SaaSHub helps you find the best software and product alternatives Learn more →
Marshalsec Alternatives
Similar projects and alternatives to marshalsec
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
gov-takedowns
Text of government takedown notices as received. GitHub does not endorse or adopt any assertion contained in the following notices.
-
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
JNDIExploit
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 (by 0x727)
-
tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
-
tsunami-security-scanner-plugins
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
marshalsec reviews and mentions
-
How do I construct a curl command for a log4shell ldap server?
I'm using this: https://github.com/mbechler/marshalsec as an LDAP server.
-
A Study Notes of Exploit Spring Boot Actuator
According to the introduction in https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf, in addition to the javax.script.ScriptEngineManager class , we can also use the com.sun.rowset.JdbcRowSetImplclass to complete the exploitation through JNDI injection. The payload is as follows
-
Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide
Not sure if that method actually works since LDAP is a different protocol than HTTP? If you're running an HTTP server as the receiver, then your server is just going to be confused by the connection and it might not log anything. You either want to run an LDAP server like https://github.com/mbechler/marshalsec , or have some logging method that triggers on any TCP connection, or use a service like dnslog.cn that can log for you. (although I've seen a lot of companies are now specifically blocking that domain which seems silly).
- GitHub taking down tools allowing defenders to reproduce the Log4j vulnerability
- WTH
- Java Unmarshaller Security – Turning your data into code execution
- Log4j RCE Found
-
A note from our sponsor - SaaSHub
www.saashub.com | 10 May 2024
Stats
mbechler/marshalsec is an open source project licensed under MIT License which is an OSI approved license.
The primary programming language of marshalsec is Java.
Popular Comparisons
Sponsored