Log4j 0day being exploited

This page summarizes the projects mentioned and recommended in the original post on /r/blueteamsec
Log4j2 cve-2021-44228 Scanner Security Logging

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • CVE-2021-44228-Scanner

    Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

    • This binaries are trustwhorthy?https://github.com/logpresso/CVE-2021-44228-Scanner

  • Apache Log4j 2

    Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

    • Update: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • apache-log4j-poc

    Discontinued Apache Log4j 远程代码执行

    • Exploit: https://github.com/tangxiaofeng7/apache-log4j-poc

  • Log4j-CVE-Detect

    Detections for CVE-2021-44228 inside of nested binaries

  • log4shelldetect

    Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

  • get-log4j-exploit-payload

  • log4shell_ioc_ips

    log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • local-log4j-vuln-scanner

    Simple local scanner for vulnerable log4j instances

  • Windowslog4jClassRemover

    • While most people that need to know probably already know enough to do what they need to do AND the information from the OP is way more complete than mine, I have not seen anyone create a Windows script that can remove the JndiLookup.class file from log4j-core JARs easily the way the zip command is able to on linux. So I thought I would post this here if anyone needs to do that... https://github.com/CrazyKidJack/Windowslog4jClassRemover

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts