I'm using remote-method-guesser to scan several hosts and dissecting the textual output is tedious. So I've looked at the code and only got a vague idea (my Java skills are pretty bad) how to allow for alternative output formats:
- Restructure code so that there's a dedicated logger interface with two implementations, a TTY one using ANSI escapes and a JSON one
- Restructure code so that the logger interface methods are used, which receive a context (current host/port/probe) and event (with all the details logged to the console)
Seems like quite a bit of work, but on the upside, it would make the existing TTY formatting less terrible.
The JSON output would look something like this
{"host": "...", "port": "...", "probe": "rmi_registry_jep290_check", "status": "not vulnerable"}
{"host": "...", "port": "...", "probe": "rmi_registry_jep290_bypass", "status": "vulnerable", "gadget": "An Trinh"}
I'm using remote-method-guesser to scan several hosts and dissecting the textual output is tedious. So I've looked at the code and only got a vague idea (my Java skills are pretty bad) how to allow for alternative output formats:
Seems like quite a bit of work, but on the upside, it would make the existing TTY formatting less terrible.
The JSON output would look something like this
{"host": "...", "port": "...", "probe": "rmi_registry_jep290_check", "status": "not vulnerable"} {"host": "...", "port": "...", "probe": "rmi_registry_jep290_bypass", "status": "vulnerable", "gadget": "An Trinh"}