log4j-log4shell-affected
log4j-shell-poc
log4j-log4shell-affected | log4j-shell-poc | |
---|---|---|
3 | 2 | |
53 | 1,718 | |
- | - | |
0.0 | 0.0 | |
over 2 years ago | 3 months ago | |
Python | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4j-log4shell-affected
-
Known applications that use Spring Framework
When Log4J hit, someone had the forethought to publish a list of affected applications on GITHUB.
- Given the recent Log4J exploit, what widely used linux apps should we be careful with until they are patched?
-
US warns hundreds of millions of devices at risk from newly revealed software vulnerability
That being said, I've been keeping an eye out on this Github tracker that consolidates responses from vendors so at least we can see their statements: https://github.com/authomize/log4j-log4shell-affected
log4j-shell-poc
-
log4j shell poc with User-Agent payload
https://github.com/kozmer/log4j-shell-poc/blob/main/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java line 31
What are some alternatives?
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
L4sh - Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
spring4shell - Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework
log4jpwn - log4j rce test environment and poc
log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
py4jshell - Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.
log4j-finder - Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
awesome-list-of-secrets-in-environment-variables - 🦄🔒 Awesome list of secrets in environment variables 🖥️