Research and Development

A tool for extracting information from Java Remote Method Invocation (RMI) services.

rmiInfo is a tool to help extract information from Java Remote Method Invocation (RMI) services, which can then be used to find possible security vulnerabilities. The main aim being to identify the location of the RMI stub. If one is able to find the stub, then this is the first step in being able to construct java code to talk directly to the RMI service.

rmiInfo is able to not only extract information from RMI registries but also RMI services as well.

Key features

From a registry it is able to extract the following information:

  • Name of attached services.
  • Location of the service (IP address and port number).
  • Name of the stub interface.

From an RMI service it is able to extract the following information:

  • Location of remotely deployed code.

Thus if you combine the information for the service and the registry, you are able to determine the location and name of remotely deployed stubs.

Other features of rmiInfo:

  • If it finds an RMI registry, it will recursively scan all the services identified.
  • Platform independent (Java based).
April 26, 2013
Version: 0.3
4.7 KiB
MD5 hash: 62c44ff67ee6ec6e414cc0fc13d1e2bd
RmiInfo-0.3 Tar
April 26, 2013
5.0 KiB
MD5 hash: 3cec7060f4c61ee0c40fec9e85ad8550
RmiInfo-0.3-src Tar
April 26, 2013
3.2 KiB
MD5 hash: 85e2d795570474c1d7fbc90e3cdaf824

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)