Merge remote-tracking branch 'origin/master'

README.md

@@ -1,10 +1,14 @@
 # JNDI-Inject-Exploit
 
+## 免责声明
+
+本工具仅面向**合法授权的企业安全测试**，如您需测试本工具的可用性请自行搭建靶机环境，在使用本工具进行检测时，您应确保该行为符合当地的法律法规，并且已经取得了足够的授权。**请勿对非授权目标进行扫描，如您在使用本工具的过程中存在任何非法行为，您需自行承担相应后果，作者将不承担任何法律及连带责任。**
+
 ## Introduce
 
 > 本工具用于解决 Fastjson、log4j2、原生JNDI注入等场景中针对高版本JDK无法加载远程恶意类，通过LDAP服务器返回原生Java反序列化数据，受害者（客户端）在具备反序列化Gadget依赖的情况下可达到命令执行、代码执行、回显命令执行、无文件落地内存马注册等。
 > 
-> Solve the high version of JDK Bypass, like FastJson, Jackson, Log4j2, native JNDI injection vulnerabilities, and detect locally available deserialization gadgets to achieve command execution, echo command execution, and memory shell injection
+> Solve the high version of JDK Bypass, like FastJson, Jackson, Log4j2, native JNDI injection vulnerabilities, and detect locally available deserialization gadgets to achieve command execution, echo command execution, and memory shell injection.
 
 ## ChangeLog
 
@@ -147,4 +151,11 @@ java -jar JNDI-Inject-Exploit-0.1-all.jar ip="192.168.0.104" url="http://192.168
 
 [wyzxxz/shiro_rce_tool: shiro 反序列 命令执行辅助检测工具](https://github.com/wyzxxz/shiro_rce_tool)
 
-[feihong-cs/Java-Rce-Echo: Java RCE 回显测试代码](https://github.com/feihong-cs/Java-Rce-Echo)
+[feihong-cs/Java-Rce-Echo: Java RCE 回显测试代码](https://github.com/feihong-cs/Java-Rce-Echo)
+
+[j1anFen/shiro_attack: shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）](https://github.com/j1anFen/shiro_attack)
+
+
+## Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/exp1orer/JNDI-Inject-Exploit.svg)](https://starchart.cc/exp1orer/JNDI-Inject-Exploit)