CVE-2021-45046

Workshop Objectives 악성코드탐지 플랫폼 SonaType Nexus Firewall (IQ Server) 을 이용하여, SDLC 내에 위협요소가 유입되는 것을 방지할 수 있도록 Nexus Repository와 Nexus Firewall을 통한 실습을 수행합니다 가장 많이 사용하는 NPM, MAVEN, PYPI를 통해서 위협요소를 평가 실습하며, 주어진 미션을 완성함을 목적

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 20 <= Apache log4j <= 2141 Java version already patched: 6u211+, 7u201+, 8u191+, 1101+ Windows Defender started to remove java f

log4j RCE (CVE-2021-44228)이 215에서 패치되었지만, CVE-2021-45046 (DoS 유발) 취약점이 새로 발견되었음 아래는 테스트 해본 결과 [테스트 환경] log4j-2150 (api , core) JRE-180 jdk180_151 Eclipse IDE (Maven Project) Log4j RCE (CVE-2021-44228) 구문 테스트 -> Not Vuln 임의의 ctx 객체명을 삽입 -> Not vuln

log4j2demo

Apache log4j2 远程命令执行漏洞 2021-12-27 重要更新： 根据官网消息，2160和2170版本包暴露了新的漏洞(CVE-2021-45105)和(CVE-2021-44832)。建议升级到2171版本。 2021-12-18重要更新： 根据Apache Log4j2官网信息，针对漏洞CVE-2021-44228的临时规避方案，除了删除class之外，其他设置formatMsgNoLookups等环境变�

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE CSIRT network members advisories

CISA Log4j (CVE-2021-44228) Vulnerability Guidance This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228) CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2150 or apply the recommended mitigations immediately Official CISA Guidance & Resou

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Per CVE-2021-44228 and CVE-2021-45046, Apache log4j2 versions < 2160 (except 2122) are vulnerable to remote code execution and potential data exfiltration This script will scan your New Relic account(s) for java services that report usage of log4j-core, and generate a manifest containing each suspect service with the version of log4j-core reported by New Relic APM

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE CSIRT network members advisories

Locate log4j vunerable files

find_log4j Locate vunerable log4j files The current advice is to upgrade for log4j v2172, this script can help find older versions Description The script tries to find log4j jar files and match their filenames, if found it checks the sha256 hash to compare If the filename is log4j-corejar or log4j-apijar, then it gets the hash and tries to match hash instead of filename

A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046

log4j-scanner A Log4j vulnerability scanner is automated scanner to find log4j (CVE-2021-44228 and CVE_2021_45046) vulnerabilities in web applications Features 1- It supports multiple URL to perform scan 2- It has payload that can bypass some WAF 3- It supports GET and POST request 4- It supports user payload and headers file 5- It fuzzes POST data parameter as well as JSON pa

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Test this content before applying it to production systems Usage Download the latest package from releases here: githubcom/VerveIndustrialProtection/CVE-2021-44228-Log4j/releases and then Import the Fixlets, Analyses, and Computer Group into a site and apply computer subscriptions Detection Methods There are three detection methods available for each supported Operat

Contains all my research and content produced regarding the log4shell vulnerability

Objective Contains all my research and content produced regarding the log4shell vulnerability Content Folder "analysis" Contain the information that I gather about the vulnerability, affected versions, exploitation context/requirements, remediation plan proposal and so on This content is created using Joplin and then exported as markdown to the analysis folder �

Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.

Log4Shell-obfuscated-payloads-generator Log4Shell-obfuscated-payloads-generator can generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection The design idea of ​​Log4Shell-obfuscated-payloads-generator Installation git clone githubcom/r3kind1e/Log4Shell-obfuscated-payloads-generatorgit

This project will help to test the Log4j CVE-2021-44228 vulnerability.

Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities Installation and Building Load the project on Intellij Idea Select JDK in "Projects Settings" (CTRL + ALT + SHIFT + S) In "Project Settings", create the Artifact -> "Artifacts" -> "Create JAR from Modules" -> In &

Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shell

Patch pulsar images with Apache Log4J 2171 upgrade Covers CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 CVE-2021-44832 See Log4J Security Vulnerabilities and upgrades for more information see the Dockerfile for the solution Building and pushing patched docker images example usage: # build and tag image docker build --build-arg=ORIGINAL_IMAGE=apachepulsar/pulsar-all:281

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

A backup source for Minecraft PVP-focused client made by LEF-ganga (aka ImFlowow)

Tritium-backup A backup source for Minecraft PVP-focused client made by LEF-ganga We are happy to make Tritium available again! 我们很高兴让 Tritium 再次可用！ Because the other LEF-ganga (aka ImFlowow) has deleted the resource repo originally deployed on Gitee, some code files cannot be downloaded (such as' me Imflow: authlib: 12 ') 由于彼岸花已�

PowerShell scripts for Log4Shell So far, it only includes the script Remove-ArchiveItemps1, which removes a specified class file from JAR files (or any ZIP file, for that matter) This allows to implement one of the proposed workarounds for the Log4Shell vulnerability found in Log4j 2X Java library (CVE-2021-44228 and CVE-2021-45046) The workaround consists in removing the o

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 20 <= Apache log4j <= 2141 Java version already patched: 6u211+, 7u201+, 8u191+, 1101+ Windows Defender started to remove java f

JFrog CLI Plugins Registry General JFrog CLI Plugins allow enhancing the functionality of JFrog CLI to meet the specific user and organization needs The source code of a plugin is maintained as an open source Go project on GitHub All public plugins are registered in JFrog CLI's Plugins Registry The Registry is hosted in this GitHub repository The plugins directory inc

PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs

Log4Shell-Rex The following RegEx was written in an attempt to match indicators of a Log4Shell (CVE-2021-44228 and CVE-2021-45046) exploitation If you run a version from pre 2021/12/21, it's highly recommended to test and update I've removed some quirks and enhanced performance The Regex aims being PCRE compatible, but should also run on re2 and potentially more Re

One place for all Log4Shell resources and useful links

log4shell-everything – One place for all valuable things about Log4Shell A continually updated page for valuable Log4Shell resources and useful links Last update: Monday, 15 December 2021, 02:17 ET Background Security teams all over the world are rushing to deal with the new critical zero-day vulnerability dubbed Log4Shell This vulnerability in Apache Log4j, a popular

A simple script to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228.

log4jjndilookupremove A simple script to remove Log4J JndiLookupclass from jars in given directory This script can be used to temporarily resolve the CVE-2021-45046 and CVE-2021-44228, until the application can be repackaged with a proper Log4J version Usage On Linux or other *nix system just run this script in the directory you want to scan, or add the target directory as f

This elasticsearch image v7102 is patched against following log4j vulnerabilities: CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 Since the only two latest versions 7162 and 6822 of elasticsearch were patched by vendor, but numerous products use exclusively interim releases (ie graylog), we've decided to release a patched image, although is the image according to e

Docker image for Apache JMeter

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system Features Local and remote scanner Supports URL and CIDR scans Supports DNS, LDAP & TCP callbacks for vulnerability discovery and validation Fuzzing of 50 HTTP requ

CVE-2021-44228_scanner Applications that are vulnerable to the log4j CVE-2021-44228 issue may be detectable by scanning jar, war, and ear files to search for the presence of JndiLookupclass Depending on the platform that you are investigating, the PowerShell or the Python3 script may make more sense to run In both cases, the optional argument is the top-level directory that

!!!! DEPRECATION NOTICE !!!! This project is being deprecated as outlined below 2023-01-01 - This repository will no longer be updated 2023-04-01 - This repository will be permanently deprecated The project will cease to accept issues and will not be updated as of 2023-01-01 After this date, this project will be unsupported and no new releases or artifacts associated

DatasetCreator is a lightweight RESTFul client implementation of the Salesforce CRM Analytics External Data API. It has been deliberately developed with no 3rd party jars with the goal of being a lean, reliable and scalable solution.

