From e9b0e6a78241848522044a974655f3a75425406e Mon Sep 17 00:00:00 2001 From: TNeitzel Date: Fri, 24 Dec 2021 08:40:57 +0100 Subject: [PATCH 1/5] Add SSRF SingleOperation protocol support SSRF attacks now use the SingleOperation protocol by default. Stream protocol can still be used by using the --stream-protocol option. --- src/config.properties | 1 + src/de/qtc/rmg/internal/RMGOption.java | 1 + src/de/qtc/rmg/io/SingleOpOutputStream.java | 59 +++++++++++++++++++ .../rmg/networking/SSRFResponseSocket.java | 30 +++++++++- .../networking/SSRFResponseSocketFactory.java | 2 +- src/de/qtc/rmg/networking/SSRFSocket.java | 15 ++++- src/de/qtc/rmg/operations/Operation.java | 7 +++ 7 files changed, 109 insertions(+), 6 deletions(-) create mode 100644 src/de/qtc/rmg/io/SingleOpOutputStream.java diff --git a/src/config.properties b/src/config.properties index 692067ac..f66f4869 100644 --- a/src/config.properties +++ b/src/config.properties @@ -18,6 +18,7 @@ ssrf = false srfresponse = ssrf_encode = false ssrf_raw = false +ssrf_stream_protocol = false bind_objid = [6633018:17cb5d1bb57:-7ff8, -8114172517417646722] bind_bypass = false diff --git a/src/de/qtc/rmg/internal/RMGOption.java b/src/de/qtc/rmg/internal/RMGOption.java index 716ed662..340408ae 100644 --- a/src/de/qtc/rmg/internal/RMGOption.java +++ b/src/de/qtc/rmg/internal/RMGOption.java @@ -49,6 +49,7 @@ public enum RMGOption { SSRFRESPONSE("--ssrf-response", "evaluate ssrf response from the server", Arguments.store(), RMGOptionGroup.SSRF, "hex"), SSRF_ENCODE("--encode", "double URL encode the SSRF payload", Arguments.storeTrue(), RMGOptionGroup.SSRF), SSRF_RAW("--raw", "print payload without color and without additional text", Arguments.storeTrue(), RMGOptionGroup.SSRF), + SSRF_STREAM_PROTOCOL("--stream-protocol", "use the stream protocol instead of single operation", Arguments.storeTrue(), RMGOptionGroup.SSRF), BIND_OBJID("--bind-objid", "ObjID of the bound object.", Arguments.store(), RMGOptionGroup.ACTION, "objid"), BIND_ADDRESS("bind-host", "host specifications the bound remote object should point to", Arguments.store(), RMGOptionGroup.ACTION, "host:port"), diff --git a/src/de/qtc/rmg/io/SingleOpOutputStream.java b/src/de/qtc/rmg/io/SingleOpOutputStream.java new file mode 100644 index 00000000..adb8d951 --- /dev/null +++ b/src/de/qtc/rmg/io/SingleOpOutputStream.java @@ -0,0 +1,59 @@ +package de.qtc.rmg.io; + +import java.io.ByteArrayOutputStream; + +import de.qtc.rmg.internal.ExceptionHandler; + +/** + * The SingleOpOutputStream class is used during SSRF operations. When the SSRF option is used, + * remote-method-guesser collects output data into an byte array instead of sending it to a remote + * server. The corresponding RMI calls always use the stream protocol, which is not ideal for SSRF + * attacks. The SingleOpOutputStream abuses the fact that Java RMI calls the flush method on the + * stream directly before and after the handshake that is performed within the stream protocol. + * This allows to cleanly cutoff the handshake and to switch the contents of the resulting byte + * array to the single operation protocol. + * + * @author Tobias Neitzel (@qtc_de) + */ +public class SingleOpOutputStream extends ByteArrayOutputStream { + + private int flushCount; + + public SingleOpOutputStream() { + super(); + flushCount = 0; + } + + /** + * Java RMI calls the flush method before and after the handshake. During the first call, only the + * RMI magic, the protocol version and the protocol type are contained in the stream. After the + * second call, the client host and client port are contained. Afterwards, the handshake has completed + * and the RMI communication starts. + */ + public synchronized void write(byte[] b, int off, int len) + { + switch( flushCount++ ) { + + case 0: + + if( b[len - 1] != 0x4b ) + ExceptionHandler.internalError("SingleOpOutputStream.write", "invalid protocol type"); + + b[len - 1] = 0x4c; + break; + + case 1: + + return; + + case 2: + + if( b[0] != 0x50 ) + ExceptionHandler.internalError("SingleOpOutputStream.write", "invalid operation type"); + + break; + } + + super.write(b, off, len); + } +} diff --git a/src/de/qtc/rmg/networking/SSRFResponseSocket.java b/src/de/qtc/rmg/networking/SSRFResponseSocket.java index 2bd26f18..f77242bc 100644 --- a/src/de/qtc/rmg/networking/SSRFResponseSocket.java +++ b/src/de/qtc/rmg/networking/SSRFResponseSocket.java @@ -1,12 +1,15 @@ package de.qtc.rmg.networking; import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.DataOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; import de.qtc.rmg.io.DevNullOutputStream; +import sun.rmi.transport.TransportConstants; /** * Socket implementation that prevents outputs from being send anywhere and that simulates input @@ -34,18 +37,41 @@ */ public class SSRFResponseSocket extends Socket { + private int port; + private String host; private byte[] content; private int count = 0; - public SSRFResponseSocket(byte[] response) + public SSRFResponseSocket(String host, int port, byte[] response) { + this.host = host; + this.port = port; this.content = response; } + /** + * Before the input stream is returned, we compare the first byte of the response + * to the TransportConstants.Return value. If it matches, the response was created by a + * single operation protocol request. In this case we need to prefix the response with + * a fake-handshake to simulate the response from a stream protocol request. + */ + @SuppressWarnings("restriction") public InputStream getInputStream() throws IOException { - return new ByteArrayInputStream(content); + ByteArrayOutputStream ibos = new ByteArrayOutputStream(); + + if( content[0] == TransportConstants.Return ) { + + ibos.write(TransportConstants.ProtocolAck); + + DataOutputStream dos = new DataOutputStream(ibos); + dos.writeUTF(host); + dos.writeInt(port); + } + + ibos.write(content); + return new ByteArrayInputStream(ibos.toByteArray()); } public OutputStream getOutputStream() diff --git a/src/de/qtc/rmg/networking/SSRFResponseSocketFactory.java b/src/de/qtc/rmg/networking/SSRFResponseSocketFactory.java index 36c3098c..8c2d33fa 100644 --- a/src/de/qtc/rmg/networking/SSRFResponseSocketFactory.java +++ b/src/de/qtc/rmg/networking/SSRFResponseSocketFactory.java @@ -24,7 +24,7 @@ public SSRFResponseSocketFactory(byte[] content) @Override public Socket createSocket(String host, int port) throws IOException { - return new SSRFResponseSocket(content); + return new SSRFResponseSocket(host, port, content); } @Override diff --git a/src/de/qtc/rmg/networking/SSRFSocket.java b/src/de/qtc/rmg/networking/SSRFSocket.java index 1c88a698..f5f1bc30 100644 --- a/src/de/qtc/rmg/networking/SSRFSocket.java +++ b/src/de/qtc/rmg/networking/SSRFSocket.java @@ -16,6 +16,7 @@ import de.qtc.rmg.internal.ExceptionHandler; import de.qtc.rmg.internal.RMGOption; import de.qtc.rmg.io.Logger; +import de.qtc.rmg.io.SingleOpOutputStream; import de.qtc.rmg.utils.RMGUtils; import sun.rmi.server.MarshalOutputStream; import sun.rmi.transport.TransportConstants; @@ -78,12 +79,20 @@ public InputStream getInputStream() throws IOException /** * Simulate an OutputStream that is connected to an RMI server. Instead of sending - * anything, collect all data in a byte array. + * anything, collect all data in a byte array. If the SSRF_SINGLEOP option was used, + * we choose an SingleOpOutputStream. This stream inspects data written to it and + * modifies stream protocol messages to single operation protocol messages. */ public OutputStream getOutputStream() { - if( bos == null ) - bos = new ByteArrayOutputStream(); + if( bos == null ) { + + if( RMGOption.SSRF_STREAM_PROTOCOL.getBool() ) + bos = new ByteArrayOutputStream(); + + else + bos = new SingleOpOutputStream(); + } return bos; } diff --git a/src/de/qtc/rmg/operations/Operation.java b/src/de/qtc/rmg/operations/Operation.java index 79b6cb97..4250f3ca 100644 --- a/src/de/qtc/rmg/operations/Operation.java +++ b/src/de/qtc/rmg/operations/Operation.java @@ -36,6 +36,7 @@ public enum Operation { RMGOption.SSRFRESPONSE, RMGOption.SSRF_ENCODE, RMGOption.SSRF_RAW, + RMGOption.SSRF_STREAM_PROTOCOL, RMGOption.BIND_BOUND_NAME, RMGOption.BIND_BYPASS, RMGOption.BIND_OBJID, @@ -61,6 +62,7 @@ public enum Operation { RMGOption.SSRFRESPONSE, RMGOption.SSRF_ENCODE, RMGOption.SSRF_RAW, + RMGOption.SSRF_STREAM_PROTOCOL, RMGOption.CALL_ARGUMENTS, }), @@ -82,6 +84,7 @@ public enum Operation { RMGOption.SSRFRESPONSE, RMGOption.SSRF_ENCODE, RMGOption.SSRF_RAW, + RMGOption.SSRF_STREAM_PROTOCOL, RMGOption.CODEBASE_URL, RMGOption.CODEBASS_CLASS, RMGOption.ARGUMENT_POS, @@ -104,6 +107,7 @@ public enum Operation { RMGOption.SSRFRESPONSE, RMGOption.SSRF_ENCODE, RMGOption.SSRF_RAW, + RMGOption.SSRF_STREAM_PROTOCOL, RMGOption.DGC_METHOD, RMGOption.REG_METHOD, }), @@ -174,6 +178,7 @@ public enum Operation { RMGOption.SSRFRESPONSE, RMGOption.SSRF_ENCODE, RMGOption.SSRF_RAW, + RMGOption.SSRF_STREAM_PROTOCOL, RMGOption.BIND_BOUND_NAME, RMGOption.BIND_BYPASS, RMGOption.BIND_OBJID, @@ -227,6 +232,7 @@ public enum Operation { RMGOption.SSRFRESPONSE, RMGOption.SSRF_ENCODE, RMGOption.SSRF_RAW, + RMGOption.SSRF_STREAM_PROTOCOL, RMGOption.ARGUMENT_POS, RMGOption.GADGET_NAME, RMGOption.GADGET_CMD, @@ -245,6 +251,7 @@ public enum Operation { RMGOption.SSRFRESPONSE, RMGOption.SSRF_ENCODE, RMGOption.SSRF_RAW, + RMGOption.SSRF_STREAM_PROTOCOL, RMGOption.BIND_BOUND_NAME, RMGOption.BIND_BYPASS, }); From 406363a3e320c9425f7a2f5ad79b017e0f1477fe Mon Sep 17 00:00:00 2001 From: TNeitzel Date: Sun, 26 Dec 2021 08:06:35 +0100 Subject: [PATCH 2/5] [test] Update test cases Updated SSRF test cases to match the change from stream to single operation protocol. --- tests/generic/tests/ssrf-response.yml | 257 ++++++++++++++++++++++++- tests/generic/tests/ssrf.yml | 260 +++++++++++++++++++++++++- tests/tricot.yml | 11 ++ 3 files changed, 509 insertions(+), 19 deletions(-) diff --git a/tests/generic/tests/ssrf-response.yml b/tests/generic/tests/ssrf-response.yml index ef2cae4b..ebd8cead 100644 --- a/tests/generic/tests/ssrf-response.yml +++ b/tests/generic/tests/ssrf-response.yml @@ -21,7 +21,7 @@ tests: - 0.0.0.0 - 9010 - --ssrf-response - - 4e000a3137322e31372e302e31000086fc51aced0005770f0179bf1d8a0000017b14e4e4b08016757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b47020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f78700000000374000d706c61696e2d7365727665723274000e6c65676163792d7365727669636574000c706c61696e2d736572766572 + - 51aced0005770f0179bf1d8a0000017b14e4e4b08016757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b47020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f78700000000374000d706c61696e2d7365727665723274000e6c65676163792d7365727669636574000c706c61696e2d736572766572 - ${OPTIONS} validators: @@ -45,7 +45,7 @@ tests: - --scan-action - list - --ssrf-response - - 4e000a3137322e31372e302e31000086fc51aced0005770f0179bf1d8a0000017b14e4e4b08016757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b47020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f78700000000374000d706c61696e2d7365727665723274000e6c65676163792d7365727669636574000c706c61696e2d736572766572 + - 51aced0005770f0179bf1d8a0000017b14e4e4b08016757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b47020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f78700000000374000d706c61696e2d7365727665723274000e6c65676163792d7365727669636574000c706c61696e2d736572766572 - ${OPTIONS} validators: @@ -69,7 +69,7 @@ tests: - --bound-name - plain-server - --ssrf-response - - 4e000a3137322e31372e302e310000ce3a51aced0005770f0179bf1d8a0000017b14e4e4b08036737d00000001002964652e7174632e726d672e7365727665722e696e74657266616365732e49506c61696e536572766572740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b71007e000178707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c6572000000000000000202000071007e00017872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000071007e000178707736000a556e6963617374526566000d69696e7365637572652e646576000093a58bcdbb1c2ddfeb7f79bf1d8a0000017b14e4e4b080080178 + - 51aced0005770f0179bf1d8a0000017b14e4e4b08036737d00000001002964652e7174632e726d672e7365727665722e696e74657266616365732e49506c61696e536572766572740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b71007e000178707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c6572000000000000000202000071007e00017872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000071007e000178707736000a556e6963617374526566000d69696e7365637572652e646576000093a58bcdbb1c2ddfeb7f79bf1d8a0000017b14e4e4b080080178 - ${OPTIONS} validators: @@ -94,7 +94,7 @@ tests: - --scan-action - string-marshalling - --ssrf-response - - 4e000a3137322e31372e302e310000c49a51aced0005770f02ff8eb3a90000017b241870e1801f737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200206a6176612e6c616e672e436c6173734e6f74466f756e64457863657074696f6e7f5acd663ed4208e0200014c0002657871007e000371007e0001787200266a6176612e6c616e672e5265666c6563746976654f7065726174696f6e457863657074696f6e00000000075bcd1502000071007e00017871007e00057074002b64652e7174632e726d672e7574696c732e446566696e6974656c794e6f6e4578697374696e67436c6173737571007e000c000000277371007e000e02ffffffff707400176a6176612e6e65742e55524c436c6173734c6f616465727074000966696e64436c61737371007e001b71007e00137371007e000e02ffffffff707400156a6176612e6c616e672e436c6173734c6f61646572707400096c6f6164436c61737371007e001b71007e00137371007e000e02ffffffff7074002373756e2e726d692e7365727665722e4c6f6164657248616e646c6572244c6f616465727071007e005171007e001271007e00137371007e000e02ffffffff7071007e00507071007e005171007e001b71007e00137371007e000e02fffffffe7074000f6a6176612e6c616e672e436c61737370740008666f724e616d653071007e001b71007e00137371007e000e02ffffffff7071007e005670740007666f724e616d6571007e001b71007e00137371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c6572707400106c6f6164436c617373466f724e616d6571007e001271007e00137371007e000e02ffffffff7071007e005b7071007e005171007e001271007e00137371007e000e02ffffffff7071007e005b7071007e005171007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e005171007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e005171007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e00677074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e006770740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00677074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e00677074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00647074000c726561644c6f636174696f6e71007e001271007e00137371007e000e02ffffffff7071007e00647071007e006571007e001271007e00137371007e000e02ffffffff7071007e00677071007e006871007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006a71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006c71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006e71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e007071007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e00317870 + - 51aced0005770f02ff8eb3a90000017b241870e1801f737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200206a6176612e6c616e672e436c6173734e6f74466f756e64457863657074696f6e7f5acd663ed4208e0200014c0002657871007e000371007e0001787200266a6176612e6c616e672e5265666c6563746976654f7065726174696f6e457863657074696f6e00000000075bcd1502000071007e00017871007e00057074002b64652e7174632e726d672e7574696c732e446566696e6974656c794e6f6e4578697374696e67436c6173737571007e000c000000277371007e000e02ffffffff707400176a6176612e6e65742e55524c436c6173734c6f616465727074000966696e64436c61737371007e001b71007e00137371007e000e02ffffffff707400156a6176612e6c616e672e436c6173734c6f61646572707400096c6f6164436c61737371007e001b71007e00137371007e000e02ffffffff7074002373756e2e726d692e7365727665722e4c6f6164657248616e646c6572244c6f616465727071007e005171007e001271007e00137371007e000e02ffffffff7071007e00507071007e005171007e001b71007e00137371007e000e02fffffffe7074000f6a6176612e6c616e672e436c61737370740008666f724e616d653071007e001b71007e00137371007e000e02ffffffff7071007e005670740007666f724e616d6571007e001b71007e00137371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c6572707400106c6f6164436c617373466f724e616d6571007e001271007e00137371007e000e02ffffffff7071007e005b7071007e005171007e001271007e00137371007e000e02ffffffff7071007e005b7071007e005171007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e005171007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e005171007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e00677074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e006770740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00677074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e00677074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00647074000c726561644c6f636174696f6e71007e001271007e00137371007e000e02ffffffff7071007e00647071007e006571007e001271007e00137371007e000e02ffffffff7071007e00677071007e006871007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006a71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006c71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006e71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e007071007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e00317870 - ${OPTIONS} validators: @@ -118,7 +118,7 @@ tests: - --scan-action - codebase - --ssrf-response - - 4e000a3137322e31372e302e310000c4b251aced0005770f02ff8eb3a90000017b241870e18031737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e0031787372001e6a6176612e6e65742e4d616c666f726d656455524c457863657074696f6efd769bb78dded18602000071007e00017871007e000471007e00487400176e6f2070726f746f636f6c3a20496e76616c696455524c7571007e000c0000001c7371007e000e02ffffffff7074000c6a6176612e6e65742e55524c707400063c696e69743e71007e001b71007e00137371007e000e02ffffffff7071007e004c7071007e004d71007e001b71007e00137371007e000e02ffffffff7071007e004c7071007e004d71007e001b71007e00137371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c65727074000a70617468546f55524c7371007e001271007e00137371007e000e02ffffffff7071007e0051707400096c6f6164436c61737371007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e005471007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e005471007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e005d7074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e005d70740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e005d7074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e005d7074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178 + - 51aced0005770f02ff8eb3a90000017b241870e18031737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e0031787372001e6a6176612e6e65742e4d616c666f726d656455524c457863657074696f6efd769bb78dded18602000071007e00017871007e000471007e00487400176e6f2070726f746f636f6c3a20496e76616c696455524c7571007e000c0000001c7371007e000e02ffffffff7074000c6a6176612e6e65742e55524c707400063c696e69743e71007e001b71007e00137371007e000e02ffffffff7071007e004c7071007e004d71007e001b71007e00137371007e000e02ffffffff7071007e004c7071007e004d71007e001b71007e00137371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c65727074000a70617468546f55524c7371007e001271007e00137371007e000e02ffffffff7071007e0051707400096c6f6164436c61737371007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e005471007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e005471007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e005d7074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e005d70740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e005d7074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e005d7074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178 - ${OPTIONS} validators: @@ -142,7 +142,7 @@ tests: - --scan-action - localhost-bypass - --ssrf-response - - 4e000a3137322e31372e302e310000c4c851aced0005770f02ff8eb3a90000017b241870e180437372001a6a6176612e726d692e4e6f74426f756e64457863657074696f6ee637f9a72d7c3afb020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e0001787071007e000874004e49662074686973206e616d6520657869737473206f6e207468652072656769737472792c20697420697320646566696e6974656c7920746865206d61696e7461696e657273206661756c742e2e2e7572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e00017870000000127372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00054c000e6465636c6172696e67436c61737371007e00054c000866696c654e616d6571007e00054c000a6d6574686f644e616d6571007e00054c000a6d6f64756c654e616d6571007e00054c000d6d6f64756c6556657273696f6e71007e000571007e0001787002ffffffff7074001d73756e2e726d692e72656769737472792e5265676973747279496d706c70740006756e62696e647400086a6176612e726d69740005392e302e347371007e000c02fffffffe7074002d6a646b2e696e7465726e616c2e7265666c6563742e4e61746976654d6574686f644163636573736f72496d706c70740007696e766f6b65307400096a6176612e6261736571007e00117371007e000c02ffffffff7071007e001370740006696e766f6b6571007e001571007e00117371007e000c02ffffffff707400316a646b2e696e7465726e616c2e7265666c6563742e44656c65676174696e674d6574686f644163636573736f72496d706c7071007e001771007e001571007e00117371007e000c02ffffffff707400186a6176612e6c616e672e7265666c6563742e4d6574686f647071007e001771007e001571007e00117371007e000c02ffffffff7074001f73756e2e726d692e7365727665722e556e696361737453657276657252656670740008646973706174636871007e001071007e00117371007e000c02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001071007e00117371007e000c02ffffffff7071007e00207071007e002171007e001071007e00117371007e000c02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c6567656471007e001571007e00117371007e000c02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001071007e00117371007e000c02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001071007e00117371007e000c02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001071007e00117371007e000c02ffffffff7071007e002d7074000c6c616d6264612472756e243071007e001071007e00117371007e000c02fffffffe7071007e00247071007e002571007e001571007e00117371007e000c02ffffffff7071007e002d7071007e002171007e001071007e00117371007e000c02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001571007e00117371007e000c02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e002171007e001571007e00117371007e000c02ffffffff707400106a6176612e6c616e672e5468726561647071007e002171007e001571007e00117372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e0001787078 + - 51aced0005770f02ff8eb3a90000017b241870e180437372001a6a6176612e726d692e4e6f74426f756e64457863657074696f6ee637f9a72d7c3afb020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e0001787071007e000874004e49662074686973206e616d6520657869737473206f6e207468652072656769737472792c20697420697320646566696e6974656c7920746865206d61696e7461696e657273206661756c742e2e2e7572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e00017870000000127372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00054c000e6465636c6172696e67436c61737371007e00054c000866696c654e616d6571007e00054c000a6d6574686f644e616d6571007e00054c000a6d6f64756c654e616d6571007e00054c000d6d6f64756c6556657273696f6e71007e000571007e0001787002ffffffff7074001d73756e2e726d692e72656769737472792e5265676973747279496d706c70740006756e62696e647400086a6176612e726d69740005392e302e347371007e000c02fffffffe7074002d6a646b2e696e7465726e616c2e7265666c6563742e4e61746976654d6574686f644163636573736f72496d706c70740007696e766f6b65307400096a6176612e6261736571007e00117371007e000c02ffffffff7071007e001370740006696e766f6b6571007e001571007e00117371007e000c02ffffffff707400316a646b2e696e7465726e616c2e7265666c6563742e44656c65676174696e674d6574686f644163636573736f72496d706c7071007e001771007e001571007e00117371007e000c02ffffffff707400186a6176612e6c616e672e7265666c6563742e4d6574686f647071007e001771007e001571007e00117371007e000c02ffffffff7074001f73756e2e726d692e7365727665722e556e696361737453657276657252656670740008646973706174636871007e001071007e00117371007e000c02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001071007e00117371007e000c02ffffffff7071007e00207071007e002171007e001071007e00117371007e000c02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c6567656471007e001571007e00117371007e000c02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001071007e00117371007e000c02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001071007e00117371007e000c02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001071007e00117371007e000c02ffffffff7071007e002d7074000c6c616d6264612472756e243071007e001071007e00117371007e000c02fffffffe7071007e00247071007e002571007e001571007e00117371007e000c02ffffffff7071007e002d7071007e002171007e001071007e00117371007e000c02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001571007e00117371007e000c02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e002171007e001571007e00117371007e000c02ffffffff707400106a6176612e6c616e672e5468726561647071007e002171007e001571007e00117372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e0001787078 - ${OPTIONS} validators: @@ -166,7 +166,7 @@ tests: - --scan-action - security-manager - --ssrf-response - - 4e000a3137322e31372e302e310000c4dc51aced0005770f02ff8eb3a90000017b241870e18054737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074001e73756e2e726d692e7472616e73706f72742e444743496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200206a6176612e6c616e672e436c6173734e6f74466f756e64457863657074696f6e7f5acd663ed4208e0200014c0002657871007e000371007e0001787200266a6176612e6c616e672e5265666c6563746976654f7065726174696f6e457863657074696f6e00000000075bcd1502000071007e00017871007e00057074001d61636365737320746f20636c617373206c6f616465722064656e6965647571007e000c000000197371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c6572707400096c6f6164436c61737371007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e004e71007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e004e71007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e00587074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e005870740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00587074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e00587074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200246a6176612e73656375726974792e416363657373436f6e74726f6c457863657074696f6e474ea5094463b5770200014c00047065726d74001a4c6a6176612f73656375726974792f5065726d697373696f6e3b71007e00017872001b6a6176612e6c616e672e5365637572697479457863657074696f6e5f74dc826f65d63702000071007e00017872001a6a6176612e6c616e672e52756e74696d65457863657074696f6e9e5f06470a3483e502000071007e00017871007e000571007e00757400506163636573732064656e6965642028226a6176612e6e65742e536f636b65745065726d697373696f6e22202269696e7365637572652e6465763a3830222022636f6e6e6563742c7265736f6c766522297571007e000c0000001e7371007e000e02ffffffff707400226a6176612e73656375726974792e416363657373436f6e74726f6c436f6e746578747074000f636865636b5065726d697373696f6e71007e001b71007e00137371007e000e02ffffffff7071007e00197071007e007a71007e001b71007e00137371007e000e02ffffffff707400196a6176612e6c616e672e53656375726974794d616e616765727071007e007a71007e001b71007e00137371007e000e02ffffffff7074002373756e2e726d692e7365727665722e4c6f6164657248616e646c6572244c6f6164657270740010636865636b5065726d697373696f6e7371007e001271007e00137371007e000e02ffffffff7071007e007f7074000a6163636573732430303071007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00517071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00537071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00557071007e005671007e001271007e00137371007e000e02ffffffff7071007e00587071007e005971007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005b71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005d71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005f71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e006171007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200196a6176612e6e65742e536f636b65745065726d697373696f6e9c0550349e5309420300014c0007616374696f6e7371007e000771007e0001787200186a6176612e73656375726974792e5065726d697373696f6eb1c6e13f2857517e0200014c00046e616d6571007e000771007e0001787074001069696e7365637572652e6465763a383074000f636f6e6e6563742c7265736f6c766578 + - 51aced0005770f02ff8eb3a90000017b241870e18054737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074001e73756e2e726d692e7472616e73706f72742e444743496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200206a6176612e6c616e672e436c6173734e6f74466f756e64457863657074696f6e7f5acd663ed4208e0200014c0002657871007e000371007e0001787200266a6176612e6c616e672e5265666c6563746976654f7065726174696f6e457863657074696f6e00000000075bcd1502000071007e00017871007e00057074001d61636365737320746f20636c617373206c6f616465722064656e6965647571007e000c000000197371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c6572707400096c6f6164436c61737371007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e004e71007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e004e71007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e00587074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e005870740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00587074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e00587074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200246a6176612e73656375726974792e416363657373436f6e74726f6c457863657074696f6e474ea5094463b5770200014c00047065726d74001a4c6a6176612f73656375726974792f5065726d697373696f6e3b71007e00017872001b6a6176612e6c616e672e5365637572697479457863657074696f6e5f74dc826f65d63702000071007e00017872001a6a6176612e6c616e672e52756e74696d65457863657074696f6e9e5f06470a3483e502000071007e00017871007e000571007e00757400506163636573732064656e6965642028226a6176612e6e65742e536f636b65745065726d697373696f6e22202269696e7365637572652e6465763a3830222022636f6e6e6563742c7265736f6c766522297571007e000c0000001e7371007e000e02ffffffff707400226a6176612e73656375726974792e416363657373436f6e74726f6c436f6e746578747074000f636865636b5065726d697373696f6e71007e001b71007e00137371007e000e02ffffffff7071007e00197071007e007a71007e001b71007e00137371007e000e02ffffffff707400196a6176612e6c616e672e53656375726974794d616e616765727071007e007a71007e001b71007e00137371007e000e02ffffffff7074002373756e2e726d692e7365727665722e4c6f6164657248616e646c6572244c6f6164657270740010636865636b5065726d697373696f6e7371007e001271007e00137371007e000e02ffffffff7071007e007f7074000a6163636573732430303071007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00517071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00537071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00557071007e005671007e001271007e00137371007e000e02ffffffff7071007e00587071007e005971007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005b71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005d71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005f71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e006171007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200196a6176612e6e65742e536f636b65745065726d697373696f6e9c0550349e5309420300014c0007616374696f6e7371007e000771007e0001787200186a6176612e73656375726974792e5065726d697373696f6eb1c6e13f2857517e0200014c00046e616d6571007e000771007e0001787074001069696e7365637572652e6465763a383074000f636f6e6e6563742c7265736f6c766578 - ${OPTIONS} validators: @@ -190,7 +190,7 @@ tests: - --scan-action - jep290 - --ssrf-response - - 4e000a3137322e31372e302e310000c50451aced0005770f02ff8eb3a90000017b241870e18072737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074001e73756e2e726d692e7472616e73706f72742e444743496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e0031787372001d6a6176612e696f2e496e76616c6964436c617373457863657074696f6ec3dcf7c9968b66b00200014c0009636c6173736e616d6571007e000771007e00017872001d6a6176612e696f2e4f626a65637453747265616d457863657074696f6e64c3e46b8d39fbdf02000071007e00017871007e00047074001766696c746572207374617475733a2052454a45435445447571007e000c000000157371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d7074000b66696c746572436865636b71007e001b71007e00137371007e000e02ffffffff7071007e004d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e004d7074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e004d70740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e004d7074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e004d7074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e00317870 + - 