Controllo dipendenza OWASP , originariamente scritto per JEE le applicazioni eseguiranno la scansione di componenti (ad esempio, librerie predefinite, contrib o librerie di terze parti) per vulnerabilità a livello CVE e più recentemente supporto per C / C ++ , Java, .NET, PHP, Python, Node.js e componenti di Ruby. Si integra inoltre per creare ambienti come i popolari Java (ad esempio, maven) e CI portali incluso Jenkins .
C'è anche un frontend web per OWASP Dipendenza Check chiamato Tratto di dipendenza . Queste sono tutte soluzioni software open-source (FOSS) disponibili dalla vasta comunità di sicurezza OWASP.
Anche qui è una ricerca di framework metasploit estremamente poco ortodossa usando il comando grep di Linux, che mostra che tutti i CVE relativi a Java possono essere cercati usando questo metodo:
$ msfconsole -qx "search cve:CVE; exit" | grep -i java | grep -vi javascript
auxiliary/server/jsse_skiptls_mitm_proxy 2015-01-20 normal Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
exploit/linux/misc/jenkins_java_deserialize 2015-11-18 excellent Jenkins CLI RMI Java Deserialization Vulnerability
exploit/multi/browser/java_atomicreferencearray 2012-02-14 excellent Java AtomicReferenceArray Type Violation Vulnerability
exploit/multi/browser/java_calendar_deserialize 2008-12-03 excellent Sun Java Calendar Deserialization Privilege Escalation
exploit/multi/browser/java_getsoundbank_bof 2009-11-04 great Sun Java JRE getSoundbank file:// URI Buffer Overflow
exploit/multi/browser/java_jre17_driver_manager 2013-01-10 excellent Java Applet Driver Manager Privileged toString() Remote Code Execution
exploit/multi/browser/java_jre17_exec 2012-08-26 excellent Java 7 Applet Remote Code Execution
exploit/multi/browser/java_jre17_glassfish_averagerangestatisticimpl 2012-10-16 excellent Java Applet AverageRangeStatisticImpl Remote Code Execution
exploit/multi/browser/java_jre17_jaxws 2012-10-16 excellent Java Applet JAX-WS Remote Code Execution
exploit/multi/browser/java_jre17_jmxbean 2013-01-10 excellent Java Applet JMX Remote Code Execution
exploit/multi/browser/java_jre17_jmxbean_2 2013-01-19 excellent Java Applet JMX Remote Code Execution
exploit/multi/browser/java_jre17_method_handle 2012-10-16 excellent Java Applet Method Handle Remote Code Execution
exploit/multi/browser/java_jre17_provider_skeleton 2013-06-18 great Java Applet ProviderSkeleton Insecure Invoke Method
exploit/multi/browser/java_jre17_reflection_types 2013-01-10 excellent Java Applet Reflection Type Confusion Remote Code Execution
exploit/multi/browser/java_rhino 2011-10-18 excellent Java Applet Rhino Script Engine Remote Code Execution
exploit/multi/browser/java_rmi_connection_impl 2010-03-31 excellent Java RMIConnectionImpl Deserialization Privilege Escalation
exploit/multi/browser/java_setdifficm_bof 2009-11-04 great Sun Java JRE AWT setDiffICM Buffer Overflow
exploit/multi/browser/java_storeimagearray 2013-08-12 great Java storeImageArray() Invalid Array Indexing Vulnerability
exploit/multi/browser/java_trusted_chain 2010-03-31 excellent Java Statement.invoke() Trusted Method Chain Privilege Escalation
exploit/multi/browser/java_verifier_field_access 2012-06-06 excellent Java Applet Field Bytecode Verifier Cache Remote Code Execution
exploit/multi/browser/mozilla_navigatorjava 2006-07-25 normal Mozilla Suite/Firefox Navigator Object Code Execution
exploit/multi/browser/qtjava_pointer 2007-04-23 excellent Apple QTJava toQTPointer() Arbitrary Memory Access
exploit/multi/elasticsearch/script_mvel_rce 2013-12-09 excellent ElasticSearch Dynamic Script Arbitrary Java Execution
exploit/multi/http/jboss_deploymentfilerepository 2010-04-26 excellent JBoss Java Class DeploymentFileRepository WAR Deployment
exploit/multi/http/sun_jsws_dav_options 2010-01-20 great Sun Java System Web Server WebDAV OPTIONS Buffer Overflow
exploit/multi/misc/java_jmx_server 2013-05-22 excellent Java JMX Server Insecure Configuration Java Code Execution
exploit/windows/browser/java_basicservice_impl 2010-10-12 excellent Sun Java Web Start BasicServiceImpl Code Execution
exploit/windows/browser/java_cmm 2013-03-01 normal Java CMM Remote Code Execution
exploit/windows/browser/java_codebase_trust 2011-02-15 excellent Sun Java Applet2ClassLoader Remote Code Execution
exploit/windows/browser/java_docbase_bof 2010-10-12 great Sun Java Runtime New Plugin docbase Buffer Overflow
exploit/windows/browser/java_mixer_sequencer 2010-03-30 great Java MixerSequencer Object GM_Song Structure Handling Vulnerability
exploit/windows/browser/java_ws_arginject_altjvm 2010-04-09 excellent Sun Java Web Start Plugin Command Line Argument Injection
exploit/windows/browser/java_ws_double_quote 2012-10-16 excellent Sun Java Web Start Double Quote Injection
exploit/windows/browser/java_ws_vmargs 2012-02-14 excellent Sun Java Web Start Plugin Command Line Argument Injection
exploit/windows/http/hp_nnm_webappmon_ovjavalocale 2010-08-03 great HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
Si potrebbe usare un diverso motore di ricerca per lo sfruttamento delle strutture, come quello di Core Security, per eseguire una ricerca estesa simile - link - o anche quello di Immunity Security - link