log4j-detector
CVE-2021-44228-PoC-log4j-bypass-words
| log4j-detector | CVE-2021-44228-PoC-log4j-bypass-words | |
|---|---|---|
| 8 | 8 | |
| 631 | 924 | |
| 0.0% | - | |
| 0.0 | 0.0 | |
| about 2 years ago | over 2 years ago | |
| Java | Java | |
| GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4j-detector
-
Continuing log4j detection
If you don't have server scanning tools like Nessus or Tenable that are capable of detecting log4j (nested or mitigsted), you could set up ad-hoc scanning with an open source tool like https://github.com/mergebase/log4j-detector
- Show HN: Log4j-detector – Finds all Log4j versions on a given file-system
-
Does Log4J require Java to be installed?
No- if you want to determine if a server is vulnerable this is actually the best script which is currently out there: https://github.com/mergebase/log4j-detector
-
Log4j Windows Scanner
There's also https://github.com/mergebase/log4j-detector, which is from MergeBase (a software composition analysis company).
- Welp, how's your LOG4J remediation coming along?
- log4j-detector: Detects log4j versions on your file-system, including deeply recursively nested copies (zips inside zips inside zips).
- Detects Log4j versions on your file-system
- Log4j 0day being exploited (mega thread/ overview)
CVE-2021-44228-PoC-log4j-bypass-words
-
Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec - v2.15 of Log4j has an RCE
WAF is also playing whackamole given all the ways to bypass simple rules
-
A Blog about detection of Log4Shell
More specifically this section https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
- JNDI Log4j exploit bypass word filters
- LOG4J bypass words
What are some alternatives?
log4j-scanner - Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
black-hat-rust - Applied offensive security with Rust - https://kerkour.com/black-hat-rust
log4jshield - Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera - 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
PowerShellSnippets
log4j-log4shell-affected - Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability
LAZYPARIAH - A tool for generating reverse shell payloads on the fly.
log4j-shell-poc - A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
pocbrowser - Scrape websites to find PoCs for CVEs
cve - Gather and update all available and newest CVEs with their PoC.