hunt-springboot
Installation
SKILL.md
HUNT-SPRINGBOOT — Spring Boot Specific Vulnerabilities
Crown Jewel Targets
Spring Boot Actuator /actuator/heapdump exposed = heap dump with all secrets in memory.
Highest-value findings:
/actuator/heapdump— full JVM heap dump contains plaintext passwords, tokens, DB credentials, private keys stored anywhere in memory/actuator/env— lists all environment variables and Spring properties including secrets/actuator/shutdown— POST → shuts down the application (Critical availability impact)- H2 Console (
/h2-console) — in-memory DB admin UI → SQL query execution → potential RCE viaCREATE ALIAStrick - SpEL injection — Spring Expression Language in template fields,
@Valueannotations, SpEL-processed request params → RCE - Spring4Shell CVE-2022-22965 — Spring Framework < 5.3.18 + Tomcat → RCE via data binding