log4j-scan-turbo
Sudomy
log4j-scan-turbo | Sudomy | |
---|---|---|
2 | 3 | |
27 | 1,852 | |
- | - | |
1.8 | 2.2 | |
over 2 years ago | 3 months ago | |
Shell | Shell | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4j-scan-turbo
- Example exploits for MacOS Endpoint Protection assessment
-
Meet log4j-scan-turbo
Sick of slow log4shell scanners? Meet log4j-scan-turbo! This multithreaded pure bash scanner uses curl + nohup to achieve 48 parallel threads while testing all jndi protocols, 84 headers, and the HTTP GET/POST methods. I recently finished building this script and it was able to scan 600 FQDNs/IPs in under an hour. Enjoy! https://github.com/ssstonebraker/log4j-scan-turbo
Sudomy
- Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting
- Non brute-forcing options/strategies to find subdomains
-
Looking for an API like builtwith.com (let's you know what technology is behind website), but one that's opensource, or at least is more startup friendly ....
That said, keep in mind that not everything is going to find its way indexed in Google. If it's subdomains you're after, you can use tools like Sublist3r or Sudomy to pull data from multiple sources (not just DNS).
What are some alternatives?
jailbox - Torify the system with multiple tor exit nodes and load balance.
Sublist3r - Fast subdomains enumeration tool for penetration testers
L4sh - Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.
Sn1per - Attack Surface Management Platform
log4jshield - Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
LazyRecon - An automated approach to performing recon for bug bounty hunting and penetration testing.
how-to-check-patch-secure-log4j-CVE-2021-44228 - A one-stop repo/ information hub for all log4j vulnerability-related information.
Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
webrecon - Automated Web Recon Shell Scripts
eReKon - Yet another web recon tool, rebuilding on t3 stack