Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/GoSecure/dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
https://github.com/GoSecure/dtd-finder
dtd hacktoberfest security xxe
Last synced: about 1 month ago
JSON representation
List DTDs and generate XXE payloads using those local DTDs.
- Host: GitHub
- URL: https://github.com/GoSecure/dtd-finder
- Owner: GoSecure
- Created: 2019-07-15T20:13:54.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-02-21T00:00:00.000Z (10 months ago)
- Last Synced: 2024-08-01T10:17:15.361Z (4 months ago)
- Topics: dtd, hacktoberfest, security, xxe
- Language: Kotlin
- Homepage: https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation
- Size: 1.96 MB
- Stars: 598
- Watchers: 14
- Forks: 106
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-bugbounty-tools - dtd-finder - List DTDs and generate XXE payloads using those local DTDs. (Exploitation / XXE Injection)
- awesome-hacking-lists - GoSecure/dtd-finder - List DTDs and generate XXE payloads using those local DTDs. (Kotlin)
README
# DTD Finder [](https://travis-ci.org/GoSecure/dtd-finder)
Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.
Quick links:
- [Get the complete files list and XXE Payloads](https://github.com/GoSecure/dtd-finder/tree/master/list)
- For more information, [read the detailed blog post](https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation/)
## Building the tool
```
$ mvn install
```
## Usage with docker image
1. Start/Build the docker image
```
$ docker run ...
```
2. Export the filesystem
```
$ docker export weblogic12 -o weblogic-12-dev.tar
```
3. Launch dtd-finder
```
$ java -jar dtd-finder-1.0-SNAPSHOT-all.jar weblogic-12-dev.tar
...
[=] Found a DTD: /u01/oracle/wlserver/server/lib/consoleapp/webapp/WEB-INF/struts-config_1_2.dtd
Testing 9 entities : [%AttributeName, %BeanName, %Boolean, %ClassName, %Integer, %Location, %PropName, %RequestPath, %RequestScope]
[+] The entity %AttributeName is injectable
[+] The entity %BeanName is injectable
[+] The entity %Boolean is injectable
[+] The entity %ClassName is injectable
[+] The entity %Integer is injectable
[+] The entity %Location is injectable
[+] The entity %PropName is injectable
[+] The entity %RequestPath is injectable
[+] The entity %RequestScope is injectable
...
The CLI tool can be launch against tar files and directories.
```
$ java -jar dtd-finder-1.0-SNAPSHOT-all.jar /specific/path/with/dtds
...
```
Report written to weblogic-12-dev.tar-dtd-report.md
```
## Demonstration
