Package eu.tneitzel.rmg.operations

Enum ScanAction

  • All Implemented Interfaces:
    Serializable, Comparable<ScanAction>
    public enum ScanAction
extends Enum<ScanAction>
    The ScanAction Enum represents available enumeration techniques that are applied during rmg's enum action. It is used to allow users to specify custom enum configurations where only subsets of the available enum methods are used. The main reason for adding this class was to support all enumeration techniques during SSRF attacks.
    Author:
    Tobias Neitzel (@qtc_de)

    • Enum Constant Detail

      • LIST

        public static final ScanAction LIST
        list remote bound names

      • STRING_MARSHALLING

        public static final ScanAction STRING_MARSHALLING
        enumerate string marshaling

      • CODEBASE

        public static final ScanAction CODEBASE
        enumerate codebases and remote class loading

      • LOCALHOST_BYPASS

        public static final ScanAction LOCALHOST_BYPASS
        check for the localhost bypass

      • SECURITY_MANAGER

        public static final ScanAction SECURITY_MANAGER
        enumerate security managers

      • JEP290

        public static final ScanAction JEP290
        check for JEP290

      • FILTER_BYPASS

        public static final ScanAction FILTER_BYPASS
        check for known deserialization filter bypasses

      • ACTIVATOR

        public static final ScanAction ACTIVATOR
        check for activator instances

    • Method Detail

      • values

        public static ScanAction[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (ScanAction c : ScanAction.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static ScanAction valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null

      • parseScanActions

        public static EnumSet<ScanAction> parseScanActions​(List<String> actions)
        Parses a list of user specified scan actions into the corresponding enum items. For an user specified string to match an enum item, it is sufficient if the string starts with the same character sequence as the enum item.
        Parameters:
        actions - User specified list of strings (requested enum techniques)
        Returns:
        corresponding EnumSet containing the requested actions