, and all consequences have nothing to do with the author.
  4. This program and code should not be used for commercial purposes, only for learning and communication, offenders must be investigated.

download link