DatasetCreator DatasetCreator is lightweight RESTFul client implementation of the CRM Analytics External Data API This tool is free to use, but it is not officially supported by Salesforce It has been deliberately developed with no 3rd party jars with the goal of being a lean, reliable and scalable solution This is a community project that have not been officially tested o

log4j RCE (CVE-2021-44228)이 215에서 패치되었지만, CVE-2021-45046 (DoS 유발) 취약점이 새로 발견되었음 아래는 테스트 해본 결과 [테스트 환경] log4j-2150 (api , core) JRE-180 jdk180_151 Eclipse IDE (Maven Project) Log4j RCE (CVE-2021-44228) 구문 테스트 -> Not Vuln 임의의 ctx 객체명을 삽입 -> Not vuln

log4jscan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass p

A stats collection and distributed tracing framework

Warning OpenCensus and OpenTracing have merged to form OpenTelemetry, which serves as the next major version of OpenCensus and OpenTracing OpenTelemetry has now reached feature parity with OpenCensus, with tracing and metrics SDKs available in NET, Golang, Java, NodeJS, and Python All OpenCensus Github repositories, except census-instrumentation/opencensus-python, will be ar

An agent to hotpatch the log4j RCE from CVE-2021-44228.

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process The agent will attempt to patch the lookup() method of all loaded orgapachelogginglog4jcorelookupJndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup()" It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j wit

Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione

CVE-2021-44228 Il 9 dicembre 2021 il mondo è venuto a conoscenza di una nuova falla di sicurezza riguardante Log4J Il punteggio CVSSv3 (Common Vulnerability Scoring System) della vulnerabilità, è stato valutato pari a 10, rendendola così di livello critico (nvdnistgov/vuln/detail/CVE-2021-44228) CVSSv3 Il suo vettore CVSSv3 è il

EFK 설치 가이드 개요 EFK는 Elasticsearch, Fluentd 그리고 Kibana 세 개의 플랫폼 조합으로 클러스터 환경에서의 로그 수집, 검색 그리고 시각화를 제공한다 각 k8s 클러스터에 fluentd가 daemonset으로 log를 수집하여 elasticsearch에 적재하면, elasticsearch는 요청에 따른 검색 기능을 제공한다 kibana는 elast

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

Getting up and running with Snyk CLI

Getting Started with Snyk CLI This guide is provided as a quick reference to getting started with Snyk CLI We will use an existing repository during a set of tests we run showing how to perform common tasks with the Snyk CLI Note: This does not attempt to replace the Snyk Docs which go into far more details but instead aid in a quick start with the snyk CLI Step 1 - Installing

Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 180_181 Usage Malicious server The malicious server deploys the following endpoints: 1389 LDAP server 1099 RMI server 8081 HTTP server /gradlew :malicious-server:bootRun Vulnerable application The vulnerable application deploys one HTTP endpoint

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.

CVE-2021-44228: Log4j / Log4Shell Security Research Summary This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell Threat Intel Mitigations / Fixes Malware Reports Advisory IOCs / Callback Domains / IP Addresses Honeypots Payloads / Obfuscation / WAF Bypass Vulnerability Scanning Exploitation

This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.

CVE-2021-44228: Log4j / Log4Shell Security Research Summary This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell Threat Intel Mitigations / Fixes Malware Reports Advisory IOCs / Callback Domains / IP Addresses Honeypots Payloads / Obfuscation / WAF Bypass Vulnerability Scanning Exploitation

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process The agent will attempt to patch the lookup() method of all loaded orgapachelogginglog4jcorelookupJndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup()" It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j wit

Log4Shell Demo Attack CVE-2021-44228 CVE-2021-45046 Target the JDK version 8u181 for vulnerable app The JDK can be grab from cdnazulcom/zulu/bin/zulu83101-jdk80181-win_x64zip Run the servers from the main method The vulnerable server localhost:8080 First stage LDAP attacker server localhost:1389 Second stage

we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Introduction we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(log4shell) in their AWS account We currently support "CVE-2021-44228" and "CVE-2021-45046" RCE vulnerabilities The script enables security teams to identify external-facing AWS assets by running the exploit on them, a

The log4j vulnerability test

TestLog4j The log4j vulnerability test Details of the vulnerability is at loggingapacheorg/log4j/2x/securityhtml CHECK THE CVE-2021-45046 CVE-2021-44228

Scans the file system to find Log4Shell vulnerabilities.

