JMX enumeration and attacking tool.
69e3e35e9da2670eaecebff318f0e409
fc9830784690a79f0fddf98f076ba1d07e7d09859c7d1082b7db54d2ac119ba9
7005b68d5e5c19fa76b5bfff5334bbb7
033c1b853e1a1aec29d734917bd57fdf1d72d1e6d6422136888c84bc9c8142e5
beanshooter-3.1.1-jar-with-dependencies.jar
2eed5165f387845e374d9ae1cd7b1ee4
5c593102a8c68963e052c480dda3842c37ae6bdea1d55096185dc3f68a810eab
--no-canary
option to prevent usage of deserialization canariesiinsecure.dev
to iinsecure.example
for docker containers (thanks to @ghuser for reporting :wink:)beanshooter-3.1.0-jar-with-dependencies.jar
63d6f2bfe5f47390f90b44d1368fbc87
419bf7263932fb03c3c6c50e8680fc5b6ccfad81bcb2dbd5e56fea773ab28927
FlightRecorderMXBean
DiagnosticCommandMBean
HotSpotDiagnosticMXBean
attr
action for obtaining and modifying attributesinfo
action for enumerating methods and attributesdump
action for the MemoryUserDatabaseMBean
write
action for the MemoryUserDatabaseMBean
invoke
action does no longer allow accessing attributes by using methods starting
with get
. Instead, the attr
action should now be used for attribute accessinfo
operations was renamed to stats
. The info
action now performs
the general info
operation for the specified MBean
beanshooter-3.0.0-jar-with-dependencies.jar
faacf796a850caf5bba49b4053477652
a3111468fc5e2ae0a2b820194d70b3cc913564d84f76d3d5dbd3419f37e825ba
execarray
action for the tonka beaninvoke
action (resolves #11. Thanks to @Stijn-Vdh for reporting)shell
action (Windows compatibility)execbackground
action with the option --background
ada6687ddae8bbaede83558a4f78d5f8
f0bb255e29334b96092e227896a3b0719813a41d07ff5c5a24fcbe7298d966a2
Global refactoring. Basically all code sections were renewed and several new features were implemented.
brute
action for bruteforcing JMX credentialsinvoke
action for calling arbitrary MBean methodsenum
action to enumerate common JMX vulnerabilitieslist
action to enumerate available MBeansserial
action to perform deserialization attacksMemoryUserDatabaseMBean
--stack-trace
option allows always to
investigate the full stack trace if required78729362e4b58acfef521641333f9e91
951ecf4eef7830c527ab369d97de42da9fa26ec95ed8e94fdb80aac8bb61cd67