RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
About RMIScout
RMIScout, performs wordlist and brute-force attacks against exposed Java RMI interfaces to safely guess method signatureswithout invocation. This technique is powerful and quick, allowing approximately 2,500 signature guesses per second. Identified signatures with non-primitive parameters are often exploitable deserialization vectors, so this can lead to a high-impact finding during an assessment.
Java Remote Method Invocation (RMI) is a Java API that performs remote procedure calls and allows a client application to access or invoke the... continue reading
