Releases: qtc-de/remote-method-guesser
Releases · qtc-de/remote-method-guesser
v5.1.0 - Jun 26, 2024
Added
- Add GitHub pages for Javadoc
- Add IActionProvider plugin interface
- Add plugin template
- Add Quartz Scheduler plugin
- Add Quartz Scheduler container
- Add
--objid
support for guess operation
Changed
- Change argparse4j dependency to https://github.com/qtc-de/argparse4j
- Change CHANGELOG.md version format (af1c521)
- Change option name
--generic-print
to--show-response
- Improve RMI class loading for plugin classes (454a9fd)
- Improve
scan
action reliability (#62) - Refactor plugin system (README)
- IArgumentProvider now accepts an array of arguments instead of a string (a653e63)
- Let
enum
action continue on RemoteObject retrieval errors - Change default ysoserial path to
~/ysoserial.jar
Checksums
- rmg-5.1.0-jar-with-dependencies.jar
- MD5:
fb017586f2c8fccb727596660637d059
- SHA256:
437d04da9a3af2c6148ed203192f44688f4481bf8cd385f4a6ed5590000436e4
- MD5:
- rmg-plugin-quartz-scheduler-1.0.0-jar-with-dependencies.jar
- MD5:
c7d878b57a2da32e091a6ef91a323c7c
- SHA256:
6ef8eb40862b1530775eff52e4134fbcff2b3d86d65bf36248663b24a65867fa
- MD5:
v5.0.0 - Dec 23, 2023
Added
- Add support for dynamically created socket factory classes (docs)
- Add support for method guessing on spring-remoting endpoints (docs)
- Add a Spring Remoting example server (src, package)
Changed
- Changed the namespace of the project from
de.qtc
toeu.tneitzel
- Fix leak of local ysoserial path (e30f52c)
- The GenericPrint plugin is now included in rmg per default (b09e9a5)
- Stream corruption errors during method guessing are only displayed if
--verbose
is used
Checksums
- rmg-5.0.0-jar-with-dependencies.jar
- MD5:
1a8006693e2701bf568cd44e992a0925
- SHA256:
e81fb3d921d12bc4ef9d2292d1f2082386e48ffe8b1269c0d846ce17f56e9da6
- MD5:
v4.4.1 - Jun 22, 2023
Added
- Add pull request template (see #46)
Changed
- Fix many typos (see #46 - thanks to @wasamasa for reporting 👍)
- Improve rmgs Java16+ compatibility (see #49 - thanks to @santoshinresideo for reporting 👍)
Checksums
- rmg-4.4.1-jar-with-dependencies.jar
- MD5:
c2acd59cfa339630bad9740acdd7ccec
- SHA256:
2bf8d2d5645f24d1f6b7922a69b0b98b9c7543a4071f7e88972cba1ec8331cb7
- MD5:
v4.4.0 - Jan 19, 2023
Changed
- Add support for non default
serialVersionUID
values (thanks to @dinosn for reporting 👍) - Refactor test configurations
- Update dependencies
- Make remote-method-guesser Java16+ compatible (thanks to @superhac for reporting 🙏)
Checksums
- rmg-4.4.0-jar-with-dependencies.jar
- MD5:
0b1dff487b4c02ae6f5b09a77bddb1c7
- SHA256:
9daed13489a607ccb25606f012d6e194c01bfdeb5d8e78c90c24364c551ba185
- MD5:
v4.3.1 - Sep 19, 2022
Changed
- Updated snakeyaml dependency to
v1.32
- Changed the default ysoserial path to
/opt/ysoserial.jar
- Typofix
enmeration
->enumeration
(thanks to @dnet for fixing)
Checksums
- rmg-4.3.1-jar-with-dependencies.jar
- MD5:
6de524d7d68504db3ed91ab48fc5d7bd
- SHA256:
f8a43a861c59b2e1df94472eda3ba02970fcf7db68b91cbd5e6bfbf4d3397174
- MD5:
v4.3.0 - May 11, 2022
Added
- Add support for
ActivatableRef
(docs) (resolves issue #30. Thanks to @dinosn for reporting) - Add test cases for
ActivatableRef
Changed
- Update list of known endpoints (docs)
- Update outdated documentation
Docker
- The example server now provides a full working Activation System on port
1098
Checksums
- rmg-4.3.0-jar-with-dependencies.jar
- MD5:
fbb08c8b69851c81f7b15cd9c8554308
- SHA256:
ce9ff9ec4af344038dbb52e110341654956d7507221835a8b0b4e46646dc51e8
- MD5:
v4.2.2 - Jan 11, 2022
Changed
- Fix missing
--no-progress
option for some actions - Fix some typos inside the help menu
Checksums
- rmg-4.2.2-jar-with-dependencies.jar
- MD5:
9465cbd1e012dd1a380eb8980f0ddffb
- SHA256:
534bfe7376a00761e79bbfc8f9b7c83b70cc5b50b96dd075ad7ee40dfde7401d
- MD5:
v4.2.1 - Jan 07, 2022
Changed
- Fix missing
--yso
option for some actions (resolves issue #26. Thanks to @AJDecade for reporting) - Improve the bash completion script
- Improve test cases
Checksums
- rmg-4.2.1-jar-with-dependencies.jar
- MD5:
3396fcd03610b6e847cce99d66b88e9a
- SHA256:
6fce9cabaf2401abe895ad71ce1d236b3896f7e4d3f6e4dd85bf6eed4d45fedd
- MD5:
v4.2.0 - Dec 30, 2021
Changed
- SSRF payloads are now created using the SingleOpProtocol by default. The
--stream-protocol
option can be used to create SSRF payloads using the Stream Protocol. - Update test cases.
Checksums
- rmg-4.2.0-jar-with-dependencies.jar
- MD5:
155dadfc25aad272d8cb49f5a4e6d673
- SHA256:
a9d0468e7a006ff186f2ac86603ca386161bb4c8163373d4cab7596e2dfa3350
- MD5:
v4.1.0 - Dec 23, 2021
Added
- Add TLS enumeration during
enum
action.
Changed
- Error messages are now printed to stderr.
- Bugfix: Error messages not being shown when using
--raw
- Bugfix: Uncaught
UnknownHostException
- Bugfix: Uncaught exception during
call
action when used with wrong argument count - Bugfix: Uncaught exception during
call
action when no signature was specified - Bugfix: Uncaught exception when the specified port number is out of range
Docker
- The SSRF server now logs in hexdump format
- Bugfix: Indentation issue within the SSRF server
Checksums
- rmg-4.1.0-jar-with-dependencies.jar
- MD5:
0c89dd27f1cc7b0141e95277ad8c0e0c
- SHA256:
a5b1fd4be166bab24d64b0fa4e907ed7b8d142124777ec52880d0fc00a5a0945
- MD5: