rogue-jndi VS tsunami-security-scanner

Compare rogue-jndi vs tsunami-security-scanner and see what are their differences.

rogue-jndi

A malicious LDAP server for JNDI injection attacks (by veracode-research)
Suggest topics
Source Code
Suggest alternative
Edit details

tsunami-security-scanner

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. (by google)
Suggest topics
Source Code
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
rogue-jndi tsunami-security-scanner
1 4
974 8,121
0.5% 0.5%
0.0 7.5
7 months ago 9 days ago
Java Java
MIT License Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

rogue-jndi

Posts with mentions or reviews of rogue-jndi. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-12-09.
  • Log4j RCE Found
    32 projects | news.ycombinator.com | 9 Dec 2021
    - https://github.com/veracode-research/rogue-jndi

    Minecraft servers were being actively exploited according to various tweets.

tsunami-security-scanner

Posts with mentions or reviews of tsunami-security-scanner. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-12-09.
  • Qualys Community Edition for vuln. scanning?... limitations?
    1 project | /r/sysadmin | 2 May 2022
  • Log4j RCE Found
    32 projects | news.ycombinator.com | 9 Dec 2021
    https://github.com/google/tsunami-security-scanner (I bet it would be easy to write a plugin for https://github.com/projectdiscovery/nuclei as well.)

    To see if there are injection points statically, I work on a tool (https://github.com/returntocorp/semgrep) that someone else already wrote a check with: https://twitter.com/lapt0r/status/1469096944047779845 or look for the mitigation with `semgrep -e '$LOGGER.formatMsgNoLookups(true)' --lang java`. For the mitigation, the string should be unique enough that just ripgrep works well too.

  • Security and self-hosting, bumping a 7 months old thread
    2 projects | /r/selfhosted | 22 Nov 2021
    Thanks to you I just reenabled Tsunami https://github.com/google/tsunami-security-scanner. Also had software called something like vuln (blue logo with a yellow eye in the middle) running. but the hard disk of the server died --sadly and I can't remember how it was called.-- https://vuls.io/
  • Awesome Penetration Testing
    124 projects | dev.to | 6 Oct 2021
    Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

What are some alternatives?

When comparing rogue-jndi and tsunami-security-scanner you can also consider the following projects:

apache-log4j-poc - Apache Log4j 远程代码执行

logging-log4j1 - Apache log4j1

Apache Log4j 2 - Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

awesome-pcaptools - A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

terminal-escape-injections - A repository dedicated to terminal escape injections.

docker-gvm - Docker container stack for GVM / OpenVAS

log4j-patch - Non intrusive log4j2 RCE vulnerability patch.

scapy - Scapy: the Python-based interactive packet manipulation program & library.

marshalsec

go-cache - An in-memory key:value store/cache (similar to Memcached) library for Go, suitable for single-machine applications.

jdk8u - https://wiki.openjdk.org/display/jdk8u

ZAP - The ZAP core project

rogue-jndi vs apache-log4j-poc tsunami-security-scanner vs logging-log4j1 rogue-jndi vs Apache Log4j 2 tsunami-security-scanner vs awesome-pcaptools rogue-jndi vs terminal-escape-injections tsunami-security-scanner vs docker-gvm rogue-jndi vs log4j-patch tsunami-security-scanner vs scapy rogue-jndi vs marshalsec tsunami-security-scanner vs go-cache rogue-jndi vs jdk8u tsunami-security-scanner vs ZAP