geoserver-exploit

该技能是面向AI代理的GeoServer攻击工具包，而非正常开发或运维辅助。其能力集以未授权利用、数据窃取、内网探测和RCE为核心，明显属于高风险进攻性安全技能；虽未出现可疑安装器或第三方凭据转发，但技能本身与合法用途严重不成比例，应判定为SUSPICIOUS而非普通良性技能。

This code fragment is high-risk offensive exploitation tooling. It directly crafts and sends XXE payloads (malicious XML DOCTYPE/ENTITY) to GeoServer’s WMS GetMap path to trigger server-side file reads (via attacker-supplied file:// URIs) and server-side outbound requests (via attacker-supplied http:// callback URLs). It can automatically scan batches of targets and prints extracted sensitive content from responses. It should not be included as a dependency in any supply-chain context and is suitable only for authorized, isolated testing.

This code fragment is a clearly malicious exploit/weaponization script. It constructs and delivers a payload that triggers server-side remote code execution on GeoServer by embedding Runtime.exec in an XML valueReference expression, and it also supports reverse-shell and interactive command relay via a local TCP listener. Distributing or including this in a legitimate dependency is unsafe and inappropriate.

This code fragment is high-confidence malicious exploit tooling. It contains explicit payloads and automated checks for Jiffle-based RCE, OGC filter SQL injection, and TestWfsPost SSRF, delivered to GeoServer via crafted HTTP requests with response-based verification. While it is not a library implementation, distributing or bundling such a script in a software supply chain would be extremely dangerous.