Worried about your BIG-IP devices? We've got a scanner for that. LEARN MORE ›

Offensive Tools

GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Tool Overview

About GadgetProbe

Java deserialization can be a convenient and easy-to-implement transfer mechanism for sharing complex data, which despite known security risks is one of the reasons it’s still so prevalent today. Demonstrating the full impact of unsafe Java deserialization is a challenge because exploits rely on specific third-party classes being available in the remote classpath. Previously, this resulted in a Hail Mary of known exploits and if they didn’t work, we struggled to write custom exploits with limited information.

GadgetProbe is a tool to probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on a remote Java classpath. By taking a wordlist input of Java classes and transmitting serialized DNS callback objects, GadgetProbe enumerates what's lurking in the remote classpath.

Bishop Fox Labs Security Researcher Jake Miller

Lead Researcher

Jake Miller

Jake Miller (OSCE, OSCP) is a Bishop Fox alumnus and former lead researcher. While at Bishop Fox, Jake was responsible for overseeing firm-wide research initiatives. He also produced award-winning research in addition to several popular hacking tools like RMIScout and GitGot.

Twitter: @theBumbleSec

GitHub: the-bumble

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.