Skip to content

Releases: qtc-de/remote-method-guesser

v5.1.0 - Jun 26, 2024

26 Jun 10:30
e70b5ef
Compare
Choose a tag to compare

Added

Changed

  • Change argparse4j dependency to https://github.com/qtc-de/argparse4j
  • Change CHANGELOG.md version format (af1c521)
  • Change option name --generic-print to --show-response
  • Improve RMI class loading for plugin classes (454a9fd)
  • Improve scan action reliability (#62)
  • Refactor plugin system (README)
  • IArgumentProvider now accepts an array of arguments instead of a string (a653e63)
  • Let enum action continue on RemoteObject retrieval errors
  • Change default ysoserial path to ~/ysoserial.jar

Checksums

  • rmg-5.1.0-jar-with-dependencies.jar
    • MD5: fb017586f2c8fccb727596660637d059
    • SHA256: 437d04da9a3af2c6148ed203192f44688f4481bf8cd385f4a6ed5590000436e4
  • rmg-plugin-quartz-scheduler-1.0.0-jar-with-dependencies.jar
    • MD5: c7d878b57a2da32e091a6ef91a323c7c
    • SHA256: 6ef8eb40862b1530775eff52e4134fbcff2b3d86d65bf36248663b24a65867fa

v5.0.0 - Dec 23, 2023

23 Dec 10:32
d2b3ba0
Compare
Choose a tag to compare

Added

  • Add support for dynamically created socket factory classes (docs)
  • Add support for method guessing on spring-remoting endpoints (docs)
  • Add a Spring Remoting example server (src, package)

Changed

  • Changed the namespace of the project from de.qtc to eu.tneitzel
  • Fix leak of local ysoserial path (e30f52c)
  • The GenericPrint plugin is now included in rmg per default (b09e9a5)
  • Stream corruption errors during method guessing are only displayed if --verbose is used

Checksums

  • rmg-5.0.0-jar-with-dependencies.jar
    • MD5: 1a8006693e2701bf568cd44e992a0925
    • SHA256: e81fb3d921d12bc4ef9d2292d1f2082386e48ffe8b1269c0d846ce17f56e9da6

v4.4.1 - Jun 22, 2023

22 Jun 18:47
86f4ca6
Compare
Choose a tag to compare

Added

  • Add pull request template (see #46)

Changed

  • Fix many typos (see #46 - thanks to @wasamasa for reporting 👍)
  • Improve rmgs Java16+ compatibility (see #49 - thanks to @santoshinresideo for reporting 👍)

Checksums

  • rmg-4.4.1-jar-with-dependencies.jar
    • MD5: c2acd59cfa339630bad9740acdd7ccec
    • SHA256: 2bf8d2d5645f24d1f6b7922a69b0b98b9c7543a4071f7e88972cba1ec8331cb7

v4.4.0 - Jan 19, 2023

19 Jan 21:21
133cd98
Compare
Choose a tag to compare

Changed

  • Add support for non default serialVersionUID values (thanks to @dinosn for reporting 👍)
  • Refactor test configurations
  • Update dependencies
  • Make remote-method-guesser Java16+ compatible (thanks to @superhac for reporting 🙏)

Checksums

  • rmg-4.4.0-jar-with-dependencies.jar
    • MD5: 0b1dff487b4c02ae6f5b09a77bddb1c7
    • SHA256: 9daed13489a607ccb25606f012d6e194c01bfdeb5d8e78c90c24364c551ba185

v4.3.1 - Sep 19, 2022

19 Sep 05:48
2cc574c
Compare
Choose a tag to compare

Changed

  • Updated snakeyaml dependency to v1.32
  • Changed the default ysoserial path to /opt/ysoserial.jar
  • Typofix enmeration -> enumeration (thanks to @dnet for fixing)

Checksums

  • rmg-4.3.1-jar-with-dependencies.jar
    • MD5: 6de524d7d68504db3ed91ab48fc5d7bd
    • SHA256: f8a43a861c59b2e1df94472eda3ba02970fcf7db68b91cbd5e6bfbf4d3397174

v4.3.0 - May 11, 2022

11 May 04:54
6ce2540
Compare
Choose a tag to compare

Added

  • Add support for ActivatableRef (docs) (resolves issue #30. Thanks to @dinosn for reporting)
  • Add test cases for ActivatableRef

Changed

  • Update list of known endpoints (docs)
  • Update outdated documentation

Docker

  • The example server now provides a full working Activation System on port 1098

Checksums

  • rmg-4.3.0-jar-with-dependencies.jar
    • MD5: fbb08c8b69851c81f7b15cd9c8554308
    • SHA256: ce9ff9ec4af344038dbb52e110341654956d7507221835a8b0b4e46646dc51e8

v4.2.2 - Jan 11, 2022

11 Jan 05:56
192d3e4
Compare
Choose a tag to compare

Changed

  • Fix missing --no-progress option for some actions
  • Fix some typos inside the help menu

Checksums

  • rmg-4.2.2-jar-with-dependencies.jar
    • MD5: 9465cbd1e012dd1a380eb8980f0ddffb
    • SHA256: 534bfe7376a00761e79bbfc8f9b7c83b70cc5b50b96dd075ad7ee40dfde7401d

v4.2.1 - Jan 07, 2022

07 Jan 06:12
a2cdbde
Compare
Choose a tag to compare

Changed

  • Fix missing --yso option for some actions (resolves issue #26. Thanks to @AJDecade for reporting)
  • Improve the bash completion script
  • Improve test cases

Checksums

  • rmg-4.2.1-jar-with-dependencies.jar
    • MD5: 3396fcd03610b6e847cce99d66b88e9a
    • SHA256: 6fce9cabaf2401abe895ad71ce1d236b3896f7e4d3f6e4dd85bf6eed4d45fedd

v4.2.0 - Dec 30, 2021

30 Dec 09:34
eb26533
Compare
Choose a tag to compare

Changed

  • SSRF payloads are now created using the SingleOpProtocol by default. The --stream-protocol option can be used to create SSRF payloads using the Stream Protocol.
  • Update test cases.

Checksums

  • rmg-4.2.0-jar-with-dependencies.jar
    • MD5: 155dadfc25aad272d8cb49f5a4e6d673
    • SHA256: a9d0468e7a006ff186f2ac86603ca386161bb4c8163373d4cab7596e2dfa3350

v4.1.0 - Dec 23, 2021

23 Dec 09:25
7f87697
Compare
Choose a tag to compare

Added

  • Add TLS enumeration during enum action.

Changed

  • Error messages are now printed to stderr.
  • Bugfix: Error messages not being shown when using --raw
  • Bugfix: Uncaught UnknownHostException
  • Bugfix: Uncaught exception during call action when used with wrong argument count
  • Bugfix: Uncaught exception during call action when no signature was specified
  • Bugfix: Uncaught exception when the specified port number is out of range

Docker

  • The SSRF server now logs in hexdump format
  • Bugfix: Indentation issue within the SSRF server

Checksums

  • rmg-4.1.0-jar-with-dependencies.jar
    • MD5: 0c89dd27f1cc7b0141e95277ad8c0e0c
    • SHA256: a5b1fd4be166bab24d64b0fa4e907ed7b8d142124777ec52880d0fc00a5a0945