GoSecure / Dtd Finder
List DTDs and generate XXE payloads using those local DTDs.
Stars: ✭ 350
Programming Languages
kotlin
9241 projects
Labels
Projects that are alternatives of or similar to Dtd Finder
Launcher
Osquery launcher, autoupdater, and packager
Stars: ✭ 346 (-1.14%)
Mutual labels: hacktoberfest
Moebooru
Moebooru, a fork of danbooru1 that has been heavily modified
Stars: ✭ 347 (-0.86%)
Mutual labels: hacktoberfest
Larasail
LaraSail - Set Sail with your Laravel app on DigitalOcean
Stars: ✭ 348 (-0.57%)
Mutual labels: hacktoberfest
Buttercup Desktop
Buttercup is a free, open-source and cross-platform password manager, built on NodeJS with Typescript. It uses strong industry-standard encryption to protect your passwords and credentials (among other data you store in Buttercup vaults) at rest, within vault files (.bcup). Vaults can be loaded from and saved to a number of sources, such as the local filesystem, Dropbox, Google Drive or any WebDAV-enabled service (like ownCloud or Nextcloud ¹).
Stars: ✭ 3,714 (+961.14%)
Mutual labels: hacktoberfest
Cs193p Developing Apps For Ios Spring 2020
Stanford 公开课 CS193p - Developing Apps for iOS 2020 春季学期字幕翻译
Stars: ✭ 348 (-0.57%)
Mutual labels: hacktoberfest
Dataform
Dataform is a framework for managing SQL based data operations in BigQuery, Snowflake, and Redshift
Stars: ✭ 342 (-2.29%)
Mutual labels: hacktoberfest
Baystation12
The code for Baystation12's branch of SS13
Stars: ✭ 350 (+0%)
Mutual labels: hacktoberfest
Apostrophe
Apostrophe is a full-featured, open-source CMS built with Node.js that empowers organizations by combining in-context editing and headless architecture in a full-stack JS environment.
Stars: ✭ 3,733 (+966.57%)
Mutual labels: hacktoberfest
Awesome Hacktoberfest 2020
A curated list of awesome Hacktoberfest 2020 repositories, guides and resources
Stars: ✭ 349 (-0.29%)
Mutual labels: hacktoberfest
Geolib
Zero dependency library to provide some basic geo functions
Stars: ✭ 3,675 (+950%)
Mutual labels: hacktoberfest
Gitui
Blazing 💥 fast terminal-ui for git written in rust 🦀
Stars: ✭ 6,762 (+1832%)
Mutual labels: hacktoberfest
Datawave
DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.
Stars: ✭ 347 (-0.86%)
Mutual labels: hacktoberfest
Simplenote Electron
Simplenote for Web, Windows, and Linux
Stars: ✭ 3,829 (+994%)
Mutual labels: hacktoberfest
Exodus
Platform to audit trackers used by Android application
Stars: ✭ 349 (-0.29%)
Mutual labels: hacktoberfest
Ffxiv Teamcraft
A ffxiv tool to handle collaborative crafts easily
Stars: ✭ 347 (-0.86%)
Mutual labels: hacktoberfest
Core.js
Extendable client for GitHub's REST & GraphQL APIs
Stars: ✭ 344 (-1.71%)
Mutual labels: hacktoberfest
Rethinkdb.driver
🎧 A NoSQL C#/.NET RethinkDB database driver with 100% ReQL API coverage.
Stars: ✭ 350 (+0%)
Mutual labels: hacktoberfest
Expressa
API creation middleware with an admin interface
Stars: ✭ 347 (-0.86%)
Mutual labels: hacktoberfest
DTD Finder
Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.
Quick links:
- Get the complete files list and XXE Payloads
- For more information, read the detailed blog post
Building the tool
$ mvn install
Usage with docker image
- Start/Build the docker image
$ docker run ...
- Export the filesystem
$ docker export weblogic12 -o weblogic-12-dev.tar
- Launch dtd-finder
$ java -jar dtd-finder-1.0-SNAPSHOT-all.jar weblogic-12-dev.tar
...
[=] Found a DTD: /u01/oracle/wlserver/server/lib/consoleapp/webapp/WEB-INF/struts-config_1_2.dtd
Testing 9 entities : [%AttributeName, %BeanName, %Boolean, %ClassName, %Integer, %Location, %PropName, %RequestPath, %RequestScope]
[+] The entity %AttributeName is injectable
[+] The entity %BeanName is injectable
[+] The entity %Boolean is injectable
[+] The entity %ClassName is injectable
[+] The entity %Integer is injectable
[+] The entity %Location is injectable
[+] The entity %PropName is injectable
[+] The entity %RequestPath is injectable
[+] The entity %RequestScope is injectable
...
The CLI tool can be launch against tar files and directories.
$ java -jar dtd-finder-1.0-SNAPSHOT-all.jar /specific/path/with/dtds ...
Report written to weblogic-12-dev.tar-dtd-report.md
Demonstration
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].