Awesome

ParrotNG

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461. For more details, please refer to the slides of our Troopers 2015 talk.

Download the latest release from HERE.

##Features

• Written in Java, based on swfdump
• One JAR, two flavors: command line utility and Burp Pro Passive Scanner plugin
• Detection of SWF files compiled with either a vulnerable Flex SDK version, patched by Adobe's tool or not affected

##How To Use - Command Line

1. Download the latest ParrotNG from the release page
2. Simply use the following command:

$ java -jar parrotng_v0.2.jar <SWF File | Directory>

The tool accepts a single SWF file or an entire directory.

##How To Use - Burp Pro Passive Scanner Plugin

1. Download the latest ParrotNG from the release page
2. Load Burp Suite Professional
3. From the Extender tab in Burp Suite, add parrotng_v0.2.jar as a standard Java-based Burp Extension
4. Enable Burp Scanner Passive Scanning
5. Browse your target web application. All SWF files passing through Burp Suite are automatically analyzed