cyberneticlibrary
← library

Hunt gRPC configuration vulnerabilities

hunt-grpcskillsetup L11,791
elementalsouls/Claude-BugHunter
What it does

Fingerprint gRPC, enumerate services, hunt missing auth and cross-tenant IDOR

Best for

Security teams hunting microservice architecture vulns where edge-proxy auth is bypassed by reaching backend directly.

Inputs
  • · target port (50051, 443, 8443, 9090)
  • · grpcurl or grpc-gateway endpoint
Outputs
  • · service catalog
  • · method signatures (from reflection or proto)
  • · unauthenticated method calls (gRPC status OK)
  • · cross-tenant ID swap results
Requires
  • · grpcurl
  • · grpcui
  • · openssl s_client (ALPN test)
  • · curl (HTTP/2 detect)
Preconditions
  • · target exposes gRPC port or HTTP/2 service
  • · reflection enabled OR method names known
Failure modes
  • · reflection disabled
  • · mTLS enforced
  • · no internal-facing endpoints exposed
Trust signals
  • · Cites CVE-2023-44487 (HTTP/2 Rapid Reset DoS) with authorization caveat
  • · Covers gRPC-Web/grpc-gateway transcoding injection
  • · Fingerprint matrix (which proxies are vulnerable)