Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ikkisoft/ParrotNG

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461
https://github.com/ikkisoft/ParrotNG

Last synced: about 2 months ago
JSON representation

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461

Host: GitHub
URL: https://github.com/ikkisoft/ParrotNG
Owner: ikkisoft
License: gpl-3.0
Created: 2015-02-08T05:49:07.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2015-03-19T09:23:36.000Z (over 9 years ago)
Last Synced: 2024-04-07T06:32:03.457Z (5 months ago)
Language: Java
Homepage: http://www.slideshare.net/ikkisoft/the-old-is-new-again-cve20112461-is-back
Size: 1.73 MB
Stars: 47
Watchers: 8
Forks: 9
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # ParrotNG ![ParrotNG Logo](http://i.imgur.com/Ek8SGIit.png "ParrotNG Logo")

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to [CVE-2011-2461](https://www.adobe.com/support/security/bulletins/apsb11-25.html). For more details, please refer to the slides of our [Troopers 2015 talk](http://www.slideshare.net/ikkisoft/the-old-is-new-again-cve20112461-is-back).

Download the latest release from [HERE](https://github.com/ikkisoft/ParrotNG/releases).

##Features

* Written in Java, based on [swfdump](http://www.swftools.org/swfdump.html)

* One JAR, two flavors: command line utility and [Burp Pro](http://portswigger.net/burp/editions.html) Passive Scanner plugin 

* Detection of SWF files compiled with either a vulnerable Flex SDK version, patched by [Adobe's tool](http://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html) or not affected

##How To Use - Command Line

1. Download the latest ParrotNG from the release page

2. Simply use the following command:

```

$ java -jar parrotng_v0.2.jar 

```

The tool accepts a single SWF file or an entire directory.

![ParrotNG CmdLine](http://i.imgur.com/1JT4CtH.png "ParrotNGCmdLine")

##How To Use - Burp Pro Passive Scanner Plugin

1. Download the latest ParrotNG from the release page

2. Load Burp Suite Professional

3. From the _Extender_ tab in Burp Suite,  add [parrotng_v0.2.jar](https://github.com/ikkisoft/ParrotNG/releases) as a standard Java-based Burp Extension

4. Enable [Burp Scanner Passive Scanning](http://portswigger.net/burp/help/scanner_scanmodes.html)

5. Browse your target web application. All SWF files passing through Burp Suite are automatically analyzed  

![ParrotNG Burp](http://i.imgur.com/thAkkMB.png "ParrotNGBurp")