Log4Shell Scanner Log4Shell Scanner (log4shell-scanner-rs) is a CLI application written in Rust It scans the file system to find Java applications that may be vulnerable to Log4Shell related vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832) Detail of Log4Shell vulnerabilities affecting Log4j2: CVE Severity Fix version (min Java version)

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE EU CSIRT network members advisor

log4j vulnerability exploration

Log4j vulnerability exploration/proof of concept Also known as CVE-2021-45046 CVE-20201-44228 #log4shell loggingapacheorg/log4j/2x/securityhtml How to use First verify that it works by running testsh it should print ITWORKS in uppercase for different log levels Exfiltration example cd listener /ldap-exfilpy in another termi

Choose your own SIEM adventure Repo of configs for the three major SIEMs Blog posts: Elastic Graylog Splunk Security notes Default password is set to Changem123! Docker-composes v2X are for development ONLY and are NOT secure for production Config direcotry: conf/ conf/ansible/* - This directory contains all the configs for the Ansible playbooks and a manual install con

☢️ Log4j-scanner ☢️ Scan the log4j vulnerability with the log4j scanner tool Features 👻 Features and advantages that exist in this tool: Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerab

One place for all Log4Shell resources and useful links

log4shell-everything – One place for all valuable things about Log4Shell A continually updated page for valuable Log4Shell resources and useful links Last update: Monday, 15 December 2021, 02:17 ET Background Security teams all over the world are rushing to deal with the new critical zero-day vulnerability dubbed Log4Shell This vulnerability in Apache Log4j, a popular

l4shunter To hunt for machines vulnerable to CVE-2021-44228 or CVE-2021-45046 This is a bash script that uses curl It is originally a project that I made to improve in bash, but I think it can be useful in its current form Usage Advisory This script should be used for authorized penetration testing and/or educational purposes only Any misuse of this software will not be th

Silent print and serial ports for web!

WebApp Hardware Bridge Security Warning Version <= 0130 are known to be affected by log44 vulnerabilities (CVE-2021-44228, CVE-2021-45105, CVE-2021-45046) Existing users are strongly recommended to update to 0140 or above as soon as possible Introduction WebApp Hardware Bridge (succeeder of "Chrome Hardware Bridge / Chrome Direct Print") Make it possible

log4j-tools Quick links Click to find: Inclusions of log4j2 in compiled code Calls to log4j2 in compiled code Calls to log4j2 in source code Sanity check for env mitigations Applicability of CVE-2021-45046 Xray wrapper for Log4Shell Automatically patch container images in Artifactory Overview CVE-2021-44228 poses a serious threat to a wide range of Java-based appl

DSLF, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce It is the ultimate log4j vulnerabilities assessor It comes with four individual Python3 modules: Passive Callback Module aka PCM Active Callback Module aka ACM Active Scanner Module aka ASM Payload Generator Module aka PGM It covers CVE-2021-44228 and CVE-2021-45046 DSLF was coded to help CyberSecurity Teams

Demo for version upgrade of maven-enforcer-plugin to version 3.0.0 in ossindex-maven-enforcer-rules

Introduction This is a demo project for pull request sonatype/ossindex-maven#57 It was created by using startspringio/ POM is modified to use maven-enforcer-plugin in version 300 and ossindex-maven-enforcer-rules in version 311-SNAPSHOT Version 310 is not compatible with maven-enforcer-plugin in version 300 Build will fail because there is a log4j dependenc

PowerShell script to Remove JndiLookup.class from Jar-files to remediate LOG4J Vulnerability uses built-in compression library of Windows.

