Find * Password#
In the SpringBoot site, there is an endpoint named /actuator/env, which usually shields some sensitive information, such as password, but replaces it with * symbol. If the target site can download the file /actuator/heapdump or /heapdump and decode it, sensitive information contained in it can be extracted.
You can also use this tool to scan SpringBoot nodes.
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
mat#
select * from java.util.LinkedHashMap$Entry x WHERE (toString(x.key).contains("password"))
select * from java.util.Hashtable$Entry x WHERE (toString(x.key).contains("password"))
JDumpSpider#
Project address: https://github.com/whwlsfb/JDumpSpider
$ java -jar JDumpSpider-1.0-SNAPSHOT-full.jar heapdump
Image source: https://wallhaven.cc/