v3.1.0

qtc-de/remote-method-guesser

版本发布时间: 2021-02-14 14:13:28

qtc-de/remote-method-guesser最新发布版本:v5.1.0(2024-06-26 18:30:53)

Added

New Enumeration Techniques

Add JEP290 enumeration during enum operation
Add JEP290 bypass enumeration during enum action
Add String marshalling enumeration during enum operation
Add useCodebaseOnly enumeration during enum operation
Add localhost bypass (CVE-2019-2684) enumeration during enum operation
Add DGC enumeration during enum action
Add Activator enumeration during enum action

New Actions

Add support for deserialization attacks on Activator, DGC and registry objects
Add support for codebase attacks on Activator, DGC and registry objects
Add support for deserialization filter bypass (credits: @_tint0 & @h0ng10)
Add bind, rebind and unbind operations
- Add localhost-bypass option for bind, rebind and unbind operations (CVE-2019-2684)
Add listen operation to spawn a JRMP listener (based on ysoserial)

Other

Global refactoring - Some action names changed
Add --stack-trace options for easier debugging
Add improved error and exception handling
Add options to use different registry / DGC methods during enum action
Add documentation to the source code Oo
Add some other RMI related documentation

Removed

Removed support for JSON output

相关地址：原始地址下载(tar) 下载(zip)

1、 rmg-3.1.0-jar-with-dependencies.jar 1.14MB

查看：2021-02-14发行的版本