GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → BishopFox → Gadgetprobe

BishopFox / Gadgetprobe

Licence: mit
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Programming Languages

java
68154 projects - #9 most used programming language

Labels

security-toolspentestingburp-extensions

Projects that are alternatives of or similar to Gadgetprobe

Iot Pt
A Virtual environment for Pentesting IoT Devices
Stars: ✭ 218 (-42.78%)
Mutual labels:  security-tools, pentesting
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+819.42%)
Mutual labels:  security-tools, pentesting
Aaia
AWS Identity and Access Management Visualizer and Anomaly Finder
Stars: ✭ 218 (-42.78%)
Mutual labels:  security-tools, pentesting
Knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-50.92%)
Mutual labels:  security-tools, pentesting
Reconnote
Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Stars: ✭ 322 (-15.49%)
Mutual labels:  security-tools, pentesting
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-47.77%)
Mutual labels:  security-tools, pentesting
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+802.62%)
Mutual labels:  security-tools, pentesting
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-57.48%)
Mutual labels:  security-tools, burp-extensions
Badintent
Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Stars: ✭ 303 (-20.47%)
Mutual labels:  pentesting, burp-extensions
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+824.15%)
Mutual labels:  security-tools, pentesting
Awesome Shodan Queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
Stars: ✭ 2,758 (+623.88%)
Mutual labels:  security-tools, pentesting
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-2.89%)
Mutual labels:  security-tools, pentesting
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-52.23%)
Mutual labels:  security-tools, pentesting
Pwnback
Burp Extender plugin that generates a sitemap of a website using Wayback Machine
Stars: ✭ 203 (-46.72%)
Mutual labels:  security-tools, burp-extensions
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-53.54%)
Mutual labels:  security-tools, pentesting
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+628.35%)
Mutual labels:  security-tools, pentesting
Webhashcat
Hashcat web interface
Stars: ✭ 151 (-60.37%)
Mutual labels:  security-tools, pentesting
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-59.06%)
Mutual labels:  security-tools, pentesting
Susanoo
A REST API security testing framework.
Stars: ✭ 287 (-24.67%)
Mutual labels:  security-tools, pentesting
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (-6.82%)
Mutual labels:  security-tools, pentesting
View All Similar Projects ➔

License Python version

Description

You just found a Java deserialization bug, you ran all your ysoserial payloads, and.... you got nothing. What now? How can you debug or build a gadget chain if you're totally blind?

Introducing GadgetProbe, a tool that shines a light on remote classpaths and raises bug severity for all!

GadgetProbe takes a wordlist of Java classes, outputs serialized DNS callback objects, and reports what's lurking in the remote classpath.

Burp Extension Usage

The Burp extension automatically integrates with Burp Collaborator to handle DNS callbacks. The extension also includes signatures and an analyzer to identify library versions of popular sources for gadgets.

Download the release or follow the build instructions below.

After loading the Burp extension:

  1. Send the vulnerable request to intruder, highlighting the vulnerable parameter.

gif

2. Add a list of Java classes (see included wordlists)

gif

3. Add the GadgetProbe payload processor, and any other required processors in your chain (e.g., Base64 encode).

gif

4. Run the intruder attack and watch the results come back in the GadgetProbe Burp Tab.

gif

GadgetProbe Java Library Usage

GadgetProbe can also be used as a Java library or CLI for specialized attacks.

import com.bishopfox.gadgetprobe.GadgetProbe
...
// Call the GadgetProbe constructor with your authoritative nameserver (or use Burp collaborator).
GadgetProbe gp = new GadgetProbe("dnscallback.burpcollaborator.net");
// The crafted object "obj" is now ready to be sent using any custom implementation :)
Object obj = gp.getObject("org.apache.commons.collections.functors.invokertransformer");

Building from Source

# Build JAR (run first)
./gradlew shadowJar

# Build wordlists
./generate_wordlists.sh

How it works

See my write-up on the Bishop Fox blog.

Author

Twitter: @theBumbleSec

GitHub: the-bumble

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].