reddit hackernews mail facebook facebook linkedin


Enemies Of Symfony - debug mode Symfony looter.

EOS loots information from a Symfony target in debug mode:

- General: get general information about the target.
- Phpinfo: extract Symfony environment variables from the exposed phpinfo().
- Routes: get the list of registered routes.
- Request logs: look for credentials in POST request logs.
- Project files: retrieve project files (configuration, database, etc.) based on a wordlist.
- Sources: extract the application source code.
- Cookies: craft Remember Me cookies.

Note that this tool does not exploit any Symfony vulnerability. The profiler is a useful component for developers and `EOS` simply takes advantage on misconfigured Symfony applications.