log4shell-vulnerable-app
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228). (by christophetd)
log4j-scanner
log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities. (by cisagov)
| log4shell-vulnerable-app | log4j-scanner | |
|---|---|---|
| 5 | 9 | |
| 1,091 | 1,250 | |
| - | - | |
| 0.0 | 4.7 | |
| 8 days ago | over 1 year ago | |
| Java | Java | |
| Apache License 2.0 | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4shell-vulnerable-app
Posts with mentions or reviews of log4shell-vulnerable-app.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-07.
- Finding the "practical" component for my thesis on Log4Shell
- looking for app that is vulnerable to log4j for testing
-
PSA: When there's a 0day, don't trust random people on the internet. Verify everything.
If you aren't sure exactly how this works I recommend trying the log4shell-vulnerable-app and test it yourself with something like dnslog.cn in a controlled/sandboxed environment.
- Log4j Vulnerability Cheatsheet
- Example Spring Boot Application Vulnerable to Log4j RCE
log4j-scanner
Posts with mentions or reviews of log4j-scanner.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-07.
-
Finding the "practical" component for my thesis on Log4Shell
https://github.com/cisagov/log4j-scanner https://github.com/fullhunt/log4j-scan https://github.com/portswigger/log4shell-scanner
- CISA log4j PS scanner
- So many different log4j scanner tools and scripts posted
-
Understanding and Exploiting Log4J Vulnerability
Alternately you can use cisagov/log4j-scanner to scan for log4j Vulnerability on your site.
- Log4PowerShell - A CVE-2021-44228 Proof of Concept / Demo I wrote in PowerShell
- Log4j scanners released by CISA, CrowdStrike
- GitHub - cisagov/log4j-scanner: log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
- Log4j RCE Scanner
What are some alternatives?
When comparing log4shell-vulnerable-app and log4j-scanner you can also consider the following projects:
log4j-affected-db - A community sourced list of log4j-affected software
CVE-2021-44228-Scanner - Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
log4j-scan - A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Log4jSherlock
Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.
Log4jAttackSurface
log4jpwn - log4j rce test environment and poc
Log4PowerShell - A Log4j writeup and Docker based PoC written in PowerShell
log4shell-vulnerable-app vs log4j-affected-db
log4j-scanner vs CVE-2021-44228-Scanner
log4shell-vulnerable-app vs log4j-scan
log4j-scanner vs Log4jSherlock
log4shell-vulnerable-app vs Log4j-RCE-Scanner
log4j-scanner vs Log4jAttackSurface
log4shell-vulnerable-app vs log4jpwn
log4j-scanner vs Log4PowerShell