POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Related tags

Security related resourceslog4shell-poc-py
Overview

log4shell-poc-py

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Run on a system with python3 python3 log4shell-poc.py

Example Output

[1] Testing asset: http://
   
    

[2] Testing asset: http://
    
     

[3] Testing asset: http://
     
      

[4] Testing asset: http://
      
       

[5] Testing asset: http://
       
         [6] Testing asset: http://
        
          [7] Testing asset: http://

Interaction Results

The example output as seen on the interactor due to a the Log4J vulnerability being found in an asset.

;; ANSWER SECTION:

   
    .
    
     .	3600	IN	A	
     
      

;; AUTHORITY SECTION:

      
       .
       
        . 3600 IN NS ns1.
        
         . 
         
          .
          
           . 3600 IN NS ns2.
           
            .
  • - represents the line number of the target in the target file
Owner
BCC Risk Advisory
BCC Risk Advisory
GitHub Repository
The backend part of the simple password manager project made for the creative challenge.

SimplePasswordManagerBackend The backend part of the simple password manager project. Your task will be to showcase your creativity on our channel by

The Coding Jungle 5 Dec 28, 2021
ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

ADExplorerSnapshot.py ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound. AD Explorer allows you to connect to a DC and browse L

576 Dec 23, 2022
Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr 64bit2key.py

Stefan Marsiske 15 Nov 26, 2022
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022
USSR-Scanner - USSR Scanner with python

Purposes ? Hey there is abosolutely no need to do this we do it only to irritate

Binary.club 2 Jan 24, 2022
This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard

This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard to form a 16-character password which is unpredictable and cannot easily be memorised.

Mohammad Shaad Shaikh 1 Nov 23, 2021
Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

elyesa 5 Nov 09, 2022
Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances of log4j library, including embedded (jar/war/zip) packaged ones.

log4shell_finder Python port of https://github.com/mergebase/log4j-detector log4j-detector is copyright (c) 2021 - MergeBase Software Inc. https://mer

Hynek Petrak 33 Jan 04, 2023
Automatically fetch, measure, and merge subscription links on the network, use Github Action

Free Node Merge Introduction Modified from alanbobs999/TopFreeProxies It measures the speed of free nodes on the network and import the stable and hig

52 Jul 16, 2022
This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

F2Amapper This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to

Ajit Kumar 3 Sep 03, 2022
OpenSource Poc && Vulnerable-Target Storage Box.

reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

cckuailong 560 Dec 23, 2022
Remote control your Greenbone Vulnerability Manager (GVM)

Greenbone Vulnerability Management Tools The Greenbone Vulnerability Management Tools gvm-tools are a collection of tools that help with remote contro

Greenbone 130 Dec 17, 2022
CloudFlare reconnaissance, tries to uncover the IP behind CF.

CloudFlare reconnaissance, tries to uncover the IP behind CF.

Neospace 8 Dec 03, 2021
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

52 Dec 17, 2022
Script Crack Facebook Premium 🚶‍♂

prem Script Crack Facebook Premium 🚶‍♂ Install Script $ pkg update && pkg update $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Dec 03, 2021
Web Headers Security Scanner

Web Headers Security Scanner

Emre Koybasi 3 Dec 16, 2022
log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

5 Dec 10, 2021
Tool To generate Stable Undetected Payload

windowsPayload Tool To generate Stable Undetected Payload Don t Upload to Virus Total :) Follow on Social Media Platforms ScreenShots How to install +

youhacker55 117 Dec 30, 2022
Dumps the payload.bin image found in Android update images.

payload dumper Dumps the payload.bin image found in Android update images. Has significant performance gains over other tools due to using multiproces

Rasmus 7 Nov 17, 2022
A Python & JavaScript Obfuscator made in Python 3.

Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco

Karim 3 Mar 24, 2022