v3.1.0
版本发布时间: 2021-02-14 14:13:28
qtc-de/remote-method-guesser最新发布版本:v5.1.0(2024-06-26 18:30:53)
Added
New Enumeration Techniques
- Add JEP290 enumeration during
enum
operation - Add JEP290 bypass enumeration during
enum
action - Add String marshalling enumeration during
enum
operation - Add
useCodebaseOnly
enumeration duringenum
operation - Add localhost bypass (CVE-2019-2684) enumeration during
enum
operation - Add DGC enumeration during
enum
action - Add Activator enumeration during
enum
action
New Actions
- Add support for deserialization attacks on Activator, DGC and registry objects
- Add support for codebase attacks on Activator, DGC and registry objects
- Add support for deserialization filter bypass (credits: @_tint0 & @h0ng10)
- Add
bind
,rebind
andunbind
operations- Add localhost-bypass option for
bind
,rebind
andunbind
operations (CVE-2019-2684)
- Add localhost-bypass option for
- Add
listen
operation to spawn a JRMP listener (based on ysoserial)
Other
- Global refactoring - Some action names changed
- Add
--stack-trace
options for easier debugging - Add improved error and exception handling
- Add options to use different registry / DGC methods during enum action
- Add documentation to the source code Oo
- Add some other RMI related documentation
Removed
- Removed support for JSON output
1、 rmg-3.1.0-jar-with-dependencies.jar 1.14MB