log4shell-vulnerable-app
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228). (by christophetd)
log4shell-vulnerable-app | log4j-tools | |
---|---|---|
5 | 9 | |
1,091 | 169 | |
- | -0.6% | |
0.0 | 0.0 | |
8 days ago | about 2 years ago | |
Java | Java | |
Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4shell-vulnerable-app
Posts with mentions or reviews of log4shell-vulnerable-app.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-07.
- Finding the "practical" component for my thesis on Log4Shell
- looking for app that is vulnerable to log4j for testing
-
PSA: When there's a 0day, don't trust random people on the internet. Verify everything.
If you aren't sure exactly how this works I recommend trying the log4shell-vulnerable-app and test it yourself with something like dnslog.cn in a controlled/sandboxed environment.
- Log4j Vulnerability Cheatsheet
- Example Spring Boot Application Vulnerable to Log4j RCE
log4j-tools
Posts with mentions or reviews of log4j-tools.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-07.
-
Finding the "practical" component for my thesis on Log4Shell
Something like this https://github.com/jfrog/log4j-tools
- Log4j Vulnerability Scanning Tool from Jfrog
-
What I Learned About the Log4j Vulnerability
Use an open source vulnerability scanning tool to figure out if specific systems are affected. Jfrog released a tool that can help you determine if your code includes Log4j and a script that helps you find where Log4j is within your code.
-
Log4j - Realworld experiences?
JFrog has released one of the few tools which scans for it properly here - https://github.com/jfrog/log4j-tools
-
OSS Log4j Vulnerability Scanning Tools
TLDR: Download the OSS Log4j Vulnerability Scanning Tools from the JFrog GitHub repository to assess potential Log4j vulnerabilities in your source code or binaries
- jfrog/log4j-tools: tools for finding log4shell in jars and source
- Tools for finding log4shell in jars and source
- Scan your jars - log4j is everywhere
What are some alternatives?
When comparing log4shell-vulnerable-app and log4j-tools you can also consider the following projects:
log4j-affected-db - A community sourced list of log4j-affected software
grype - A vulnerability scanner for container images and filesystems
log4j-scan - A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.
log4jpwn - log4j rce test environment and poc