51aced0005770f02ff8eb3a90000017b241870e18072737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074001e73756e2e726d692e7472616e73706f72742e444743496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e0031787372001d6a6176612e696f2e496e76616c6964436c617373457863657074696f6ec3dcf7c9968b66b00200014c0009636c6173736e616d6571007e000771007e00017872001d6a6176612e696f2e4f626a65637453747265616d457863657074696f6e64c3e46b8d39fbdf02000071007e00017871007e00047074001766696c746572207374617475733a2052454a45435445447571007e000c000000157371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d7074000b66696c746572436865636b71007e001b71007e00137371007e000e02ffffffff7071007e004d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e004d7074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e004d70740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e004d7074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e004d7074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e00317870 - ${OPTIONS} validators: @@ -214,7 +214,7 @@ tests: - --scan-action - filter-bypass - --ssrf-response - - 4e000a3137322e31372e302e310000c50851aced0005770f02ff8eb3a90000017b241870e18076737200226a6176612e6c616e672e496c6c6567616c417267756d656e74457863657074696f6eb58973d37d668fbc020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f7872001a6a6176612e6c616e672e52756e74696d65457863657074696f6e9e5f06470a3483e502000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e0001787071007e0009740019706f7274206f7574206f662072616e67653a313233343536377572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000002d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00064c000e6465636c6172696e67436c61737371007e00064c000866696c654e616d6571007e00064c000a6d6574686f644e616d6571007e00064c000a6d6f64756c654e616d6571007e00064c000d6d6f64756c6556657273696f6e71007e000671007e0001787002ffffffff7074001a6a6176612e6e65742e496e6574536f636b65744164647265737370740009636865636b506f72747400096a6176612e62617365740005392e302e347371007e000d02ffffffff7071007e000f707400063c696e69743e71007e001171007e00127371007e000d02ffffffff7074000f6a6176612e6e65742e536f636b65747071007e001471007e001171007e00127371007e000d02ffffffff7074002c73756e2e726d692e7472616e73706f72742e7463702e544350446972656374536f636b6574466163746f72797074000c637265617465536f636b65747400086a6176612e726d6971007e00127371007e000d02ffffffff7074002173756e2e726d692e7472616e73706f72742e7463702e544350456e64706f696e74707400096e6577536f636b657471007e001a71007e00127371007e000d02ffffffff7074002073756e2e726d692e7472616e73706f72742e7463702e5443504368616e6e656c70740010637265617465436f6e6e656374696f6e71007e001a71007e00127371007e000d02ffffffff7071007e001f7074000d6e6577436f6e6e656374696f6e71007e001a71007e00127371007e000d02ffffffff7074001973756e2e726d692e7365727665722e556e696361737452656670740006696e766f6b6571007e001a71007e00127371007e000d02ffffffff7074002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657270740012696e766f6b6552656d6f74654d6574686f6471007e001a71007e00127371007e000d02ffffffff7071007e00277071007e002571007e001a71007e00127371007e000d00ffffffff70740015636f6d2e73756e2e70726f78792e2450726f78793470740012637265617465536572766572536f636b657470707371007e000d02ffffffff7071007e001c7074000f6e6577536572766572536f636b657471007e001a71007e00127371007e000d02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f7274707400066c697374656e71007e001a71007e00127371007e000d02ffffffff7071007e00307074000c6578706f72744f626a65637471007e001a71007e00127371007e000d02ffffffff7071007e001c7071007e003371007e001a71007e00127371007e000d02ffffffff7074001973756e2e726d692e7472616e73706f72742e4c6976655265667071007e003371007e001a71007e00127371007e000d02ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667071007e003371007e001a71007e00127371007e000d02ffffffff707400236a6176612e726d692e7365727665722e556e696361737452656d6f74654f626a6563747071007e003371007e001a71007e00127371007e000d02ffffffff7071007e003a7071007e003371007e001a71007e00127371007e000d02ffffffff7071007e003a7074000872656578706f727471007e001a71007e00127371007e000d02ffffffff7071007e003a7074000a726561644f626a65637471007e001a71007e00127371007e000d02fffffffe7074002d6a646b2e696e7465726e616c2e7265666c6563742e4e61746976654d6574686f644163636573736f72496d706c70740007696e766f6b653071007e001171007e00127371007e000d02ffffffff7071007e00417071007e002571007e001171007e00127371007e000d02ffffffff707400316a646b2e696e7465726e616c2e7265666c6563742e44656c65676174696e674d6574686f644163636573736f72496d706c7071007e002571007e001171007e00127371007e000d02ffffffff707400186a6176612e6c616e672e7265666c6563742e4d6574686f647071007e002571007e001171007e00127371007e000d02ffffffff707400196a6176612e696f2e4f626a65637453747265616d436c61737370740010696e766f6b65526561644f626a65637471007e001171007e00127371007e000d02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d7074000e7265616453657269616c4461746171007e001171007e00127371007e000d02ffffffff7071007e004c70740012726561644f7264696e6172794f626a65637471007e001171007e00127371007e000d02ffffffff7071007e004c7074000b726561644f626a6563743071007e001171007e00127371007e000d02ffffffff7071007e004c7071007e003f71007e001171007e00127371007e000d02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c70740008646973706174636871007e001a71007e00127371007e000d02ffffffff7071007e00387074000b6f6c64446973706174636871007e001a71007e00127371007e000d02ffffffff7071007e00387071007e005571007e001a71007e00127371007e000d02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001a71007e00127371007e000d02ffffffff7071007e005a7071007e005b71007e001a71007e00127371007e000d02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c6567656471007e001171007e00127371007e000d02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001a71007e00127371007e000d02ffffffff7071007e00307074000e68616e646c654d6573736167657371007e001a71007e00127371007e000d02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001a71007e00127371007e000d02ffffffff7071007e00667074000c6c616d6264612472756e243071007e001a71007e00127371007e000d02fffffffe7071007e005e7071007e005f71007e001171007e00127371007e000d02ffffffff7071007e00667071007e005b71007e001a71007e00127371007e000d02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001171007e00127371007e000d02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e005b71007e001171007e00127371007e000d02ffffffff707400106a6176612e6c616e672e5468726561647071007e005b71007e001171007e00127372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e0001787078 + - 51aced0005770f02ff8eb3a90000017b241870e18076737200226a6176612e6c616e672e496c6c6567616c417267756d656e74457863657074696f6eb58973d37d668fbc020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f7872001a6a6176612e6c616e672e52756e74696d65457863657074696f6e9e5f06470a3483e502000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e0001787071007e0009740019706f7274206f7574206f662072616e67653a313233343536377572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000002d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00064c000e6465636c6172696e67436c61737371007e00064c000866696c654e616d6571007e00064c000a6d6574686f644e616d6571007e00064c000a6d6f64756c654e616d6571007e00064c000d6d6f64756c6556657273696f6e71007e000671007e0001787002ffffffff7074001a6a6176612e6e65742e496e6574536f636b65744164647265737370740009636865636b506f72747400096a6176612e62617365740005392e302e347371007e000d02ffffffff7071007e000f707400063c696e69743e71007e001171007e00127371007e000d02ffffffff7074000f6a6176612e6e65742e536f636b65747071007e001471007e001171007e00127371007e000d02ffffffff7074002c73756e2e726d692e7472616e73706f72742e7463702e544350446972656374536f636b6574466163746f72797074000c637265617465536f636b65747400086a6176612e726d6971007e00127371007e000d02ffffffff7074002173756e2e726d692e7472616e73706f72742e7463702e544350456e64706f696e74707400096e6577536f636b657471007e001a71007e00127371007e000d02ffffffff7074002073756e2e726d692e7472616e73706f72742e7463702e5443504368616e6e656c70740010637265617465436f6e6e656374696f6e71007e001a71007e00127371007e000d02ffffffff7071007e001f7074000d6e6577436f6e6e656374696f6e71007e001a71007e00127371007e000d02ffffffff7074001973756e2e726d692e7365727665722e556e696361737452656670740006696e766f6b6571007e001a71007e00127371007e000d02ffffffff7074002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657270740012696e766f6b6552656d6f74654d6574686f6471007e001a71007e00127371007e000d02ffffffff7071007e00277071007e002571007e001a71007e00127371007e000d00ffffffff70740015636f6d2e73756e2e70726f78792e2450726f78793470740012637265617465536572766572536f636b657470707371007e000d02ffffffff7071007e001c7074000f6e6577536572766572536f636b657471007e001a71007e00127371007e000d02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f7274707400066c697374656e71007e001a71007e00127371007e000d02ffffffff7071007e00307074000c6578706f72744f626a65637471007e001a71007e00127371007e000d02ffffffff7071007e001c7071007e003371007e001a71007e00127371007e000d02ffffffff7074001973756e2e726d692e7472616e73706f72742e4c6976655265667071007e003371007e001a71007e00127371007e000d02ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667071007e003371007e001a71007e00127371007e000d02ffffffff707400236a6176612e726d692e7365727665722e556e696361737452656d6f74654f626a6563747071007e003371007e001a71007e00127371007e000d02ffffffff7071007e003a7071007e003371007e001a71007e00127371007e000d02ffffffff7071007e003a7074000872656578706f727471007e001a71007e00127371007e000d02ffffffff7071007e003a7074000a726561644f626a65637471007e001a71007e00127371007e000d02fffffffe7074002d6a646b2e696e7465726e616c2e7265666c6563742e4e61746976654d6574686f644163636573736f72496d706c70740007696e766f6b653071007e001171007e00127371007e000d02ffffffff7071007e00417071007e002571007e001171007e00127371007e000d02ffffffff707400316a646b2e696e7465726e616c2e7265666c6563742e44656c65676174696e674d6574686f644163636573736f72496d706c7071007e002571007e001171007e00127371007e000d02ffffffff707400186a6176612e6c616e672e7265666c6563742e4d6574686f647071007e002571007e001171007e00127371007e000d02ffffffff707400196a6176612e696f2e4f626a65637453747265616d436c61737370740010696e766f6b65526561644f626a65637471007e001171007e00127371007e000d02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d7074000e7265616453657269616c4461746171007e001171007e00127371007e000d02ffffffff7071007e004c70740012726561644f7264696e6172794f626a65637471007e001171007e00127371007e000d02ffffffff7071007e004c7074000b726561644f626a6563743071007e001171007e00127371007e000d02ffffffff7071007e004c7071007e003f71007e001171007e00127371007e000d02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c70740008646973706174636871007e001a71007e00127371007e000d02ffffffff7071007e00387074000b6f6c64446973706174636871007e001a71007e00127371007e000d02ffffffff7071007e00387071007e005571007e001a71007e00127371007e000d02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001a71007e00127371007e000d02ffffffff7071007e005a7071007e005b71007e001a71007e00127371007e000d02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c6567656471007e001171007e00127371007e000d02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001a71007e00127371007e000d02ffffffff7071007e00307074000e68616e646c654d6573736167657371007e001a71007e00127371007e000d02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001a71007e00127371007e000d02ffffffff7071007e00667074000c6c616d6264612472756e243071007e001a71007e00127371007e000d02fffffffe7071007e005e7071007e005f71007e001171007e00127371007e000d02ffffffff7071007e00667071007e005b71007e001a71007e00127371007e000d02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001171007e00127371007e000d02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e005b71007e001171007e00127371007e000d02ffffffff707400106a6176612e6c616e672e5468726561647071007e005b71007e001171007e00127372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e0001787078 - ${OPTIONS} validators: @@ -229,6 +229,245 @@ tests: description: |- 'Simulates server output for remote-method-guessers --ssrf-response option.' + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - activator + - --ssrf-response + - 51aced0005770f02ff8eb3a90000017b241870e18087737200226a6176612e6c616e672e496c6c6567616c417267756d656e74457863657074696f6eb58973d37d668fbc020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f7872001a6a6176612e6c616e672e52756e74696d65457863657074696f6e9e5f06470a3483e502000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e0001787071007e0009740016617267756d656e742074797065206d69736d617463687572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e00017870000000117372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00064c000e6465636c6172696e67436c61737371007e00064c000866696c654e616d6571007e00064c000a6d6574686f644e616d6571007e00064c000a6d6f64756c654e616d6571007e00064c000d6d6f64756c6556657273696f6e71007e000671007e0001787002fffffffe7074002d6a646b2e696e7465726e616c2e7265666c6563742e4e61746976654d6574686f644163636573736f72496d706c70740007696e766f6b65307400096a6176612e62617365740005392e302e347371007e000d02ffffffff7071007e000f70740006696e766f6b6571007e001171007e00127371007e000d02ffffffff707400316a646b2e696e7465726e616c2e7265666c6563742e44656c65676174696e674d6574686f644163636573736f72496d706c7071007e001471007e001171007e00127371007e000d02ffffffff707400186a6176612e6c616e672e7265666c6563742e4d6574686f647071007e001471007e001171007e00127371007e000d02ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d6971007e00127371007e000d02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001c71007e00127371007e000d02ffffffff7071007e001e7071007e001f71007e001c71007e00127371007e000d02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c6567656471007e001171007e00127371007e000d02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001c71007e00127371007e000d02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001c71007e00127371007e000d02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001c71007e00127371007e000d02ffffffff7071007e002b7074000c6c616d6264612472756e243071007e001c71007e00127371007e000d02fffffffe7071007e00227071007e002371007e001171007e00127371007e000d02ffffffff7071007e002b7071007e001f71007e001c71007e00127371007e000d02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001171007e00127371007e000d02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001f71007e001171007e00127371007e000d02ffffffff707400106a6176612e6c616e672e5468726561647071007e001f71007e001171007e00127372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e0001787078 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'activator is present' + - 'Deserialization allowed' + - 'Vulnerability Status: Vulnerable' + - 'Client codebase disabled' + - 'Configuration Status: Current Default' + + - title: SSRF Response Enum (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --ssrf-response + - 4e000a3137322e31372e302e31000086fc51aced0005770f0179bf1d8a0000017b14e4e4b08016757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b47020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f78700000000374000d706c61696e2d7365727665723274000e6c65676163792d7365727669636574000c706c61696e2d736572766572 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'plain-server' + - 'plain-server2' + - 'legacy-service' + + + - title: SSRF Response List (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - list + - --ssrf-response + - 4e000a3137322e31372e302e31000086fc51aced0005770f0179bf1d8a0000017b14e4e4b08016757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b47020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f78700000000374000d706c61696e2d7365727665723274000e6c65676163792d7365727669636574000c706c61696e2d736572766572 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'plain-server' + - 'plain-server2' + - 'legacy-service' + + + - title: SSRF Response Lookup (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --bound-name + - plain-server + - --ssrf-response + - 4e000a3137322e31372e302e310000ce3a51aced0005770f0179bf1d8a0000017b14e4e4b08036737d00000001002964652e7174632e726d672e7365727665722e696e74657266616365732e49506c61696e536572766572740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b71007e000178707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c6572000000000000000202000071007e00017872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000071007e000178707736000a556e6963617374526566000d69696e7365637572652e646576000093a58bcdbb1c2ddfeb7f79bf1d8a0000017b14e4e4b080080178 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'plain-server' + - 'de.qtc.rmg.server.interfaces.IPlainServer (unknown class)' + - 'Endpoint: iinsecure.dev:37797 TLS: no ObjID: [79bf1d8a:17b14e4e4b0:-7ff8, -8372830402508756097]' + - 'http://iinsecure.dev/well-hidden-development-folder/' + + + - title: SSRF Response String Marshalling (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - string-marshalling + - --ssrf-response + - 4e000a3137322e31372e302e310000c49a51aced0005770f02ff8eb3a90000017b241870e1801f737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200206a6176612e6c616e672e436c6173734e6f74466f756e64457863657074696f6e7f5acd663ed4208e0200014c0002657871007e000371007e0001787200266a6176612e6c616e672e5265666c6563746976654f7065726174696f6e457863657074696f6e00000000075bcd1502000071007e00017871007e00057074002b64652e7174632e726d672e7574696c732e446566696e6974656c794e6f6e4578697374696e67436c6173737571007e000c000000277371007e000e02ffffffff707400176a6176612e6e65742e55524c436c6173734c6f616465727074000966696e64436c61737371007e001b71007e00137371007e000e02ffffffff707400156a6176612e6c616e672e436c6173734c6f61646572707400096c6f6164436c61737371007e001b71007e00137371007e000e02ffffffff7074002373756e2e726d692e7365727665722e4c6f6164657248616e646c6572244c6f616465727071007e005171007e001271007e00137371007e000e02ffffffff7071007e00507071007e005171007e001b71007e00137371007e000e02fffffffe7074000f6a6176612e6c616e672e436c61737370740008666f724e616d653071007e001b71007e00137371007e000e02ffffffff7071007e005670740007666f724e616d6571007e001b71007e00137371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c6572707400106c6f6164436c617373466f724e616d6571007e001271007e00137371007e000e02ffffffff7071007e005b7071007e005171007e001271007e00137371007e000e02ffffffff7071007e005b7071007e005171007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e005171007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e005171007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e00677074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e006770740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00677074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e00677074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00647074000c726561644c6f636174696f6e71007e001271007e00137371007e000e02ffffffff7071007e00647071007e006571007e001271007e00137371007e000e02ffffffff7071007e00677071007e006871007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006a71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006c71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e006e71007e001b71007e00137371007e000e02ffffffff7071007e00677071007e007071007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e00317870 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'Caught ClassNotFoundException' + - 'unmarshalled via readObject()' + - 'Configuration Status: Outdated' + + + - title: SSRF Response Codebase (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - codebase + - --ssrf-response + - 4e000a3137322e31372e302e310000c4b251aced0005770f02ff8eb3a90000017b241870e18031737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e0031787372001e6a6176612e6e65742e4d616c666f726d656455524c457863657074696f6efd769bb78dded18602000071007e00017871007e000471007e00487400176e6f2070726f746f636f6c3a20496e76616c696455524c7571007e000c0000001c7371007e000e02ffffffff7074000c6a6176612e6e65742e55524c707400063c696e69743e71007e001b71007e00137371007e000e02ffffffff7071007e004c7071007e004d71007e001b71007e00137371007e000e02ffffffff7071007e004c7071007e004d71007e001b71007e00137371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c65727074000a70617468546f55524c7371007e001271007e00137371007e000e02ffffffff7071007e0051707400096c6f6164436c61737371007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e005471007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e005471007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e005d7074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e005d70740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e005d7074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e005d7074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'MalformedURLException' + - 'useCodebaseOnly=false' + - 'Non Default' + + + - title: SSRF Response Codebase (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - localhost-bypass + - --ssrf-response + - 