POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Last update: Dec 22, 2021

Overview

log4shell-poc-py

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Run on a system with python3 python3 log4shell-poc.py

pathToTargetFile - containing a list of targets (targets are seperated by newlines)
InteractionURL - the endpoint used to monitor out of band data extraction or interactions, e.g: https://github.com/projectdiscovery/interactsh

Example Output

[1] Testing asset: http://
   
    

[2] Testing asset: http://
    
     

[3] Testing asset: http://
     
      

[4] Testing asset: http://
      
       

[5] Testing asset: http://
       
         [6] Testing asset: http://
        
          [7] Testing asset: http://

Interaction Results

The example output as seen on the interactor due to a the Log4J vulnerability being found in an asset.

;; ANSWER SECTION:

   
    .
    
     .	3600	IN	A	
     
      

;; AUTHORITY SECTION:

      
       .
       
        . 3600 IN NS ns1.
        
         . 
         
          .
          
           . 3600 IN NS ns2.
           
            .

- represents the line number of the target in the target file

Owner

BCC Risk Advisory

GitHub Repository

A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

arp_spoof_detector A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3 Usage: git clone ht

1 Oct 30, 2021

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

3.5k Jan 09, 2023

Mad Spammer is a python webhook spammer which is very easy and safe to use.

Mad Spammer 👿 Pre-Setup: Open your terminal/console and type: pip install module colorama python MadSpammer.py Setup: After doing that, you should be

1 Nov 26, 2021

Chapter 1 of the AWS Cookbook

Chapter 1 - Security Set and export your default region: export AWS_REGION=us-east-1 Set your AWS ACCOUNT ID:: AWS_ACCOUNT_ID=$(aws sts get-caller-ide

30 Nov 27, 2022

Domain abuse scanner covering domainsquatting and phishing keywords.

🦷 monodon 🐋 Domain abuse scanner covering domainsquatting and phishing keywords. Setup Monodon is a Python 3.7+ programm. To setup on a Linux machin

2 Mar 15, 2022

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT. This repository includes tools and documentation for the Cryptick device.

1 Dec 31, 2021

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

PocOrExp in Github 聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网注意：只通过通用的CVE号聚合，因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞，还是自己检索一下比较好 Usage python3 exp.py -h usage: ex

567 Dec 30, 2022

Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

CLOME TO TOOLS ME 😁 FITUR TOOLS RESULTS INSTALASI ____/-- INSTALLASI /+/+/+/ t

3 Jan 08, 2022

telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

CVE-2019-15514 Type: Information Disclosure Affected Users, Versions, Devices: All Telegram Users Still not fixed/unpatched. brute.py is available exp

66 Dec 08, 2022

Local File Inclusion Scanner and Exploiter

LFI-Paradise Local File Inclusion Scanner and Exploiter Features 1- Scanner 2- E

11 Sep 04, 2022

This is a Python program that implements a vacuum cleaner as an Artificial Intelligence.

Vacuum-Cleaner Python3 This is a Python3 agent that implements a simulator for a vacuum cleaner and it is introduction to Artificial Intelligence. A s

6 Nov 14, 2022

A simple Outline Server Access Key Copy and Paste Web Interface

Outline Keychain A simple Outline Server Access Key Copy and Paste Web Interface Developed for key and password export and copy & paste for other Shad

1 Dec 28, 2021

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

43 Dec 23, 2022

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Related tags

Overview

log4shell-poc-py

Example Output

Interaction Results

Owner

BCC Risk Advisory

A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

Mad Spammer is a python webhook spammer which is very easy and safe to use.

Chapter 1 of the AWS Cookbook

Domain abuse scanner covering domainsquatting and phishing keywords.

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

Local File Inclusion Scanner and Exploiter

This is a Python program that implements a vacuum cleaner as an Artificial Intelligence.

A simple Outline Server Access Key Copy and Paste Web Interface

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

A semi-automatic osint/recon framework.

A collection of intelligence about Log4Shell and its exploitation activity

Python & JavaScript Obfuscator made in Python 3.

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

This a simple tool XSS Detection Suite for CTFs games