marshalsec
tsunami-security-scanner
marshalsec | tsunami-security-scanner | |
---|---|---|
7 | 4 | |
3,211 | 8,138 | |
- | 0.6% | |
0.0 | 7.5 | |
over 1 year ago | about 10 hours ago | |
Java | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
marshalsec
-
How do I construct a curl command for a log4shell ldap server?
I'm using this: https://github.com/mbechler/marshalsec as an LDAP server.
-
A Study Notes of Exploit Spring Boot Actuator
According to the introduction in https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf, in addition to the javax.script.ScriptEngineManager class , we can also use the com.sun.rowset.JdbcRowSetImplclass to complete the exploitation through JNDI injection. The payload is as follows
-
Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide
Not sure if that method actually works since LDAP is a different protocol than HTTP? If you're running an HTTP server as the receiver, then your server is just going to be confused by the connection and it might not log anything. You either want to run an LDAP server like https://github.com/mbechler/marshalsec , or have some logging method that triggers on any TCP connection, or use a service like dnslog.cn that can log for you. (although I've seen a lot of companies are now specifically blocking that domain which seems silly).
- GitHub taking down tools allowing defenders to reproduce the Log4j vulnerability
- WTH
- Java Unmarshaller Security – Turning your data into code execution
- Log4j RCE Found
tsunami-security-scanner
- Qualys Community Edition for vuln. scanning?... limitations?
-
Log4j RCE Found
https://github.com/google/tsunami-security-scanner (I bet it would be easy to write a plugin for https://github.com/projectdiscovery/nuclei as well.)
To see if there are injection points statically, I work on a tool (https://github.com/returntocorp/semgrep) that someone else already wrote a check with: https://twitter.com/lapt0r/status/1469096944047779845 or look for the mitigation with `semgrep -e '$LOGGER.formatMsgNoLookups(true)' --lang java`. For the mitigation, the string should be unique enough that just ripgrep works well too.
-
Security and self-hosting, bumping a 7 months old thread
Thanks to you I just reenabled Tsunami https://github.com/google/tsunami-security-scanner. Also had software called something like vuln (blue logo with a yellow eye in the middle) running. but the hard disk of the server died --sadly and I can't remember how it was called.-- https://vuls.io/
-
Awesome Penetration Testing
Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
What are some alternatives?
Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
logging-log4j1 - Apache log4j1
Apache Log4j 2 - Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
awesome-pcaptools - A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
JNDIExploit - 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
docker-gvm - Docker container stack for GVM / OpenVAS
jdk8u - https://wiki.openjdk.org/display/jdk8u
scapy - Scapy: the Python-based interactive packet manipulation program & library.
go-cache - An in-memory key:value store/cache (similar to Memcached) library for Go, suitable for single-machine applications.
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
ZAP - The ZAP core project