{"id":13542087,"url":"https://github.com/BishopFox/GadgetProbe","last_synced_at":"2025-04-02T09:33:17.692Z","repository":{"id":40688687,"uuid":"235427601","full_name":"BishopFox/GadgetProbe","owner":"BishopFox","description":"Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.","archived":false,"fork":false,"pushed_at":"2021-03-04T21:32:45.000Z","size":2066,"stargazers_count":595,"open_issues_count":0,"forks_count":97,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-03-29T05:08:52.411Z","etag":null,"topics":["burp-extensions","java","java-deserialization","javassist","pentest-tools","pentesting","security-tools"],"latest_commit_sha":null,"homepage":"https://labs.bishopfox.com/tech-blog/gadgetprobe","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BishopFox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-21T19:45:18.000Z","updated_at":"2025-03-19T11:34:48.000Z","dependencies_parsed_at":"2022-09-07T14:52:22.692Z","dependency_job_id":null,"html_url":"https://github.com/BishopFox/GadgetProbe","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2FGadgetProbe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2FGadgetProbe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2FGadgetProbe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2FGadgetProbe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BishopFox","download_url":"https://codeload.github.com/BishopFox/GadgetProbe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246789132,"owners_count":20834235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-extensions","java","java-deserialization","javassist","pentest-tools","pentesting","security-tools"],"created_at":"2024-08-01T10:01:01.209Z","updated_at":"2025-04-02T09:33:16.723Z","avatar_url":"https://github.com/BishopFox.png","language":"Java","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/GadgetProbe.svg\" width=700/\u003e\n\u003c/p\u003e\n\n#\n\n\n\n![License](https://img.shields.io/badge/license-MIT-lightgrey.svg)\n![Python version](https://img.shields.io/badge/java-8%2b-blue.svg)\n\n## Description\n\nYou just found a Java deserialization bug, you ran all your ysoserial payloads, and.... you got nothing. What now? How can you debug or build a gadget chain if you're totally blind?\n\nIntroducing GadgetProbe, a tool that shines a light on remote classpaths and raises bug severity for all!\n\nGadgetProbe takes a wordlist of Java classes, outputs serialized DNS callback objects, and reports what's lurking in the remote classpath.\n\n### Burp Extension Usage\n\nThe Burp extension automatically integrates with Burp Collaborator to handle DNS callbacks. The extension also includes signatures and an analyzer to identify library versions of popular sources for gadgets.\n\nDownload the [release](https://github.com/BishopFox/GadgetProbe/releases/) or follow the [build instructions](#building-from-source) below.\n\nAfter loading the Burp extension:\n\n1. Send the vulnerable request to intruder, highlighting the vulnerable parameter.\n\n![gif](assets/intruder1.gif)\n\n2\\. Add a list of Java classes (see included wordlists)\n\n![gif](assets/intruder2.gif)\n\n3\\. Add the GadgetProbe payload processor, and any other required processors in your chain (e.g., Base64 encode).\n\n![gif](assets/intruder3.gif)\n\n4\\. Run the intruder attack and watch the results come back in the GadgetProbe Burp Tab.\n\n![gif](assets/intruder4.gif)\n\n\n### GadgetProbe Java Library Usage\n\nGadgetProbe can also be used as a Java library or CLI for specialized attacks.\n\n```java\nimport com.bishopfox.gadgetprobe.GadgetProbe\n...\n// Call the GadgetProbe constructor with your authoritative nameserver (or use Burp collaborator).\nGadgetProbe gp = new GadgetProbe(\"dnscallback.burpcollaborator.net\");\n// The crafted object \"obj\" is now ready to be sent using any custom implementation :)\nObject obj = gp.getObject(\"org.apache.commons.collections.functors.invokertransformer\");\n\n```\n\n### Building from Source\n```bash\n# Build JAR (run first)\n./gradlew shadowJar\n\n# Build wordlists\n./generate_wordlists.sh\n```\n\n### How it works\n\nSee my [write-up](https://labs.bishopfox.com/tech-blog/gadgetprobe) on the Bishop Fox blog.\n\n### Author\n\nTwitter: [@theBumbleSec](https://twitter.com/theBumbleSec)\n\nGitHub: [the-bumble](https://github.com/the-bumble/)\n","funding_links":[],"categories":["Exploitation","Vulnerability Specific Extensions","Weapons","Java","Java (504)"],"sub_categories":["Insecure Deserialization","Deserialization","Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBishopFox%2FGadgetProbe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FBishopFox%2FGadgetProbe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBishopFox%2FGadgetProbe/lists"}