Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

Related tags

Security related resourceslog4j-finder
Overview

log4j-finder

A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk and inside Java Archive files (JARs).

log4j-finder results

Usage

Example usage to scan a path (defaults to /):

$ python3 log4j-finder.py /path/to/scan

Or directly a JAR file:

$ python3 log4j-finder.py /path/to/jarfile.jar

Or multiple directories and or files:

$ python3 log4j-finder.py /path/to/dir1 /path/to/dir2 /path/to/jarfile.jar

Files or directories that cannot be accessed (Permission denied errors) are not printed. If you want to see more output, you can give the -v flag for verbose, or -vv for debug mode (only recommended for debugging purposes).

Comments
  • Windows - Export results to a file

    Windows - Export results to a file

    Looking to somehow run this EXE on all our Windows systems remotely and then somehow aggregate all the results and parse looking for findings.. Any work on possibly implementing this? Thanks for all the hard work!

    opened by kmccb 8
  • zipfile.Path is 3.8+ only

    zipfile.Path is 3.8+ only

    Your doco says python 3.6+ but you're using zipfile.Path that wasn't introduced until 3.8. Just FYI. So this can't be used on any RHEL boxes without custom python installs.

    opened by scoggins 7
  • Errors on one certain server - too long filename perhaps?

    Errors on one certain server - too long filename perhaps?

    Hi,

    One of my servers spits out an error. I've replaced the servername and username.

    My first wild guess is that the path is too long and the application can't handle that. But that's just a wild guess on the first glance at the path. Do note that the broken lines is copied as-is from the output I got.

    Traceback (most recent call last):
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : _<servername>_
Traceback (most recent call last):
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : _<servername>_

  File "log4j-finder.py", line 298, in <module>
  File "log4j-finder.py", line 298, in <module>

  File "log4j-finder.py", line 264, in main
  File "log4j-finder.py", line 264, in main

  File "pathlib.py", line 1193, in open
  File "pathlib.py", line 1193, in open

  File "pathlib.py", line 1046, in _opener
  File "pathlib.py", line 1046, in _opener

FileNotFoundError
FileNotFoundError
:
:
[Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application
 Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Appli
cation Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
[Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\App
lication Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
[
[
3189
3189
7
7
2] Failed
2] Failed
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
to execute
to execute
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
script l
script l
o
o
g4j-finder
g4j-finder
    opened by erottier 5
  • Adding -q option ?

    Adding -q option ?

    • WHAT ? One-liner output for each discovered log4j-core-2.x.jar file.
    [[email protected] log4j-finder]$ sudo ./dist/log4j-finder -bq  /tmp
$HOSTNAME [shorter timestamp ] VULNERABLE: /tmp/apache-log4j-2.8-bin/log4j-core-2.8.jar -> org/apache/logging/log4j/core/net/JndiManager.class [415c13e7c8505fb056d540eac29b72fa: log4j 2.7 - 2.8.1]
[[email protected] log4j-finder]$
    • WHY ? So that it is better used with CM tool like saltstack/ansible tools. -b option to exclude banner is still too much verbose for me.
    [[email protected] log4j-finder]$ sudo ./dist/log4j-finder -bq  /tmp
usage: log4j-finder [-h] [-v] [-n] [-b] [PATH ...]
log4j-finder: error: argument -b/--no-banner: ignored explicit argument 'q'
[[email protected] log4j-finder]$ sudo ./dist/log4j-finder -b  /tmp
[2021-12-16 20:55:05.573146] Scanning: /tmp
[2021-12-16 20:55:05.596662] VULNERABLE: /tmp/apache-log4j-2.8-bin/log4j-core-2.8.jar -> org/apache/logging/log4j/core/net/JndiManager.class [415c13e7c8505fb056d540eac29b72fa: log4j 2.7 - 2.8.1]
[2021-12-16 20:55:05.679576] Finished scan, elapsed time: 0.11 seconds

Summary:
 Processed 291 files and 23 directories
 Scanned 44 files
  Found 1 vulnerable files

Elapsed time: 0.11 seconds
[[email protected] log4j-finder]$
    opened by tjyang 5
  • Trojan-Downloader.Win32.Bitser infection found in log4j-finder.exe

    Trojan-Downloader.Win32.Bitser infection found in log4j-finder.exe

    Kaspersky Anti-Virus found this on .exe file

    Type: Cheval de Troie Nom: Trojan-Downloader.Win32.Bitser.cue Exactitude: Exactement Niveau de menace: Élevé Type d'objet: Fichier Nom de l'objet: log4j-finder.exe Chemin de l'objet: *********** MD5: 0E08555A17CA3E08D02DBD4CFB87C1AA Raison: Consigné dans le rapport

    Kind regards. Jipi69

    opened by JIPI69 5
  • Documentation should explicitly mention that other archive file types are NOT scanned

    Documentation should explicitly mention that other archive file types are NOT scanned

    I think the documentation should explicitly mention that only JAR, EAR and WAR files are scanned.

    For example, often a rolled out software comes in the form of a ZIP file or RAR, TAR, TAR.GZ (TGZ), TAR.BZ2 or platform-specific files types like an extractable EXE or MSI files.

    Other programming languages use ZIP the file format but with a different suffix as an archive format as well, e.g. Python uses the WHL suffix.

    Such archive files might contain Java classes as well, probably wrapped in *.JAR archives inside the outer archive.

    These file types will not be scanned and I think this should be mentioned.

    opened by hvbtup 4
  • Access Denied even after elevating cmd

    Access Denied even after elevating cmd

    Hello Team,

    Thanks for developing this tool. I was trying to run it on my PC(windows), just installed python and ran it as explained by you, however, I am seeing a lot of access denied(even after opening cmd as admin and running if from there).

    Is there a way to give it privilges?

    opened by laroshkhan 4
  • Critical issue on Windows

    Critical issue on Windows

    @yunzheng : you use standard path libraries for the lookups of files in zip files: this approach is incorrect.

    image

    On windows the Exception will always be hit becasue the path for lookup of the class gets passed in the wrong format:

    'org\\apache\\logging\\log4j\\core\\lookup\\JndiLookup.class'

    rather than

    'org/apache/logging/log4j/core/lookup/JndiLookup.class'

    And since you have defaulted to setting has_lookup = False, VULNERABLE jars are being labeled PATCHED.

    This is very bad if people using windows are to rely on your tool...

    The behavior is inconsistent across your codebase... this is OK:

    image

    Furtheron it is not OK:

    image

    opened by KrisJanssen 3
  • Show patched .jar files as PATCHED (removal of JndiLookup.class)

    Show patched .jar files as PATCHED (removal of JndiLookup.class)

    Following the official Apache Log4j 2.x mitigation regarding the removal of JndiLookup class, these JAR files will now show up as PATCHED.

    More info regarding the removing of JndiLookup.class is described here: https://logging.apache.org/log4j/2.x/security.html

    opened by yunzheng 3
  • Revert

    Revert "Remove incorrect has_lookup=False for JndiLookup.class"

    Reverts fox-it/log4j-finder#36

    The old behaviour was actually correct, when there is a KeyError, it means no JndiLookup.class file is found. However the KeyError was also triggered due to non posix paths on Windows, that is now fixed in #37.

    opened by yunzheng 1
  • Perhaps mention you need python 3.8.10 to support win7

    Perhaps mention you need python 3.8.10 to support win7

    Because when created with 3.9 or 3.10 the binary will not work, and result in "api-ms-win-core-path-l1-1-0.dll is missing"

    It says so on the download page of python.org, but it can't hurt to mention it.

    (lower is obviously also possible, but 3.8.10 is easiest to use in this case)

    opened by jkommeren 1
  • Signed Windows Binary Out-Of-Date

    Signed Windows Binary Out-Of-Date

    Hello,

    Thank you so much for providing the python script and binary. Are you able to release a new binary and signed version since the log4j version 2.17.1 is not recognized as clean ?

