py4jshell
Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code. (by Narasimha1997)
log4j-shell-poc
A Proof-Of-Concept for the CVE-2021-44228 vulnerability. (by kozmer)
| py4jshell | log4j-shell-poc | |
|---|---|---|
| 3 | 2 | |
| 86 | 1,718 | |
| - | - | |
| 2.6 | 0.0 | |
| over 2 years ago | 3 months ago | |
| Python | Python | |
| GNU General Public License v3.0 or later | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
py4jshell
Posts with mentions or reviews of py4jshell.
We have used some of these posts to build our list of alternatives
and similar projects.
- GitHub - Narasimha1997/py4jshell: Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.
-
py4jshell
Simulating Log4j Remote Code Execution (RCE) CVE-2021-44228 vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution on URLs. This repository is a POC of how Log4j remote code execution vulnerability works. Link to repository
log4j-shell-poc
Posts with mentions or reviews of log4j-shell-poc.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-03-27.
-
log4j shell poc with User-Agent payload
https://github.com/kozmer/log4j-shell-poc/blob/main/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java line 31
What are some alternatives?
When comparing py4jshell and log4j-shell-poc you can also consider the following projects:
L4sh - Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
EJS-Exploit - Remote Code Execution EJS Web Applications using express-fileupload
log4jpwn - log4j rce test environment and poc
SQLMap - Automatic SQL injection and database takeover tool
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
log4j-finder - Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
awesome-list-of-secrets-in-environment-variables - 🦄🔒 Awesome list of secrets in environment variables 🖥️