log4shell-vulnerable-app
canarytokens
log4shell-vulnerable-app | canarytokens | |
---|---|---|
5 | 27 | |
1,091 | 1,657 | |
- | 1.2% | |
0.0 | 8.5 | |
8 days ago | 3 days ago | |
Java | Python | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4shell-vulnerable-app
- Finding the "practical" component for my thesis on Log4Shell
- looking for app that is vulnerable to log4j for testing
-
PSA: When there's a 0day, don't trust random people on the internet. Verify everything.
If you aren't sure exactly how this works I recommend trying the log4shell-vulnerable-app and test it yourself with something like dnslog.cn in a controlled/sandboxed environment.
- Log4j Vulnerability Cheatsheet
- Example Spring Boot Application Vulnerable to Log4j RCE
canarytokens
- 1Password detects "suspicious activity" in its internal Okta account
-
#Anonymous - AK - RABBIT MEET HOLE - #TheDEWFiles 3,000+ Docs On Tons Patents Various Tech, Studies, Research by TONs of Scientists on DEWs & Alternative Energy (Includes Aerospace Companies.)
Get a free OS in a VMand open any files in there. You should not trust a random batch of potentially backdoored or canarytoken'ed files
- What screams "I'm insecure"?
-
In your experience, what were some unconventional signs that there's a malware inside your network?
Throw some honeytokens/canarytokens on key systems. Thinkst has a free option where you can drop Word docs, PDF, AWS keys, etc. that will send you an email or webhook if they're ever used. https://canarytokens.org
-
IF you did door knocking, what would you leave behind?
QR code with some pdfs from inside a canarytokens.org folder.
- Increase in LockBit Ransomware
-
Worried someone has (or may gain) access to your UoG account? Try Canarytokens
You can generate Canarytokens for free on their website: https://www.canarytokens.org/generate. They're open-source, so if you're technically-inclined, you can run the software yourself: https://github.com/thinkst/canarytokens. All the documentation is here: https://docs.canarytokens.org/guide/.
- 1 minute Canaries
-
Please help me with internet stalker
I do not think a trap or "phishing link" is a good idea if she are getting serious threats! But it is not too hard, you can generate a few with here and if somebody opens the link you will get an email containing the time and IP address of who opened it: https://canarytokens.org (note that, you can not really do much with these information on your own).
-
Someone sending offensive material to people in our google domain
Good tip, OP could use this for quick setup. https://canarytokens.org
What are some alternatives?
log4j-affected-db - A community sourced list of log4j-affected software
postman-app-support - Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
log4j-scan - A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
tailscale - The easiest, most secure way to use WireGuard and 2FA.
Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.
cli - Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
log4jpwn - log4j rce test environment and poc
cli - GitHub’s official command line tool
anvil-runtime - The runtime engine for hosting Anvil web apps
hackclub - 🌎 Hack Club is a worldwide community of high school hackers. We make things. We help one another. We have fun.
Metabase - The simplest, fastest way to get business intelligence and analytics to everyone in your company :yum:
trufflehog - Find and verify secrets