    Thank you !

    opened by SKAatGIT 0
  • Added option to store results in a file preserving color highlighting…

    Added option to store results in a file preserving color highlighting…

    … in addition to stdout. Added option to then view stored results displaying saved color highlighting.

    In other words not only are results displayed on the screen (stdout) in real time but are also saved in a file that can be viewed later with the same color highlighting. This is especially useful on Windows since piping to something like Tee loses color highlighting.

    opened by brian-oster-acme 0
  • quick + dirty multipass scan feature

    quick + dirty multipass scan feature

    Quick + dirty multi-pass scan feature

    • added multi-pass flag (skips zip files)
    • added input flag (ingests list of zip files)
    • added output flag (writes list of zip files)
    opened by B3K7 1
  • script (binary) requires executable option on /tmp mount

    script (binary) requires executable option on /tmp mount 

    [[email protected] tmp]# mount | grep /tmp
/dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
[[email protected] tmp]# /srv/log4j-finder 
/srv/log4j-finder: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted
[[email protected] tmp]# mount /tmp -o remount,exec
[[email protected] tmp]# mount | grep /tmp
/dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,relatime,seclabel,attr2,inode64,noquota)
[[email protected] tmp]# /srv/log4j-finder 
 __               _____  __         ___ __           __
|  |.-----.-----.|  |  ||__|______.'  _|__|.-----.--|  |.-----.----.
|  ||  _  |  _  ||__    |  |______|   _|  ||     |  _  ||  -__|   _|
|__||_____|___  |   |__||  |      |__| |__||__|__|_____||_____|__|
          |_____|      |___| v1.2.0 https://github.com/fox-it/log4j-finder

[2021-12-30 15:29:02] host Scanning: /
^C
Aborted!

    this is not expected, especially not from a security scan utility, as noexec is set with a reason on /tmp mount point. It would be nice to provide a different tmp dir for the binary.

    opened by rule88 2
  • redhat linux 6 glibc_2.14 not found error

    redhat linux 6 glibc_2.14 not found error

    on RHEL6 I see:

    [22407] Error loading Python lib '/tmp/_MEI7VUFgo/libpython3.7m.so.1.0': dlopen: /lib64/libc.so.6: version 'GLIBC_2.14' not found (required by /tmp/_MEI7VUFgo/libpython3.7m.so.1.0)

    When I compile and install glibc-2.14 manually and export as an env variable, I get:

    export LD_LIBRARY_PATH=/var/opt/glibc-2.14/lib && /tmp/log4j-finder -b
Traceback (most recent call last):
  File "log4j-finder.py", line 29, in <module>
  File "/root/.pyenv/versions/3.7.5/lib/python3.7/site-packages/PyInstaller/loader/pyimod03_importers.py", line 623, in exec_module
  File "platform.py", line 116, in <module>
  File "/root/.pyenv/versions/3.7.5/lib/python3.7/site-packages/PyInstaller/loader/pyimod03_importers.py", line 623, in exec_module
  File "subprocess.py", line 153, in <module>
ImportError: /var//opt/glibc-2.14/lib/libc.so.6: version `GLIBC_2.15' not found (required by /tmp/_MEIWmgHt6/select.cpython-37m-x86_64-linux-gnu.so)

    You guessed it, so I build and compiled glibc-2.15 too, and then it gives again the first error.