JndiLookupRemoval PowerShell script to Remove JndiLookupclass from Jar-files to remediate LOG4J Vulnerability (CVE-2021-44228 and CVE-2021-45046) Script will use built-in compression library of Windows therefore no need to install 3rd party zip-utilities This PowerShell script will scan all Fixed local drives to discover potential vulnerable Jar-files that contain the JndiLo

Tool for checking FHIR data for conformance with the GECCO standard

NUM COMPASS conformance checker The NUM COMPASS conformance checker provides an endpoint to validate example resources of the German Corona Consensus Dataset (GECCO) The app is part of the COMPASS (Coordination on mobile pandemic apps best practice and solution sharing) project, which aims to improve how apps are used to cope with pandemics It offers both validation of si

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

log4shelltools log4shelltools is a tool that allows you to run a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 This is the code that runs log4shellalexbakkerme If you'd like to inspect the code or run an instance in your own environment, you've come to the right place

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

Mend Bulk Report Generator

Mend Bulk Report Generator CLI Tool to generate reports on multiple products or projects The tool allows including and excluding scopes by stating their tokens Report scope (-s, --ReportScope) determines whether reports run on projects or products If included scopes (via -i, --includedTokens) are not specified, the tool runs reports on all scopes Report data exported by de

Jmeter Cluster for k8s/docker/dockerswarm

Copy from githubcom/justb4/docker-jmeter docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Security Patches As you may have seen in the news, a new zero-day exploit has been reported aga

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Log4-detector Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Can search for Log4J instances by carefully examining the complete file-system, including all installed applications It is able to find Log4J instances that are hidden several layers deep Works on Li

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Arduino Assembly C C# C++ CSS Clojure D Dockerfile Eagle Emacs Lisp G-code GAP Go HTML Java JavaScript Jinja Jupyter Notebook Logos Lua Makefile Nix Objective-C Others PHP Pascal Perl PowerShell Python QML Ruby Rust SCSS Shell Smarty Swift TeX TypeScript Vala Verilog Vim Script Vue Arduino sor

The Log4j vulnerability, also known as "Log4Shell" or "CVE-2021-44228," is a critical security flaw in the Apache Log4j library Log4j is a widely used Java-based logging framework that allows developers to log messages from applications to various destinations, such as files, databases, and console outputs The vulnerability was discovered in December 2021

Log4j vulnerability demo

log4j-vuln-demo Log4j vulnerability demo cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-45046 CVE: CVE-2021-4428 | CVE-2021-45046 demo apache log4j2 vuln execute RCE via logs ${jndi:ldap://127001:3000} postman collection for testing Local Startup Open 2 terminal shell Shell 1: Vulnerable Application [Green] /gradlew bootRun

Find vulnerable Log4j installations

log4j-finder Find vulnerable Log4j installations A bash shell script to scan your filesystems to find log4j install bases that are vulnerable to Log4Shell (CVE-2021-44228 & CVE-2021-45046) It scans recursively to locate suspect jar files on disk and compares them to published checksums of vulnerable log4j versions Works on Linux, AIX, Solaris Usage % /log4j_findersh

Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 e CVE-2021-44832)

████████████████▀███████████████████████████████████████████████████████████████████ █▄─▄███─▄▄─█─▄▄▄▄█░█░████▄─▄█▀▀▀▀▀██▄─▄▄─█�

CVE-2021-44228_scanner Applications that are vulnerable to the log4j CVE-2021-44228 issue may be detectable by scanning jar, war, and ear files to search for the presence of JndiLookupclass Depending on the platform that you are investigating, the PowerShell or the Python3 script may make more sense to run In both cases, the optional argument is the top-level directory that

Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 e CVE-2021-44832)

████████████████▀███████████████████████████████████████████████████████████████████ █▄─▄███─▄▄─█─▄▄▄▄█░█░████▄─▄█▀▀▀▀▀██▄─▄▄─█�

Conftest Snyk Demos The following demos show how to use conftest with Snyk to break builds based on certain conditions Conftest is a utility to help you write tests against structured configuration data For instance, you could write tests for your Kubernetes configurations, Tekton pipeline definitions, Terraform code, Serverless configs or any other structured data In this c

docker-jmeter Image on Docker Hub Docker image for Apache JMeter This Docker image can be run as the jmeter command Find Images of this repo on Docker Hub Starting version 54 Docker builds/pushes are executed via GitHub Workflows Donate With over 10 Million Pulls from DockerHub, this Docker Image is increasingly popular To support its active maintainance consider making a

Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

Logout4Shell Description A vulnerability impacting Apache Log4j versions 20 through 2141 was disclosed on the project’s Github on December 9, 2021 The flaw has been dubbed “Log4Shell,”, and has the highest possible severity rating of 10 Software made or managed by the Apache Software Foundation (From here on just "Apache") is pervasive and comp

Scan systems and docker images for potential log4j vulnerabilities. Able to patch (remove JndiLookup.class) from layered archives. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Binaries for Windows, Linux and OsX, but can be build on each platfo…

divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/core/lookup/JndiLookupclass files Currently the allow list defines non exploitable versions, in this case log4j-core 2170 and 2123

Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`

NukeJndiLookupFromLog4j Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j &lt; 210 and is unable to use -Dlog4j2formatMsgNoLookups=true This is needed because of a major vulnerability introduced by the class' functionality, see more here: apache/logging-log4j2#608 NOTE: This fixes BOTH CVE-2021-44228 / CVE-2021-45046 (AKA

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools) Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass

This repository is designed to be a collection of resources to learn about, detect and mitigate the impact of the Log4j vulnerability - more formally known as CVE-2021-44228 and CVE-2021-45046 (mirror from GitLab.com)

💡 Log4j CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Resources This repository is designed to be a collection of resources to learn about, detect and mitigate the impact of the Log4j vulnerability - more formally known as CVE-2021-44228 Below you can find a set of links to resources organized by topic area If you want to add resources, you can fork this repository on Gi

patch_log4j This cookbook scans for Log4j Core JAR files and patches them against CVE-2021-44228 and CVE-2021-45046 by removing their JndiLookupclass files Usage Install and configure Chef Client on the machines you want to patch Install and configure Chef Workstation on your developer workstation Add the cookbook to your Chef server cd &lt;your cookbooks directory&am

Playbooks for setting up a Red Hat Advanced Cluster Security demo/workshop for log4shell vulnerability

Red Hat Advanced Cluster Security workshop - Run-Time Log4Shell Vulnerability Prevention Demo Overview Run-Time Vulnerability Prevention demonstrates the capabilities of Red Hat Advanced Cluster Security for cloud native applications in OpenShift and any xKS environment The industry is quickly moving to a DevSecOps Model, and shifting security to the left to secure build, depl

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Log4j Scanner This repo is archived as of 6 Dec 2022 - and is no longer being maintained This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 &amp; CVE-2021-45046) The information and code in this repository is provided "as is" and was assembled with the help of the open-source community and updated by

A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their environments for applications vulnerable to the critical Log4J / CVE-2021-44228 vulnerability, I felt that: none of the tools I ran into were made for analysts to track a given finding throughout the remediation process Log4Shell Sen

related to Log4Shell (CVE-2021-44228) vulnerability why those snippets Some commenters take it to blame Java to be insecure The attack vector is not only via HTTP headers out of scope The repository provides simple demonstration of the vulnerability as Java, Kotlin and Scala snippet why those snippets Log4Shell is a serious vulnerability and there are some rumors ar

Patching the Log4j vulnerability in Gluu Server Gluu Server versions covered: Gluu v4, v3 ( from 315 to 318 ), Enterprise Edition, Cloud Native and Snapcraft Security Vulnerabilities: CVE-2021-44832, CVE-2021-45105, CVE-2021-45046 and CVE-2021-44228 Log4j library versions affected: 216 and earlier &nbsp; Overview: On December 17th, Apache announced critical vulnerabi

Exploit server As part of a demonstration on how the log4j vulnerability CVE-2021-45046, a small web server was needed to provide various payloads/gadgets Even if the ExploitServer can server multiple exploit payloads, marshalsec can only support one per instance, as far as I have gathered You can however run multiple instances of marshalsec Configuring exploits Note that th

