rbcrwd
commented
2 years ago This is, unfortunately, accurate.
The PS1 wrapper attempts to be extra efficient by querying running processes and known registry hives for CLASSPATH locations, as well as limits its searching to JAR and WAR files (even though cast.exe will happily search all ZIP formats, including SAR and RAR (so long as they have the appropriate file magic).
Given the very reason this tool was written (JARs can be literally anywhere on disk), this approach is, by definition, going to miss some nonstandard, non-running instances.
As the tradeoffs section of the blog post discusses, you can simply run CAST against an entire drive. The tradeoff is, for larger systems, that you impact your IO and CPU for a longer period of time for more thorough results.
So I got the script to run from Falcon RTR and it didn't find anything, but when I run CAST.exe locally on the machine it finds results? Just wondering if this is working as intended?
"Searching 77 directories for files matching '.(jar|war)$'... Identified 57 files to scan. Identified 57 files to scan. 2021/12/27 14:48:19 archives: 57 found: 0 scanned: 57 skip: 0"