Skip to content

0x4f53/gRPClyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
signatures.yaml
signatures.yaml
 
 

Repository files navigation

Golang License Latest Version

gRPClyzer

A gRPC Discovery & Security Scanner

To be used for discovering and enumerating gRPC services. This tool can identify gRPC endpoints and map several vulnerabilities.

Features

  • Service Discovery - Scans for gRPC services on common ports
  • Reflection Enumeration - Extracts full service definitions when reflection is enabled
  • TLS Detection - Identifies TLS-enabled vs plaintext services
  • Auth Detection - Identifies authentication requirements
  • JSON Output - Machine-readable output for integration with other tools
  • Concurrent Scanning - Fast scanning with configurable concurrency

Installation

From Source

git clone https://github.com/0x4f53/gRPClyzer.git
cd gRPClyzer

Usage

Basic Scan

# Scan a single target on default gRPC port
go run main.go -t localhost -p 50051

# Scan from a target file
go run main.go -T targets.txt -p 50051

# Scan multiple targets
go run main.go -t 192.168.1.1,192.168.1.2 -p 50051,9090

Testing with gRPC Goat

❯ go run main.go -t localhost -p 8001,8002,8003,8004,8005,8007,8008,8009 -v

    ⢀⡀ ⣏⡱ ⣏⡱ ⡎⠑ ⡇ ⡀⢀ ⣀⣀ ⢀⡀ ⡀⣀
    ⣑⡺ ⠇⠱ ⠇  ⠣⠔ ⠣ ⣑⡺ ⠴⠥ ⠣⠭ ⠏ 
- - - - - - - - - - - - - - - - - - -
 A gRPC Discovery & Security Scanner
        © 2025 Owais Shaikh
  github.com/0x4f53 • owais@0x4f.in

[*] Loaded signatures: 18 tokens, 16 service patterns

[*] Scanning 1 targets...
[*] Trying TLS connection to localhost:8005
[*] Trying TLS connection to localhost:8008
[*] Trying TLS connection to localhost:8007
[*] Trying TLS connection to localhost:8004
[*] Trying TLS connection to localhost:8009
[*] Trying TLS connection to localhost:8002
[*] Trying TLS connection to localhost:8003
[*] Trying TLS connection to localhost:8001
[*] Running deep security checks on localhost:8003...
[*] Testing for hardcoded/default authentication tokens...

[+] gRPC Service Found: localhost:8003
    TLS: true
    Security Findings (3):
      [MEDIUM] Server Reflection Enabled
      [MEDIUM] Self-Signed TLS Certificate
      [INFO] No Authentication Detected
[*] Trying plaintext connection to localhost:8008
[*] Trying plaintext connection to localhost:8007
[*] Trying plaintext connection to localhost:8004
[*] Trying plaintext connection to localhost:8005
[*] Trying plaintext connection to localhost:8009
[*] Trying plaintext connection to localhost:8002
[*] Trying plaintext connection to localhost:8001
[*] Running deep security checks on localhost:8002...
[*] Testing for hardcoded/default authentication tokens...
[*] Running deep security checks on localhost:8008...
[*] Testing for hardcoded/default authentication tokens...
[*] Running deep security checks on localhost:8009...
[*] Testing for hardcoded/default authentication tokens...
[*] Running deep security checks on localhost:8007...
[*] Testing for hardcoded/default authentication tokens...

[+] gRPC Service Found: localhost:8002
    TLS: false
    Security Findings (3):
      [HIGH] Plaintext gRPC (No TLS)
      [MEDIUM] Server Reflection Enabled
      [INFO] No Authentication Detected

[+] gRPC Service Found: localhost:8008
    TLS: false
    Security Findings (3):
      [HIGH] Plaintext gRPC (No TLS)
      [MEDIUM] Server Reflection Enabled
      [INFO] No Authentication Detected

[+] gRPC Service Found: localhost:8007
    TLS: false
    Security Findings (3):
      [HIGH] Plaintext gRPC (No TLS)
      [MEDIUM] Server Reflection Enabled
      [INFO] No Authentication Detected

[+] gRPC Service Found: localhost:8009
    TLS: false
    Security Findings (3):
      [HIGH] Plaintext gRPC (No TLS)
      [MEDIUM] Server Reflection Enabled
      [INFO] No Authentication Detected
[*] Running deep security checks on localhost:8001...
[*] Testing for hardcoded/default authentication tokens...

[+] gRPC Service Found: localhost:8001
    TLS: false
    Security Findings (3):
      [HIGH] Plaintext gRPC (No TLS)
      [MEDIUM] Server Reflection Enabled
      [INFO] No Authentication Detected

Command Line Options

❯ go run main.go -h
Usage:
  -T string
        File containing targets
  -blind
        Enable blind enumeration
  -c int
        Concurrency (default 10)
  -call string
        Call method (Service/Method)
  -no-plain
        Skip Plaintext
  -no-tls
        Skip TLS
  -o string
        Output JSON file
  -p string
        Ports to scan (default "50051,9090,443,8443,9000")
  -sigs string
        Path to signatures YAML file (default "signatures.yaml")
  -t string
        Target host(s)
  -timeout int
        Connection timeout (default 5)
  -v    Verbose output

Legal Disclaimer

This tool is intended for authorized security testing only. Only scan systems you have explicit permission to test. Unauthorized access to computer systems is illegal.

Contribution

This tool needs contributors to grow and become extremely versatile and powerful. Please read the contributing documentation if you'd like to contribute.

License

Multimedia licensed under License: CC BY-NC-SA 4.0

Copyright © 2024 Owais Shaikh

Donate

If you'd like to donate to me, visit my GitHub Sponsors page.

About

A fast gRPC enumeration and pentesting utility

Topics

golang security osint grpc owasp blackhat cybersecurity penetration-testing pentesting bugbounty security-tools cloud-security

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages