apache-log4j-poc vs nuclei-templates

apache-log4j-poc

Apache Log4j 远程代码执行 (by tangxiaofeng7)

Suggest topics

DISCONTINUED

Suggest alternative

Edit details

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities. (by projectdiscovery)

nuclei-templates nuclei Bugbounty Security nuclei-checks Exploits exploit-development vulnerability-detection Fingerprint HacktoberFest

Source Code

github.com

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

apache-log4j-poc		nuclei-templates
	Project
3	Mentions	13
105	Stars	8,057
-	Growth	1.8%
3.8	Activity	10.0
over 2 years ago	Latest Commit	5 days ago
Java	Language	JavaScript
-	License	MIT License

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

apache-log4j-poc

Posts with mentions or reviews of apache-log4j-poc. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-12-10.

2021-12-10 - Cool Query Friday - Hunting Apache Log4j CVE-2021-44228 (Log4Shell)
4 projects | /r/crowdstrike | 10 Dec 2021

Proof of Concept
Log4j 0day being exploited
10 projects | /r/blueteamsec | 9 Dec 2021

Exploit: https://github.com/tangxiaofeng7/apache-log4j-poc
Log4j RCE Found
32 projects | news.ycombinator.com | 9 Dec 2021

Are there any mitigations in recent JVMs?
I tried reproducing this, and got the POC to hit the LDAP server, but it wouldn't load the test payload.
See also:
- https://github.com/tangxiaofeng7/apache-log4j-poc

nuclei-templates

Posts with mentions or reviews of nuclei-templates. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-10-06.

Script kiddie tools preferred by the hackers of this channel?
1 project | /r/hacking | 8 Jul 2023

Check https://github.com/projectdiscovery/nuclei mostly for CVEs.
Link CVE to installed applications?
1 project | /r/AskNetsec | 13 Apr 2023

Otherwise your on the right path checkout the open source Greenbones OpenVAS (this was Nessus before they closed source and became corporate) or Project Discovery Nuclei
Attack simulation tool based on CVE
4 projects | /r/redteamsec | 6 Oct 2022

Nmap can run scripts that trigger NIPS, as does Nuclei. https://nmap.org/ & https://github.com/projectdiscovery/nuclei you can look at a list of vuln scanners here. https://owasp.org/www-community/Vulnerability_Scanning_Tools. Nessus would be a common one to look at for Enterprise. Rapid 7, Qualys.
XSS vulnerabilities discovered in ServiceNow - CVE-2022-38463
1 project | /r/TutorialBoy | 5 Sep 2022

I created a nuclei template and scanned the bug bounty programs with nuclei and found that many companies were vulnerable to this.
Are there any good automated attack tools besides Pentera?
4 projects | /r/cybersecurity | 10 May 2022
Free vulnerability scanners
2 projects | /r/cybersecurity | 29 Apr 2022

Nuclei might be a good option: https://github.com/projectdiscovery/nuclei
Spring4Shell: An Application Vulnerable to RCE
2 projects | /r/TutorialBoy | 11 Apr 2022

Recently one of the security researchers has built a Nuclei Template to Detect Spring4Shell, This template can be easily run to scan for Spring4Shell on your Networking, routing, or security devices inside your network. Template Link: https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2022/CVE-2022-22965.yaml
GitHub - projectdiscovery/nuclei: Fast and customizable vulnerability scanner based on simple YAML based DSL.
1 project | /r/RedSec | 24 Mar 2022
Almost every publicly available CVE PoC
3 projects | news.ycombinator.com | 15 Feb 2022

For a curated collection of CVE PoCs that is continuously updated by the bug bounty community, check out the projectdiscovery nuclei repo: https://github.com/projectdiscovery/nuclei-templates/tree/ma...
Log4j RCE Found
32 projects | news.ycombinator.com | 9 Dec 2021

https://github.com/google/tsunami-security-scanner (I bet it would be easy to write a plugin for https://github.com/projectdiscovery/nuclei as well.)
To see if there are injection points statically, I work on a tool (https://github.com/returntocorp/semgrep) that someone else already wrote a check with: https://twitter.com/lapt0r/status/1469096944047779845 or look for the mitigation with `semgrep -e '$LOGGER.formatMsgNoLookups(true)' --lang java`. For the mitigation, the string should be unique enough that just ripgrep works well too.

What are some alternatives?

When comparing apache-log4j-poc and nuclei-templates you can also consider the following projects:

rogue-jndi - A malicious LDAP server for JNDI injection attacks

PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF

lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Awesome-Bugbounty-Writeups - A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

log4shell_ioc_ips - log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)

Apache Log4j 2 - Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

CVE-2021-44228-Scanner - Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed - This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

CVE-2021-44228-Log4Shell-Hashes - Hashes for vulnerable LOG4J versions

Spring4Shell-POC - This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

jdk8u - https://wiki.openjdk.org/display/jdk8u

Sn1per - Attack Surface Management Platform

apache-log4j-poc vs rogue-jndi nuclei-templates vs PayloadsAllTheThings apache-log4j-poc vs lunasec nuclei-templates vs Awesome-Bugbounty-Writeups apache-log4j-poc vs log4shell_ioc_ips nuclei-templates vs Apache Log4j 2 apache-log4j-poc vs CVE-2021-44228-Scanner nuclei-templates vs Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed apache-log4j-poc vs CVE-2021-44228-Log4Shell-Hashes nuclei-templates vs Spring4Shell-POC apache-log4j-poc vs jdk8u nuclei-templates vs Sn1per

Compare apache-log4j-poc vs nuclei-templates and see what are their differences.

apache-log4j-poc

nuclei-templates

apache-log4j-poc

nuclei-templates

What are some alternatives?