4e000a3137322e31372e302e310000c4c851aced0005770f02ff8eb3a90000017b241870e180437372001a6a6176612e726d692e4e6f74426f756e64457863657074696f6ee637f9a72d7c3afb020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e0001787071007e000874004e49662074686973206e616d6520657869737473206f6e207468652072656769737472792c20697420697320646566696e6974656c7920746865206d61696e7461696e657273206661756c742e2e2e7572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e00017870000000127372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00054c000e6465636c6172696e67436c61737371007e00054c000866696c654e616d6571007e00054c000a6d6574686f644e616d6571007e00054c000a6d6f64756c654e616d6571007e00054c000d6d6f64756c6556657273696f6e71007e000571007e0001787002ffffffff7074001d73756e2e726d692e72656769737472792e5265676973747279496d706c70740006756e62696e647400086a6176612e726d69740005392e302e347371007e000c02fffffffe7074002d6a646b2e696e7465726e616c2e7265666c6563742e4e61746976654d6574686f644163636573736f72496d706c70740007696e766f6b65307400096a6176612e6261736571007e00117371007e000c02ffffffff7071007e001370740006696e766f6b6571007e001571007e00117371007e000c02ffffffff707400316a646b2e696e7465726e616c2e7265666c6563742e44656c65676174696e674d6574686f644163636573736f72496d706c7071007e001771007e001571007e00117371007e000c02ffffffff707400186a6176612e6c616e672e7265666c6563742e4d6574686f647071007e001771007e001571007e00117371007e000c02ffffffff7074001f73756e2e726d692e7365727665722e556e696361737453657276657252656670740008646973706174636871007e001071007e00117371007e000c02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001071007e00117371007e000c02ffffffff7071007e00207071007e002171007e001071007e00117371007e000c02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c6567656471007e001571007e00117371007e000c02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001071007e00117371007e000c02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001071007e00117371007e000c02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001071007e00117371007e000c02ffffffff7071007e002d7074000c6c616d6264612472756e243071007e001071007e00117371007e000c02fffffffe7071007e00247071007e002571007e001571007e00117371007e000c02ffffffff7071007e002d7071007e002171007e001071007e00117371007e000c02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001571007e00117371007e000c02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e002171007e001571007e00117371007e000c02ffffffff707400106a6176612e6c616e672e5468726561647071007e002171007e001571007e00117372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e0001787078 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'NotBoundException' + - 'unbind was accepeted' + - 'Vulnerability Status: Vulnerable' + + + - title: SSRF Response Security Manager (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - security-manager + - --ssrf-response + - 4e000a3137322e31372e302e310000c4dc51aced0005770f02ff8eb3a90000017b241870e18054737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074001e73756e2e726d692e7472616e73706f72742e444743496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200206a6176612e6c616e672e436c6173734e6f74466f756e64457863657074696f6e7f5acd663ed4208e0200014c0002657871007e000371007e0001787200266a6176612e6c616e672e5265666c6563746976654f7065726174696f6e457863657074696f6e00000000075bcd1502000071007e00017871007e00057074001d61636365737320746f20636c617373206c6f616465722064656e6965647571007e000c000000197371007e000e02ffffffff7074001c73756e2e726d692e7365727665722e4c6f6164657248616e646c6572707400096c6f6164436c61737371007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff707400206a6176612e726d692e7365727665722e524d49436c6173734c6f6164657224327071007e004e71007e001271007e00137371007e000e02ffffffff7074001e6a6176612e726d692e7365727665722e524d49436c6173734c6f616465727071007e004e71007e001271007e00137371007e000e02ffffffff7074002173756e2e726d692e7365727665722e4d61727368616c496e70757453747265616d7074000c7265736f6c7665436c61737371007e001271007e00137371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e00587074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e005870740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00587074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e00587074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200246a6176612e73656375726974792e416363657373436f6e74726f6c457863657074696f6e474ea5094463b5770200014c00047065726d74001a4c6a6176612f73656375726974792f5065726d697373696f6e3b71007e00017872001b6a6176612e6c616e672e5365637572697479457863657074696f6e5f74dc826f65d63702000071007e00017872001a6a6176612e6c616e672e52756e74696d65457863657074696f6e9e5f06470a3483e502000071007e00017871007e000571007e00757400506163636573732064656e6965642028226a6176612e6e65742e536f636b65745065726d697373696f6e22202269696e7365637572652e6465763a3830222022636f6e6e6563742c7265736f6c766522297571007e000c0000001e7371007e000e02ffffffff707400226a6176612e73656375726974792e416363657373436f6e74726f6c436f6e746578747074000f636865636b5065726d697373696f6e71007e001b71007e00137371007e000e02ffffffff7071007e00197071007e007a71007e001b71007e00137371007e000e02ffffffff707400196a6176612e6c616e672e53656375726974794d616e616765727071007e007a71007e001b71007e00137371007e000e02ffffffff7074002373756e2e726d692e7365727665722e4c6f6164657248616e646c6572244c6f6164657270740010636865636b5065726d697373696f6e7371007e001271007e00137371007e000e02ffffffff7071007e007f7074000a6163636573732430303071007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff7071007e004d7071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00517071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00537071007e004e71007e001271007e00137371007e000e02ffffffff7071007e00557071007e005671007e001271007e00137371007e000e02ffffffff7071007e00587071007e005971007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005b71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005d71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e005f71007e001b71007e00137371007e000e02ffffffff7071007e00587071007e006171007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e003178737200196a6176612e6e65742e536f636b65745065726d697373696f6e9c0550349e5309420300014c0007616374696f6e7371007e000771007e0001787200186a6176612e73656375726974792e5065726d697373696f6eb1c6e13f2857517e0200014c00046e616d6571007e000771007e0001787074001069696e7365637572652e6465763a383074000f636f6e6e6563742c7265736f6c766578 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'rejected access' + - 'does use a Security Manager' + - 'Configuration Status: Current Default' + + + - title: SSRF Response JEP290 (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - jep290 + - --ssrf-response + - 4e000a3137322e31372e302e310000c50451aced0005770f02ff8eb3a90000017b241870e18072737200186a6176612e726d692e536572766572457863657074696f6ebdb8c9fdc1279006020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f787200186a6176612e726d692e52656d6f7465457863657074696f6eb88c9d4edee47a220200014c000664657461696c7400154c6a6176612f6c616e672f5468726f7761626c653b71007e0001787200136a6176612e696f2e494f457863657074696f6e6c8073646525f0ab02000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c0005636175736571007e00034c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e000178707074002952656d6f7465457863657074696f6e206f6363757272656420696e20736572766572207468726561647572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000000d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00074c000e6465636c6172696e67436c61737371007e00074c000866696c654e616d6571007e00074c000a6d6574686f644e616d6571007e00074c000a6d6f64756c654e616d6571007e00074c000d6d6f64756c6556657273696f6e71007e000771007e0001787002ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667074000864697370617463687400086a6176612e726d69740005392e302e347371007e000e02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c656765647400096a6176612e6261736571007e00137371007e000e02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001271007e00137371007e000e02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f72747074000e68616e646c654d6573736167657371007e001271007e00137371007e000e02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001271007e00137371007e000e02ffffffff7071007e00237074000c6c616d6264612472756e243071007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001b71007e00137371007e000e02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e001671007e001b71007e00137371007e000e02ffffffff707400106a6176612e6c616e672e5468726561647071007e001671007e001b71007e00137372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e00017870787372001b6a6176612e726d692e556e6d61727368616c457863657074696f6e083faa3abfe9087a02000071007e00017871007e00027074001d6572726f7220756e6d61727368616c6c696e6720617267756d656e74737571007e000c0000000f7371007e000e02ffffffff7074001e73756e2e726d692e7472616e73706f72742e444743496d706c5f536b656c7071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107074000b6f6c64446973706174636871007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e0031787372001d6a6176612e696f2e496e76616c6964436c617373457863657074696f6ec3dcf7c9968b66b00200014c0009636c6173736e616d6571007e000771007e00017872001d6a6176612e696f2e4f626a65637453747265616d457863657074696f6e64c3e46b8d39fbdf02000071007e00017871007e00047074001766696c746572207374617475733a2052454a45435445447571007e000c000000157371007e000e02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d7074000b66696c746572436865636b71007e001b71007e00137371007e000e02ffffffff7071007e004d70740010726561644e6f6e50726f78794465736371007e001b71007e00137371007e000e02ffffffff7071007e004d7074000d72656164436c6173734465736371007e001b71007e00137371007e000e02ffffffff7071007e004d70740012726561644f7264696e6172794f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e004d7074000b726561644f626a6563743071007e001b71007e00137371007e000e02ffffffff7071007e004d7074000a726561644f626a65637471007e001b71007e00137371007e000e02ffffffff7071007e00377071007e001171007e001271007e00137371007e000e02ffffffff7071007e00107071007e003971007e001271007e00137371007e000e02ffffffff7071007e00107071007e001171007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02ffffffff7071007e00157071007e001671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e001d7071007e001e71007e001271007e00137371007e000e02ffffffff7071007e00207071007e002171007e001271007e00137371007e000e02ffffffff7071007e00237071007e002471007e001271007e00137371007e000e02ffffffff7071007e00237071007e002671007e001271007e00137371007e000e02fffffffe7071007e00197071007e001a71007e001b71007e00137371007e000e02ffffffff7071007e00237071007e001671007e001271007e00137371007e000e02ffffffff7071007e002a7071007e002b71007e001b71007e00137371007e000e02ffffffff7071007e002d7071007e001671007e001b71007e00137371007e000e02ffffffff7071007e002f7071007e001671007e001b71007e001371007e00317870 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'DGC rejected deserialization' + - 'JEP290 is installed' + - 'Vulnerability Status: Non Vulnerable' + + + - title: SSRF Response JEP290_BYPASS (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - filter-bypass + - --ssrf-response + - 