This repository is a research archive for a JSP specimen labeled "Java Shell GTX100".
The specimen appears to provide:
- a system-information view
- a file-browser mode
- direct file download behavior when a file path is supplied
This repository is shared for:
- malware / web-shell research
- defensive analysis
- secure code review
- detection engineering and forensic study
This repository is not intended for deployment or operational use. Do not install, expose, or run this code on any server you do not fully control and isolate for authorized research.
Based on static review, the JSP:
- accepts
modandpathparameters - defaults to an info mode when
modis absent - shows Java system properties in info mode
- lists directories and files in archive/browser mode
- returns file contents as
application/octet-streamwhen the supplied path points to a file
specimen/— original samplenotes/— analysis notesscreenshots/— UI captures and supporting material
- keep this repository private unless publication is necessary
- redact any sensitive paths, IPs, or case-specific identifiers
- use this material only for defensive or academic research
The code in this repository may be dangerous if deployed. It is preserved strictly for research, documentation, and detection-oriented analysis.