Bishop Fox Labs RMIScout tool logo

RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution

 

About RMIScout

RMIScout, performs wordlist and brute-force attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. This technique is powerful and quick, allowing approximately 2,500 signature guesses per second. Identified signatures with non-primitive parameters are often exploitable deserialization vectors, so this can lead to a high-impact finding during an assessment.

GITHUB

RECENT CONTENT

Tech Blog
Tech Blog
RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution

RESEARCHERS

Jake Miller

Lead Researcher