Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ikkisoft/ParrotNG
ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461
https://github.com/ikkisoft/ParrotNG
Last synced: about 2 months ago
JSON representation
ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461
- Host: GitHub
- URL: https://github.com/ikkisoft/ParrotNG
- Owner: ikkisoft
- License: gpl-3.0
- Created: 2015-02-08T05:49:07.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2015-03-19T09:23:36.000Z (over 9 years ago)
- Last Synced: 2024-04-07T06:32:03.457Z (5 months ago)
- Language: Java
- Homepage: http://www.slideshare.net/ikkisoft/the-old-is-new-again-cve20112461-is-back
- Size: 1.73 MB
- Stars: 47
- Watchers: 8
- Forks: 9
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ParrotNG ![ParrotNG Logo](http://i.imgur.com/Ek8SGIit.png "ParrotNG Logo")
ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to [CVE-2011-2461](https://www.adobe.com/support/security/bulletins/apsb11-25.html). For more details, please refer to the slides of our [Troopers 2015 talk](http://www.slideshare.net/ikkisoft/the-old-is-new-again-cve20112461-is-back).
Download the latest release from [HERE](https://github.com/ikkisoft/ParrotNG/releases).
##Features
* Written in Java, based on [swfdump](http://www.swftools.org/swfdump.html)
* One JAR, two flavors: command line utility and [Burp Pro](http://portswigger.net/burp/editions.html) Passive Scanner plugin
* Detection of SWF files compiled with either a vulnerable Flex SDK version, patched by [Adobe's tool](http://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html) or not affected##How To Use - Command Line
1. Download the latest ParrotNG from the release page
2. Simply use the following command:
```
$ java -jar parrotng_v0.2.jar
```
The tool accepts a single SWF file or an entire directory.![ParrotNG CmdLine](http://i.imgur.com/1JT4CtH.png "ParrotNGCmdLine")
##How To Use - Burp Pro Passive Scanner Plugin
1. Download the latest ParrotNG from the release page
2. Load Burp Suite Professional
3. From the _Extender_ tab in Burp Suite, add [parrotng_v0.2.jar](https://github.com/ikkisoft/ParrotNG/releases) as a standard Java-based Burp Extension
4. Enable [Burp Scanner Passive Scanning](http://portswigger.net/burp/help/scanner_scanmodes.html)
5. Browse your target web application. All SWF files passing through Burp Suite are automatically analyzed![ParrotNG Burp](http://i.imgur.com/thAkkMB.png "ParrotNGBurp")