log4j burp插件
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
请勿将本项目技术或代码应用在恶意软件制作、软件著作权/知识产权盗取或不当牟利等非法用途中。实施上述行为或利用本项目对非自己著作权所有的程序进行数据嗅探将涉嫌违反《中华人民共和国刑法》第二百一十七条、第二百八十六条,《中华人民共和国网络安全法》《中华人民共和国计算机软件保护条例》等法律规定。本项目提及的技术仅可用于私人学习测试等合法场景中,任何不当利用该技术所造成的刑事、民事责任均与本项目作者无关。
Purposes ? Hey there is abosolutely no need to do this we do it only to irritate
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF
xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/
Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru
unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe
TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works
Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss
Traceback (most recent call last):
File "/home/user/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py", line 17, in
2 Jan 24, 2022
118 Nov 7, 2022
588 Jan 9, 2023
364 Dec 30, 2022
16 Aug 30, 2022
86 Dec 31, 2022
29 Nov 9, 2022
162 Nov 25, 2022
7 Dec 7, 2022
at org.python.core.Py.ImportError(Py.java:329)
at org.python.core.imp.import_first(imp.java:1230)
at org.python.core.imp.import_module_level(imp.java:1361)
at org.python.core.imp.importName(imp.java:1528)
at org.python.core.ImportFunction.__call__(__builtin__.java:1285)
at org.python.core.PyObject.__call__(PyObject.java:433)
at org.python.core.__builtin__.__import__(__builtin__.java:1232)
at org.python.core.imp.importOne(imp.java:1547)
at org.python.pycode._pyx4.f$0(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py:373)
at org.python.pycode._pyx4.call_function(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1687)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:287)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at burp.ann.<init>(Unknown Source)
at burp.g8p.a(Unknown Source)
at burp.bf8.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
修复了bug,thanks @guguyu1
Source code(tar.gz)psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We
Home Assistant LDAP Auth Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container. Usage Deploy NGINX's l
CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update
The Devil's Eye searches the darkweb for information relating to the user's query and returns the results including .onion links and their description
PyArmor Homepage (中文版网站) Documentation(中文版) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine
GitLab-Wiki-RCE RCE Exploit for Gitlab 13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages Allows any user with push acc
Pupy Installation Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to u
getlevels A small Python Script To get all levels of subdomains Easily get 1st level, 2nd level, 3rd level, 4th level .... nth level subdomains Usag
M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform d
Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from
ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the effor
The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s
Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi
This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.
Bluetooth Simple Denial Of Service (DoS) Legal Note This project is made only for educational purposes and for helping in Proofs of Concept. The autho
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta
Encrypted diary Sample program to store confidential data. Provides encryption in the form of AES-256 with bcrypt KDF. Does not provide authentication
ORector is a Fast Python tool designed to detect open redirects vulnerabilities
truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident
Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec
1 Jan 06, 2022
1 Sep 21, 2022
10 Sep 25, 2022
135 Dec 31, 2022
1.9k Dec 30, 2022
52 Nov 09, 2022
7.4k Jan 04, 2023
9 Feb 15, 2022
1 Nov 11, 2021
9 Sep 21, 2022
380 Dec 28, 2022
48 Nov 26, 2022
1 Nov 02, 2022
6 Jul 13, 2022
1 Jan 09, 2022
9 Dec 30, 2022
1 Dec 25, 2021
11 Apr 02, 2022
10.1k Jan 09, 2023
2 Oct 29, 2022