log4j burp插件
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
请勿将本项目技术或代码应用在恶意软件制作、软件著作权/知识产权盗取或不当牟利等非法用途中。实施上述行为或利用本项目对非自己著作权所有的程序进行数据嗅探将涉嫌违反《中华人民共和国刑法》第二百一十七条、第二百八十六条,《中华人民共和国网络安全法》《中华人民共和国计算机软件保护条例》等法律规定。本项目提及的技术仅可用于私人学习测试等合法场景中,任何不当利用该技术所造成的刑事、民事责任均与本项目作者无关。
Purposes ? Hey there is abosolutely no need to do this we do it only to irritate
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF
xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/
Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru
unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe
TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works
Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss
Traceback (most recent call last):
File "/home/user/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py", line 17, in
2 Jan 24, 2022
118 Nov 7, 2022
588 Jan 9, 2023
364 Dec 30, 2022
16 Aug 30, 2022
86 Dec 31, 2022
29 Nov 9, 2022
162 Nov 25, 2022
7 Dec 7, 2022
at org.python.core.Py.ImportError(Py.java:329)
at org.python.core.imp.import_first(imp.java:1230)
at org.python.core.imp.import_module_level(imp.java:1361)
at org.python.core.imp.importName(imp.java:1528)
at org.python.core.ImportFunction.__call__(__builtin__.java:1285)
at org.python.core.PyObject.__call__(PyObject.java:433)
at org.python.core.__builtin__.__import__(__builtin__.java:1232)
at org.python.core.imp.importOne(imp.java:1547)
at org.python.pycode._pyx4.f$0(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py:373)
at org.python.pycode._pyx4.call_function(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1687)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:287)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at burp.ann.<init>(Unknown Source)
at burp.g8p.a(Unknown Source)
at burp.bf8.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
修复了bug,thanks @guguyu1
Source code(tar.gz)MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.
一款利用加载器以及Python反序列化绕过AV的在线免杀工具 因为打包方式的局限性,不能跨平台,若要生成exe格式的只能在Windows下运行本项目 打包速度有点慢,提交后稍等一会 开发环境及运行 前端使用Bootstrap框架,后端使用Django框架 。
Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools
Python Code Obfuscator A handy and necessary tool that can protect your code anytime! Mostly Command Line tool that will obfuscate your code. Features
Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co
Proof of Concept GnuCash Webinterface This may one day be a something truly great. Milestones [ ] Browse accounts and view transactions [ ] Record sim
advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca
notForbidden Security tool to test different bypass of forbidden Usage python3 notForbidden.py URL Features Bypass with different methods (POST, OPT
Overview NS-Defacer is a auto html injecter, In other words It's a auto defacer
使用方法&免责声明 该脚本为Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)。 使用方法:Python CVE-2020-17519.py urls.txt urls.txt 中每个url为一行,漏洞地址输出在vul.txt中 影响版本: Apache Flink 1
hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh
Strong-password-Generator-from-existing-password-using-python In this program, I generate the strong password from existing password without class usi
SLmail5.5-Exploit-BoF Buffer Overflow para SLmail5.5 32 bits con un par de utilidades para que puedas hacer el tuyo REQUISITOS PARA QUE FUNCIONE: Desa
Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |
By: Seanpm2001, Et; Al. Top README.md Read this article in a different language Sorted by: A-Z Sorting options unavailable ( af Afrikaans Afrikaans |
What is Buff? A simple BOF library I wrote under an hour to help me automate with BOF attack. It comes with fuzzer and a generic method to generate ex
CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5 products. Follow the Horizon3.ai Attack Team on Twitter for the latest security research: Ho
Subdomain enumeration,Web scraping and finding usernames automation script written in python
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this
150 Jan 03, 2023
172 Nov 28, 2022
34 Nov 21, 2022
5 Nov 18, 2022
854 Dec 30, 2022
14 Dec 28, 2022
121 Dec 14, 2022
6 Sep 08, 2022
10 Nov 19, 2022
45 Sep 21, 2022
17 Apr 05, 2022
4 Sep 24, 2021
15 Jul 30, 2022
76 Nov 09, 2022
2 Sep 12, 2022
3 Nov 21, 2022
231 Dec 07, 2022
12 Nov 22, 2022
117 Nov 28, 2022