GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → GoSecure → Dtd Finder

GoSecure / Dtd Finder

List DTDs and generate XXE payloads using those local DTDs.

Programming Languages

kotlin
9241 projects

Labels

hacktoberfestsecurity

Projects that are alternatives of or similar to Dtd Finder

Launcher
Osquery launcher, autoupdater, and packager
Stars: ✭ 346 (-1.14%)
Mutual labels:  hacktoberfest
Moebooru
Moebooru, a fork of danbooru1 that has been heavily modified
Stars: ✭ 347 (-0.86%)
Mutual labels:  hacktoberfest
Larasail
LaraSail - Set Sail with your Laravel app on DigitalOcean
Stars: ✭ 348 (-0.57%)
Mutual labels:  hacktoberfest
Buttercup Desktop
Buttercup is a free, open-source and cross-platform password manager, built on NodeJS with Typescript. It uses strong industry-standard encryption to protect your passwords and credentials (among other data you store in Buttercup vaults) at rest, within vault files (.bcup). Vaults can be loaded from and saved to a number of sources, such as the local filesystem, Dropbox, Google Drive or any WebDAV-enabled service (like ownCloud or Nextcloud ¹).
Stars: ✭ 3,714 (+961.14%)
Mutual labels:  hacktoberfest
Laravel Modules
Module Management In Laravel
Stars: ✭ 3,910 (+1017.14%)
Mutual labels:  hacktoberfest
Cs193p Developing Apps For Ios Spring 2020
Stanford 公开课 CS193p - Developing Apps for iOS 2020 春季学期字幕翻译
Stars: ✭ 348 (-0.57%)
Mutual labels:  hacktoberfest
Dataform
Dataform is a framework for managing SQL based data operations in BigQuery, Snowflake, and Redshift
Stars: ✭ 342 (-2.29%)
Mutual labels:  hacktoberfest
Baystation12
The code for Baystation12's branch of SS13
Stars: ✭ 350 (+0%)
Mutual labels:  hacktoberfest
Apostrophe
Apostrophe is a full-featured, open-source CMS built with Node.js that empowers organizations by combining in-context editing and headless architecture in a full-stack JS environment.
Stars: ✭ 3,733 (+966.57%)
Mutual labels:  hacktoberfest
Awesome Hacktoberfest 2020
A curated list of awesome Hacktoberfest 2020 repositories, guides and resources
Stars: ✭ 349 (-0.29%)
Mutual labels:  hacktoberfest
Geolib
Zero dependency library to provide some basic geo functions
Stars: ✭ 3,675 (+950%)
Mutual labels:  hacktoberfest
Gitui
Blazing 💥 fast terminal-ui for git written in rust 🦀
Stars: ✭ 6,762 (+1832%)
Mutual labels:  hacktoberfest
Datawave
DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.
Stars: ✭ 347 (-0.86%)
Mutual labels:  hacktoberfest
Simplenote Electron
Simplenote for Web, Windows, and Linux
Stars: ✭ 3,829 (+994%)
Mutual labels:  hacktoberfest
Exodus
Platform to audit trackers used by Android application
Stars: ✭ 349 (-0.29%)
Mutual labels:  hacktoberfest
Ffxiv Teamcraft
A ffxiv tool to handle collaborative crafts easily
Stars: ✭ 347 (-0.86%)
Mutual labels:  hacktoberfest
Php
Development repository for the php cookbook
Stars: ✭ 347 (-0.86%)
Mutual labels:  hacktoberfest
Core.js
Extendable client for GitHub's REST & GraphQL APIs
Stars: ✭ 344 (-1.71%)
Mutual labels:  hacktoberfest
Rethinkdb.driver
🎧 A NoSQL C#/.NET RethinkDB database driver with 100% ReQL API coverage.
Stars: ✭ 350 (+0%)
Mutual labels:  hacktoberfest
Expressa
API creation middleware with an admin interface
Stars: ✭ 347 (-0.86%)
Mutual labels:  hacktoberfest
View All Similar Projects ➔

DTD Finder Build Status

Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.

Quick links:

Building the tool

$ mvn install

Usage with docker image

  1. Start/Build the docker image
$ docker run ...
  1. Export the filesystem
$ docker export weblogic12 -o weblogic-12-dev.tar
  1. Launch dtd-finder
$ java -jar dtd-finder-1.0-SNAPSHOT-all.jar weblogic-12-dev.tar

...
 [=] Found a DTD: /u01/oracle/wlserver/server/lib/consoleapp/webapp/WEB-INF/struts-config_1_2.dtd
Testing 9 entities : [%AttributeName, %BeanName, %Boolean, %ClassName, %Integer, %Location, %PropName, %RequestPath, %RequestScope]
 [+] The entity %AttributeName is injectable
 [+] The entity %BeanName is injectable
 [+] The entity %Boolean is injectable
 [+] The entity %ClassName is injectable
 [+] The entity %Integer is injectable
 [+] The entity %Location is injectable
 [+] The entity %PropName is injectable
 [+] The entity %RequestPath is injectable
 [+] The entity %RequestScope is injectable
...

The CLI tool can be launch against tar files and directories.

$ java -jar dtd-finder-1.0-SNAPSHOT-all.jar /specific/path/with/dtds ...



Report written to weblogic-12-dev.tar-dtd-report.md

Demonstration

dtd-finder demnonstration

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].