    What I don't understand is that seemingly it's not using these glibc versions:

    objdump -T /tmp/log4j-finder

/tmp/log4j-finder:     file format elf64-x86-64

DYNAMIC SYMBOL TABLE:
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strcat_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 getenv
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __snprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 raise
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 free
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __vfprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 unlink
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncpy
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncmp
0000000000000000  w   D  *UND*  0000000000000000              _ITM_deregisterTMCloneTable
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcpy
0000000000000000      DF *UND*  0000000000000000              inflate
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mkdir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 ferror
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fread
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mbstowcs
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setenv
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 getpid
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fclose
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 opendir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 stpcpy
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 rmdir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strlen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setbuf
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strchr
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dirname
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 memset
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strnlen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncat
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.4   __realpath_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 closedir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __strdup
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __libc_start_main
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 wcsncpy
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 calloc
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcmp
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 signal
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 ftell
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 feof
0000000000000000  w   D  *UND*  0000000000000000              __gmon_start__
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 clearerr
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3   realpath
0000000000000000      DF *UND*  0000000000000000              inflateEnd
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 kill
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __xpg_basename
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fileno
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __stpcpy_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __xstat
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 readdir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlopen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 malloc
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fflush
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 nl_langinfo
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fseek
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __vsnprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strncpy_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strcpy_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mkdtemp
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setlocale
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fchmod
0000000000000000      DF *UND*  0000000000000000              inflateInit_
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 waitpid
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fopen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 perror
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strtok
0000000000000000  w   D  *UND*  0000000000000000              _Jv_RegisterClasses
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 unsetenv
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 execvp
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcat
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fwrite
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __fprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strncat_chk
0000000000000000  w   D  *UND*  0000000000000000              _ITM_registerTMCloneTable
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlsym
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fork
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlerror
0000000000607a40 g    DO .bss   0000000000000008  GLIBC_2.2.5 stdout
0000000000607a48 g    DO .bss   0000000000000008  GLIBC_2.2.5 stdin
0000000000607a50 g    DO .bss   0000000000000008  GLIBC_2.2.5 stderr

    Could you compile the binary also for older versions of glibc, like 2.12? Or perhaps there's some option that does something dynamic, I'm no expert.

    opened by nin0-0 1
Releases(v1.2.0)

  • v1.2.0(Dec 20, 2021)

    Notable changes

    • Added Log4j 2.17.0 detection, versions lower than this is marked as VULNERABLE
    • Detect removal of JndiLookup.class, will show up as PATCHED
    • Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
    • Hostname is now added to the output, and there is an new option -q, --quiet to suppress summary and banner.
    • It now also processes .zip files
    • You can now exclude files or directories by using the --exclude option, eg: --exclude /mnt/media/*

    What's Changed

    • Add CVE-2021-45046 to the README by @lmorg in https://github.com/fox-it/log4j-finder/pull/9
    • Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/15
    • Update README.md with instructions for creating PyInstaller executables by @yunzheng in https://github.com/fox-it/log4j-finder/pull/17
    • Add -V/--version argument to print program version by @yunzheng in https://github.com/fox-it/log4j-finder/pull/21
    • Add hostname to output and refactored parts of script by @yunzheng in https://github.com/fox-it/log4j-finder/pull/23
    • Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in https://github.com/fox-it/log4j-finder/pull/25
    • Added "How it works" section to README.md by @yunzheng in https://github.com/fox-it/log4j-finder/pull/28
    • Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in https://github.com/fox-it/log4j-finder/pull/29
    • Fixing scanning issue of jars inside war files by @dariux in https://github.com/fox-it/log4j-finder/pull/22
    • Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in https://github.com/fox-it/log4j-finder/pull/33
    • Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in https://github.com/fox-it/log4j-finder/pull/36
    • Add ability to exclude files and directories by @mjsalmi in https://github.com/fox-it/log4j-finder/pull/34
    • Fix zip internal path issue on Windows by @KrisJanssen in https://github.com/fox-it/log4j-finder/pull/37
    • Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in https://github.com/fox-it/log4j-finder/pull/39
    • Added MIT License by @yunzheng in https://github.com/fox-it/log4j-finder/pull/41
    • Added missing log4j 2.12.2 MD5 hash by @yunzheng in https://github.com/fox-it/log4j-finder/pull/42
    • Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/43
    • Fixed files and directory stats by @yunzheng in https://github.com/fox-it/log4j-finder/pull/46
    • Output log4j-finder and Python version to debug and info logging by @yunzheng in https://github.com/fox-it/log4j-finder/pull/47
    • Add support for processing files with .zip extension by @yunzheng in https://github.com/fox-it/log4j-finder/pull/48
    • Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in https://github.com/fox-it/log4j-finder/pull/53