4e000a3137322e31372e302e310000c50851aced0005770f02ff8eb3a90000017b241870e18076737200226a6176612e6c616e672e496c6c6567616c417267756d656e74457863657074696f6eb58973d37d668fbc020000740034687474703a2f2f69696e7365637572652e6465762f77656c6c2d68696464656e2d646576656c6f706d656e742d666f6c6465722f7872001a6a6176612e6c616e672e52756e74696d65457863657074696f6e9e5f06470a3483e502000071007e0001787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc402000071007e0001787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b71007e0001787071007e0009740019706f7274206f7574206f662072616e67653a313233343536377572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000071007e000178700000002d7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd85020008420006666f726d617449000a6c696e654e756d6265724c000f636c6173734c6f616465724e616d6571007e00064c000e6465636c6172696e67436c61737371007e00064c000866696c654e616d6571007e00064c000a6d6574686f644e616d6571007e00064c000a6d6f64756c654e616d6571007e00064c000d6d6f64756c6556657273696f6e71007e000671007e0001787002ffffffff7074001a6a6176612e6e65742e496e6574536f636b65744164647265737370740009636865636b506f72747400096a6176612e62617365740005392e302e347371007e000d02ffffffff7071007e000f707400063c696e69743e71007e001171007e00127371007e000d02ffffffff7074000f6a6176612e6e65742e536f636b65747071007e001471007e001171007e00127371007e000d02ffffffff7074002c73756e2e726d692e7472616e73706f72742e7463702e544350446972656374536f636b6574466163746f72797074000c637265617465536f636b65747400086a6176612e726d6971007e00127371007e000d02ffffffff7074002173756e2e726d692e7472616e73706f72742e7463702e544350456e64706f696e74707400096e6577536f636b657471007e001a71007e00127371007e000d02ffffffff7074002073756e2e726d692e7472616e73706f72742e7463702e5443504368616e6e656c70740010637265617465436f6e6e656374696f6e71007e001a71007e00127371007e000d02ffffffff7071007e001f7074000d6e6577436f6e6e656374696f6e71007e001a71007e00127371007e000d02ffffffff7074001973756e2e726d692e7365727665722e556e696361737452656670740006696e766f6b6571007e001a71007e00127371007e000d02ffffffff7074002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657270740012696e766f6b6552656d6f74654d6574686f6471007e001a71007e00127371007e000d02ffffffff7071007e00277071007e002571007e001a71007e00127371007e000d00ffffffff70740015636f6d2e73756e2e70726f78792e2450726f78793470740012637265617465536572766572536f636b657470707371007e000d02ffffffff7071007e001c7074000f6e6577536572766572536f636b657471007e001a71007e00127371007e000d02ffffffff7074002273756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f7274707400066c697374656e71007e001a71007e00127371007e000d02ffffffff7071007e00307074000c6578706f72744f626a65637471007e001a71007e00127371007e000d02ffffffff7071007e001c7071007e003371007e001a71007e00127371007e000d02ffffffff7074001973756e2e726d692e7472616e73706f72742e4c6976655265667071007e003371007e001a71007e00127371007e000d02ffffffff7074001f73756e2e726d692e7365727665722e556e69636173745365727665725265667071007e003371007e001a71007e00127371007e000d02ffffffff707400236a6176612e726d692e7365727665722e556e696361737452656d6f74654f626a6563747071007e003371007e001a71007e00127371007e000d02ffffffff7071007e003a7071007e003371007e001a71007e00127371007e000d02ffffffff7071007e003a7074000872656578706f727471007e001a71007e00127371007e000d02ffffffff7071007e003a7074000a726561644f626a65637471007e001a71007e00127371007e000d02fffffffe7074002d6a646b2e696e7465726e616c2e7265666c6563742e4e61746976654d6574686f644163636573736f72496d706c70740007696e766f6b653071007e001171007e00127371007e000d02ffffffff7071007e00417071007e002571007e001171007e00127371007e000d02ffffffff707400316a646b2e696e7465726e616c2e7265666c6563742e44656c65676174696e674d6574686f644163636573736f72496d706c7071007e002571007e001171007e00127371007e000d02ffffffff707400186a6176612e6c616e672e7265666c6563742e4d6574686f647071007e002571007e001171007e00127371007e000d02ffffffff707400196a6176612e696f2e4f626a65637453747265616d436c61737370740010696e766f6b65526561644f626a65637471007e001171007e00127371007e000d02ffffffff707400196a6176612e696f2e4f626a656374496e70757453747265616d7074000e7265616453657269616c4461746171007e001171007e00127371007e000d02ffffffff7071007e004c70740012726561644f7264696e6172794f626a65637471007e001171007e00127371007e000d02ffffffff7071007e004c7074000b726561644f626a6563743071007e001171007e00127371007e000d02ffffffff7071007e004c7071007e003f71007e001171007e00127371007e000d02ffffffff7074002273756e2e726d692e72656769737472792e5265676973747279496d706c5f536b656c70740008646973706174636871007e001a71007e00127371007e000d02ffffffff7071007e00387074000b6f6c64446973706174636871007e001a71007e00127371007e000d02ffffffff7071007e00387071007e005571007e001a71007e00127371007e000d02ffffffff7074001d73756e2e726d692e7472616e73706f72742e5472616e73706f727424317074000372756e71007e001a71007e00127371007e000d02ffffffff7071007e005a7071007e005b71007e001a71007e00127371007e000d02fffffffe7074001e6a6176612e73656375726974792e416363657373436f6e74726f6c6c65727074000c646f50726976696c6567656471007e001171007e00127371007e000d02ffffffff7074001b73756e2e726d692e7472616e73706f72742e5472616e73706f72747074000b7365727669636543616c6c71007e001a71007e00127371007e000d02ffffffff7071007e00307074000e68616e646c654d6573736167657371007e001a71007e00127371007e000d02ffffffff7074003473756e2e726d692e7472616e73706f72742e7463702e5443505472616e73706f727424436f6e6e656374696f6e48616e646c65727074000472756e3071007e001a71007e00127371007e000d02ffffffff7071007e00667074000c6c616d6264612472756e243071007e001a71007e00127371007e000d02fffffffe7071007e005e7071007e005f71007e001171007e00127371007e000d02ffffffff7071007e00667071007e005b71007e001a71007e00127371007e000d02ffffffff707400276a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f727074000972756e576f726b657271007e001171007e00127371007e000d02ffffffff7074002e6a6176612e7574696c2e636f6e63757272656e742e546872656164506f6f6c4578656375746f7224576f726b65727071007e005b71007e001171007e00127371007e000d02ffffffff707400106a6176612e6c616e672e5468726561647071007e005b71007e001171007e00127372001f6a6176612e7574696c2e436f6c6c656374696f6e7324456d7074794c6973747ab817b43ca79ede02000071007e0001787078 + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'IllegalArgumentException after sending An Trinh gadget' + - 'Vulnerability Status: Vulnerable' + + + - title: SSRF Response Activator (Stream Protocol) + description: |- + 'Simulates server output for remote-method-guessers --ssrf-response option.' + command: - rmg - enum diff --git a/tests/generic/tests/ssrf.yml b/tests/generic/tests/ssrf.yml index 9df020e1..ac6bec6c 100644 --- a/tests/generic/tests/ssrf.yml +++ b/tests/generic/tests/ssrf.yml @@ -27,7 +27,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000144154dc9d4e63bdf' + - '4a524d4900024c50aced00057722000000000000000000000000000000000000000000000000000144154dc9d4e63bdf' - title: SSRF Enum (gopher) @@ -47,7 +47,7 @@ tests: - error: False - contains: values: - - 'gopher://0.0.0.0:9010/_%4a%52%4d%49%00%02%4b%00%09%31%32%37%2e%30%2e%31%2e%31%00%00%00%00%50%ac%ed%00%05%77%22%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%01%44%15%4d%c9%d4%e6%3b%df' + - 'gopher://0.0.0.0:9010/_%4a%52%4d%49%00%02%4c%50%ac%ed%00%05%77%22%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%01%44%15%4d%c9%d4%e6%3b%df' - title: SSRF Enum Activator @@ -68,7 +68,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced0005772200000000000000010000000000000000000000000000ffffffff865418f025f0108a737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c647078703f400000000000007708000000100000000078770100' + - '4a524d4900024c50aced0005772200000000000000010000000000000000000000000000ffffffff865418f025f0108a737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c647078703f400000000000007708000000100000000078770100' - title: SSRF Enum Codebase @@ -89,7 +89,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf737200116a6176612e6c616e672e496e746567657212e2a0a4f781873802000149000576616c756574000a496e76616c696455524c787200106a6176612e6c616e672e4e756d62657286ac951d0b94e08b02000071007e0001787000000000' + - '4a524d4900024c50aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf737200116a6176612e6c616e672e496e746567657212e2a0a4f781873802000149000576616c756574000a496e76616c696455524c787200106a6176612e6c616e672e4e756d62657286ac951d0b94e08b02000071007e0001787000000000' - title: SSRF Enum Security Manager @@ -110,7 +110,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced000577220000000000000002000000000000000000000000000000000000f6b6898d8bf28643757200185b4c6a6176612e726d692e7365727665722e4f626a49443b871300b8d02c647e02000074000a496e76616c696455524c787000000000770800000000000000007372002b64652e7174632e726d672e7574696c732e446566696e6974656c794e6f6e4578697374696e67436c617373000000000000000202000071007e00017870770101' + - '4a524d4900024c50aced000577220000000000000002000000000000000000000000000000000000f6b6898d8bf28643757200185b4c6a6176612e726d692e7365727665722e4f626a49443b871300b8d02c647e02000074000a496e76616c696455524c787000000000770800000000000000007372002b64652e7174632e726d672e7574696c732e446566696e6974656c794e6f6e4578697374696e67436c617373000000000000000202000071007e00017870770101' - title: SSRF Enum JEP290 @@ -131,7 +131,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced000577220000000000000002000000000000000000000000000000000000f6b6898d8bf28643757200185b4c6a6176612e726d692e7365727665722e4f626a49443b871300b8d02c647e0200007078700000000077080000000000000000737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c647078703f400000000000007708000000100000000078770101' + - '4a524d4900024c50aced000577220000000000000002000000000000000000000000000000000000f6b6898d8bf28643757200185b4c6a6176612e726d692e7365727665722e4f626a49443b871300b8d02c647e0200007078700000000077080000000000000000737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c647078703f400000000000007708000000100000000078770101' - title: SSRF Enum JEP290_BYPASS @@ -152,7 +152,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf737200236a6176612e726d692e7365727665722e556e696361737452656d6f74654f626a65637445091215f5e27e31020003490004706f72744c00036373667400284c6a6176612f726d692f7365727665722f524d49436c69656e74536f636b6574466163746f72793b4c00037373667400284c6a6176612f726d692f7365727665722f524d49536572766572536f636b6574466163746f72793b707872001c6a6176612e726d692e7365727665722e52656d6f7465536572766572c719071268f339fb020000707872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000070787077130011556e696361737453657276657252656632780000000070737d0000000200266a6176612e726d692e7365727665722e524d49536572766572536f636b6574466163746f7279000f6a6176612e726d692e52656d6f746570787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b7078707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c65720000000000000002020000707871007e00047732000a556e696361737452656600093132372e302e302e310012d687000000000000007b00000000000000000000000000000078' + - '4a524d4900024c50aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf737200236a6176612e726d692e7365727665722e556e696361737452656d6f74654f626a65637445091215f5e27e31020003490004706f72744c00036373667400284c6a6176612f726d692f7365727665722f524d49436c69656e74536f636b6574466163746f72793b4c00037373667400284c6a6176612f726d692f7365727665722f524d49536572766572536f636b6574466163746f72793b707872001c6a6176612e726d692e7365727665722e52656d6f7465536572766572c719071268f339fb020000707872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000070787077130011556e696361737453657276657252656632780000000070737d0000000200266a6176612e726d692e7365727665722e524d49536572766572536f636b6574466163746f7279000f6a6176612e726d692e52656d6f746570787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b7078707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c65720000000000000002020000707871007e00047732000a556e696361737452656600093132372e302e302e310012d687000000000000007b00000000000000000000000000000078' - title: