Today is a bad day to run a VMWare cluster with thousands of java apps.

1. Logout4Shell

   1 34 1,709 2.6 Java

   Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

   

   Did you see this? https://www.cybereason.com/blog/cybereason-releases-vaccine-to-prevent-exploitation-of-apache-log4shell-vulnerability-cve-2021-44228 Originally seen in r/netsec and r/cybersecurity Git: https://github.com/Cybereason/Logout4Shell

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. log4shelldetect

   2 3 45 0.0 Go

   Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

   

   I'm not sure what you mean. You can deploy a built binary over your network and run it on all your servers. For example: curl -sSL https://github.com/1lann/log4shelldetect/releases/download/v0.0.2/log4shelldetect_0.0.2_Linux_x86_64.tar.gz | tar -C /tmp/ -zxf - log4shelldetect && /tmp/log4shelldetect -mode list /path/to/scan 2>/dev/null would download and extract the prebuilt binary to /tmp, and run it scanning at /path/to/scan, only outputting paths to potentially vulnerable .jars and ignoring warnings. You can replace the URL with your own build or distribute your own build as you wish.

4. Empire

   3 7 5,966 0.0 PowerShell

   Discontinued Empire is a PowerShell and Python post-exploitation agent.

   

   PowerShell Empire is a post-exploitation framework written primarily in PowerShell. It is something to consider from a security perspective if remote PowerShell commands are enabled in the environment.

Suggest a related project