Mark59 is a Java-based framework providing a 'CI' based set of tools that enables the tracking of Performance Test results over time, split JMeter report into logical groups, a simple solution to assist with metrics capture and allow Selenium to be incorporated into JMeter scripting

This is the WORK-IN-PROGRESS repository for Mark59 - be aware it may NOT always be in a completely consistent state Mark59 Documention, Guides, Downloads and More Available at the wwwmark59com website Releases Release 60-beta-2 Refine Playwright Options for Scripting Scripting samples moved to mark59-scripting-samples, mark59-scripting-sample-dsl Cr

Detections for CVE-2021-44228 inside of nested binaries

Log4J-CVE-Detect This repository contains a set of YARA rules for detecting versions of log4j which are vulnerable to CVE-2021-44228, CVE-2021-45046, and / or CVE-2021-45105 by looking for a number of features which appear in affected versions This tool works recursively on binary files such as Docker images, system packages, filesystem images, and even installation media See

log4j2 RCE漏洞（CVE-2021-44228)内网扫描器，可用于在不出网的条件下进行漏洞扫描，帮助企业内部快速发现Log4jShell漏洞。

概述 log4j2 RCE漏洞（CVE-2021-44228)内网扫描器，可用于在不出网的条件下进行漏洞扫描，帮助企业内部快速发现Log4jShell漏洞。 修改自: githubcom/fullhunt/log4j-scan JNDIMonitor来自：r00tSe7en/JNDIMonitor: 一个LDAP请求监听器，摆脱dnslog平台 (githubcom) 本工具仅供学习研究自查使用，切勿用于非法用�

A micro lab for CVE-2021-44228 (log4j)

horrors-log4shell A micro lab (playground?) for CVE-2021-44228 (log4j) Can be used for executing payloads against multiple targets Target-specific payloads are generated runtime Adjustable configuration and bypasses Installation Java-related requirements Development / Running example Gradle Maven In order to test the recent log4j related vulnerabilities (CVE-2021-442

This is the Git source repo for unofficial Docker images of WSO2IS with Lo4j CVE-2021-45046 and CVE-2021-44228 patched Docker images for WSO2IS with Lo4j CVE-2021-45046 and CVE-2021-44228 patched The CVEs were patched by deleting the file org/apache/logging/log4j/core/lookup/JndiLookupclass from affected jars, per the recommended mitigations listed on the Log4j Security page

Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities This extension uses the Burp Collaborator to verify the issue Usage Enable this extension Launch an Active Scan on a specific target if you want to run only checks from this module, you can import the extensions-onlyjson pro

Provides deep dependency scanning for vulnerable log4j-core usage in Git repositories.

Deep scanning for log4j IAS created an open source project, dependency-deep-scan-utilities which detects log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046) in your source code Because of the widespread use of log4j, ease of exploit, and ability to perform remote code execution, IAS open sourced this project to help everyone mitigate this exploit dependency-deep-scan-ut

Sample Log4j2 vulnerable application (CVE-2021-45046) Versions Affected: all versions from 20-beta9 to 2150 This application is based on Spring Boot web application vulnerable to CVE-2021-45046 It uses Log4j 2141 (through spring-boot-starter-log4j2 261) Running the application Run it: Import the project in Java IDE as a maven project Run CVEMainApplicationjava as a s

Generic Scanner for Apache log4j RCE CVE-2021-44228

log4shell A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs Fuzzing for more than 60 HTTP request headers Fuzzing for HTTP POST Data parameters Fuzzing for JSON data parameters Supports DNS callback for vulnerability discovery and validation WAF Bypass payloads Announcement There is a patch bypass o

Playbooks for setting up a Red Hat Advanced Cluster Security demo/workshop for log4shell vulnerability

Red Hat Advanced Cluster Security workshop - Run-Time Log4Shell Vulnerability Prevention Demo Overview Run-Time Vulnerability Prevention demonstrates the capabilities of Red Hat Advanced Cluster Security for cloud native applications in OpenShift and any xKS environment The industry is quickly moving to a DevSecOps Model, and shifting security to the left to secure build, depl