SSRF Enum List @@ -173,7 +173,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000144154dc9d4e63bdf' + - '4a524d4900024c50aced00057722000000000000000000000000000000000000000000000000000144154dc9d4e63bdf' - title: SSRF Enum Lookup @@ -196,7 +196,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf74000474657374' + - '4a524d4900024c50aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf74000474657374' - title: SSRF Enum Localhost Bypass @@ -217,7 +217,7 @@ tests: - error: False - contains: values: - - '4a524d4900024b00093132372e302e312e310000000050aced0005772200000000000000000000000000000000000000000000ffffffff6560a7a458d70a7a74004e49662074686973206e616d6520657869737473206f6e207468652072656769737472792c20697420697320646566696e6974656c7920746865206d61696e7461696e657273206661756c742e2e2e' + - '4a524d4900024c50aced0005772200000000000000000000000000000000000000000000ffffffff6560a7a458d70a7a74004e49662074686973206e616d6520657869737473206f6e207468652072656769737472792c20697420697320646566696e6974656c7920746865206d61696e7461696e657273206661756c742e2e2e' - title: SSRF Enum String Marshalling @@ -234,6 +234,246 @@ tests: - --ssrf - ${OPTIONS} + validators: + - error: False + - contains: + values: + - '4a524d4900024c50aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf737200116a6176612e6c616e672e496e746567657212e2a0a4f781873802000149000576616c75657372002b64652e7174632e726d672e7574696c732e446566696e6974656c794e6f6e4578697374696e67436c6173730000000000000002020000707870787200106a6176612e6c616e672e4e756d62657286ac951d0b94e08b02000071007e0001787000000000' + + - title: SSRF Enum (Stream Protocol) + description: |- + 'Dispatches the default action (enum) with the --ssrf option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000144154dc9d4e63bdf' + + + - title: SSRF Enum (gopher) (Stream Protocol) + description: |- + 'Dispatches the default action (enum) with the --ssrf and --gopher option.' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --ssrf + - --stream-protocol + - --gopher + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - 'gopher://0.0.0.0:9010/_%4a%52%4d%49%00%02%4b%00%09%31%32%37%2e%30%2e%31%2e%31%00%00%00%00%50%ac%ed%00%05%77%22%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%01%44%15%4d%c9%d4%e6%3b%df' + + + - title: SSRF Enum Activator (Stream Protocol) + description: |- + 'Dispatches the activator enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - activator + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced0005772200000000000000010000000000000000000000000000ffffffff865418f025f0108a737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c647078703f400000000000007708000000100000000078770100' + + + - title: SSRF Enum Codebase (Stream Protocol) + description: |- + 'Dispatches the codease enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - codebase + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf737200116a6176612e6c616e672e496e746567657212e2a0a4f781873802000149000576616c756574000a496e76616c696455524c787200106a6176612e6c616e672e4e756d62657286ac951d0b94e08b02000071007e0001787000000000' + + + - title: SSRF Enum Security Manager (Stream Protocol) + description: |- + 'Dispatches the security-manager enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - security-manager + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced000577220000000000000002000000000000000000000000000000000000f6b6898d8bf28643757200185b4c6a6176612e726d692e7365727665722e4f626a49443b871300b8d02c647e02000074000a496e76616c696455524c787000000000770800000000000000007372002b64652e7174632e726d672e7574696c732e446566696e6974656c794e6f6e4578697374696e67436c617373000000000000000202000071007e00017870770101' + + + - title: SSRF Enum JEP290 (Stream Protocol) + description: |- + 'Dispatches the JEP290 enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - jep290 + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced000577220000000000000002000000000000000000000000000000000000f6b6898d8bf28643757200185b4c6a6176612e726d692e7365727665722e4f626a49443b871300b8d02c647e0200007078700000000077080000000000000000737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c647078703f400000000000007708000000100000000078770101' + + + - title: SSRF Enum JEP290_BYPASS (Stream Protocol) + description: |- + 'Dispatches the JEP290 Bypass enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - filter-bypass + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf737200236a6176612e726d692e7365727665722e556e696361737452656d6f74654f626a65637445091215f5e27e31020003490004706f72744c00036373667400284c6a6176612f726d692f7365727665722f524d49436c69656e74536f636b6574466163746f72793b4c00037373667400284c6a6176612f726d692f7365727665722f524d49536572766572536f636b6574466163746f72793b707872001c6a6176612e726d692e7365727665722e52656d6f7465536572766572c719071268f339fb020000707872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000070787077130011556e696361737453657276657252656632780000000070737d0000000200266a6176612e726d692e7365727665722e524d49536572766572536f636b6574466163746f7279000f6a6176612e726d692e52656d6f746570787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b7078707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c65720000000000000002020000707871007e00047732000a556e696361737452656600093132372e302e302e310012d687000000000000007b00000000000000000000000000000078' + + + - title: SSRF Enum List (Stream Protocol) + description: |- + 'Dispatches the list enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - list + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000144154dc9d4e63bdf' + + + - title: SSRF Enum Lookup (Stream Protocol) + description: |- + 'Dispatches the lookup enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - list + - --bound-name + - test + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced00057722000000000000000000000000000000000000000000000000000244154dc9d4e63bdf74000474657374' + + + - title: SSRF Enum Localhost Bypass (Stream Protocol) + description: |- + 'Dispatches the localhost bypass enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - localhost-bypass + - --ssrf + - --stream-protocol + - ${OPTIONS} + + validators: + - error: False + - contains: + values: + - '4a524d4900024b00093132372e302e312e310000000050aced0005772200000000000000000000000000000000000000000000ffffffff6560a7a458d70a7a74004e49662074686973206e616d6520657869737473206f6e207468652072656769737472792c20697420697320646566696e6974656c7920746865206d61696e7461696e657273206661756c742e2e2e' + + + - title: SSRF Enum String Marshalling (Stream Protocol) + description: |- + 'Dispatches the localhost bypass enumeration with the --ssrf option' + + command: + - rmg + - enum + - 0.0.0.0 + - 9010 + - --scan-action + - string-marshalling + - --ssrf + - --stream-protocol + - ${OPTIONS} + validators: - error: False - contains: diff --git a/tests/tricot.yml b/tests/tricot.yml index 52fe95e5..2842b51e 100644 --- a/tests/tricot.yml +++ b/tests/tricot.yml @@ -5,6 +5,17 @@ tester: description: > 'Launches some end-to-end tests of remote-method-guesser.' + requires: + files: + - /opt/ysoserial/target/ysoserial-0.0.6-SNAPSHOT-all.jar + commands: + - bash + - beanshooter + - javac + - nc + - rmg + version: + ge: 1.9.0 variables: rmg: rmg-4.1.0-jar-with-dependencies.jar From a5eb08b5bf62c912ea0259801058b69309698ffd Mon Sep 17 00:00:00 2001 From: TNeitzel Date: Thu, 30 Dec 2021 10:23:19 +0100 Subject: [PATCH 3/5] Bump version number --- pom.xml | 2 +- tests/tricot.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index df5768ff..29bd9031 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ remote-method-guesser remote-method-guesser jar - 4.1.0 + 4.2.0 Identify common misconfigurations on Java RMI endpoints diff --git a/tests/tricot.yml b/tests/tricot.yml index 2842b51e..6b760037 100644 --- a/tests/tricot.yml +++ b/tests/tricot.yml @@ -18,7 +18,7 @@ tester: ge: 1.9.0 variables: - rmg: rmg-4.1.0-jar-with-dependencies.jar + rmg: rmg-4.2.0-jar-with-dependencies.jar volume: /tmp/rmg-tricot-test/ volume-d: /rce/ codebase-class: CodebaseTest From c648674e1acd3d0cf0839545ccf0086674ac5259 Mon Sep 17 00:00:00 2001 From: TNeitzel Date: Thu, 30 Dec 2021 10:23:30 +0100 Subject: [PATCH 4/5] Update CHANGELOG.md --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60552162..cecd53ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [4.2.0] - Dec 30, 2021 + +### Changed + +* *SSRF* payloads are now created using the *SingleOpProtocol* by default. + The ``--stream-protocol`` option can be used to create *SSRF* payloads using + the *Stream Protocol*. +* Updated test cases. + + ## [4.1.0] - Dec 23, 2021 ### Added From 0f2785d7d5bf5e0f8243b6f7105b504ae3b8842b Mon Sep 17 00:00:00 2001 From: TNeitzel Date: Thu, 30 Dec 2021 10:25:26 +0100 Subject: [PATCH 5/5] Update bash completion script Update bash completion script to include the --stream-protocol option. --- resources/bash_completion.d/rmg | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/resources/bash_completion.d/rmg b/resources/bash_completion.d/rmg index 383283d0..d9421cb9 100644 --- a/resources/bash_completion.d/rmg +++ b/resources/bash_completion.d/rmg @@ -50,6 +50,7 @@ function _rmg() { opts="$opts --gopher" opts="$opts --ssrf" opts="$opts --ssrf-response" + opts="$opts --stream-protocol" opts="$opts --encode" opts="$opts --raw" opts="$opts --bind-objid" @@ -89,6 +90,7 @@ function _rmg() { opts="$opts --gopher" opts="$opts --ssrf" opts="$opts --ssrf-response" + opts="$opts --stream-protocol" opts="$opts --encode" opts="$opts --raw" opts="$opts --config" @@ -125,6 +127,7 @@ function _rmg() { opts="$opts --gopher" opts="$opts --ssrf" opts="$opts --ssrf-response" + opts="$opts --stream-protocol" opts="$opts --encode" opts="$opts --raw" opts="$opts --position" @@ -173,6 +176,7 @@ function _rmg() { opts="$opts --gopher" opts="$opts --ssrf" opts="$opts --ssrf-response" + opts="$opts --stream-protocol" opts="$opts --encode" opts="$opts --raw" opts="$opts --localhost-bypass" @@ -363,6 +367,7 @@ function _rmg() { opts="$opts --gopher" opts="$opts --ssrf" opts="$opts --ssrf-response" + opts="$opts --stream-protocol" opts="$opts --encode" opts="$opts --raw" opts="$opts --position" @@ -400,6 +405,7 @@ function _rmg() { opts="$opts --gopher" opts="$opts --ssrf" opts="$opts --ssrf-response" + opts="$opts --stream-protocol" opts="$opts --encode" opts="$opts --raw" opts="$opts --localhost-bypass"