clusterd
clusterd copied to clipboard
hatRiot
application server attack toolkit
Hello, Python 2.x will no longer be supported by their upstream developers in 2020. Thus Debian developers are actively removing Python 2 support in Debian Testing with the goal of...
right now it doesnt seem possible to pass a vhost parameter. would be handy to do that where i haven an IP but it requires the host variable to talk...
msfpayload and msfencode both were removed and msfvenom took it's place, any chance to update the code to support this
Several App servers were found to be vulnerable to java deserialization vulnerabilities The article below details exploitation for several app servers: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Add support for Oracle's Fusion middleware. Fingerprints and deployers can likely fall under WebLogic, as it harnesses WebLogic for the backend. Should be pretty straightforward.
Hi, First of all, congrats for the awesome tool. I'm doing an internal pentest at the moment, and I've found a JBoss 5.1.0 GA which in theory is vulnerable to...
I saw you mention an option called --verb-tamper in order to bypass jboss 4.X auth but in the help itself there is no mentioning how to use this option. can...
A pretty severe RCE vulnerability was disclosed in Oracle's Forms 10g server that looks like it would be trivial to implement in clusterd (https://www.netspi.com/blog/entryid/243/advisory-oracle-forms-10g-unauthenticated-remote-code-execution-cve-2014-4278). Also I would think this would...
I hard code quite a few strings (stuff like platform names, versions, etc). These should be extrapolated to enums so we can quickly add/remove/change strings/lists at will. sqlmap has an...