Skip to content

v3.0.0-rc.1 - Mar 21, 2022

Pre-release
Pre-release
Compare
Choose a tag to compare
@qtc-de qtc-de released this 21 Mar 20:41
· 221 commits to master since this release
v3.0.0-rc.1
ab02c99
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Global refactoring. Basically all code sections were renewed and several new features
were implemented.

Added

  • Added the brute action for bruteforcing JMX credentials
  • Added the invoke action for calling arbitrary MBean methods
  • Added the enum action to enumerate common JMX vulnerabilities
  • Added the list action to enumerate available MBeans
  • Added the serial action to perform deserialization attacks
  • Added support for the Apache tomcats MemoryUserDatabaseMBean
  • Added support for calling the MLetMBean manually
  • Added support for Apache Karaf

Changed

  • The example servers were renewed and provide now more useful
    usage examples
  • The tonka-bean is now included into the beanshooter jar file
    Building and providing the tonka-bean separately is no longer required
  • The tonka-bean was renewed and contains several new features and improvements
  • The exception handling was improved to provide more detailed information
    in case of an error. Using the --stack-trace option allows always to
    investigate the full stack trace if required

Checksums

  • beanshooter-3.0.0-rc.1-jar-with-dependencies.jar
    • MD5: 78729362e4b58acfef521641333f9e91
    • SHA256: 951ecf4eef7830c527ab369d97de42da9fa26ec95ed8e94fdb80aac8bb61cd67
Assets 3
Loading