    New Contributors

    • @lmorg made their first contribution in https://github.com/fox-it/log4j-finder/pull/9
    • @dariux made their first contribution in https://github.com/fox-it/log4j-finder/pull/22
    • @mjsalmi made their first contribution in https://github.com/fox-it/log4j-finder/pull/34
    • @KrisJanssen made their first contribution in https://github.com/fox-it/log4j-finder/pull/37

    Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.1...v1.2.0

    Source code(tar.gz)
    Source code(zip)
    log4j-finder(8.43 MB)
    log4j-finder-linux-v1.2.0.zip(8.33 MB)
    log4j-finder-signed.exe(6.28 MB)
    log4j-finder-windows-signed-v1.2.0.zip(6.14 MB)
    log4j-finder-windows-v1.2.0.zip(6.13 MB)
    log4j-finder.exe(6.27 MB)

  • v1.0.1(Dec 15, 2021)

    What's Changed

    • Add colorama to pyinstaller builds for better color support on Windows by @yunzheng in https://github.com/fox-it/log4j-finder/pull/5
    • Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/6
    • Output scanning stats and version information by @yunzheng in https://github.com/fox-it/log4j-finder/pull/7

    New Contributors

    • @yunzheng made their first contribution in https://github.com/fox-it/log4j-finder/pull/5

    Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.0...v1.0.1

    Source code(tar.gz)
    Source code(zip)
    log4j-finder(8.42 MB)
    log4j-finder-linux-v1.0.1.zip(8.32 MB)
    log4j-finder-windows-v1.0.1.zip(6.13 MB)
    log4j-finder.exe(6.26 MB)

  • v1.0.0(Dec 14, 2021)

    Release of log4j-finder with Pyinstaller builds for Windows and Linux. So it can easily run on systems without Python 3.

    What's Changed

    • Add GitHub actions to generate pyinstaller binaries for windows and linux by @taufderl in https://github.com/fox-it/log4j-finder/pull/1

    New Contributors

    • @taufderl made their first contribution in https://github.com/fox-it/log4j-finder/pull/1

    Full Changelog: https://github.com/fox-it/log4j-finder/commits/v1.0.0

    Source code(tar.gz)
    Source code(zip)
    log4j-finder-linux-v1.0.0.zip(8.15 MB)
    log4j-finder-windows-v1.0.0.zip(6.05 MB)
Owner
Fox-IT
Fox-IT
GitHub Repository
A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

K4YT3X 408 Jan 03, 2023
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
Python decompiler for Python 1.5-2.4 (for historical archive)

This preserves the early code of a Python decompiler for Python versions 1.5 to 2.4. I have been able to install this using pyenv using Python 2.3.7 u

R. Bernstein 2 Jan 04, 2022
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because

The Hacker's Choice 58 Nov 15, 2022
This is an advanced backdoor, created with Python

Backdoor This is a Backdoor, created with Python 3. Types of Commands: Downloading / Uploading files. Launching / Deleting / Reading file's content. S

swagkarna 28 Oct 28, 2022
Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

Hocky Harijanto 0 Jan 10, 2022
Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.

Midas ELF64 Injector Description Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary. All you n

midas 20 Dec 24, 2022
Tools to make working the Arch Linux Security Tracker easier

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

Jonas Witschel 6 Jul 13, 2022
Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone

Simple OSINT script to find Instagram profiles by name and e-mail/phone

108 Jan 07, 2023
Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

HCaptcha-Bypass Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. Not working? If it is not seeming to work for you

Dropout 17 Aug 23, 2021
Malware Configuration And Payload Extraction

CAPEv2 (Python3) has now been released CAPEv2 With the imminent end-of-life for Python 2 (January 1 2020), CAPEv1 will be phased out. Please upgrade t

Context Information Security 701 Dec 27, 2022
version de mi tool de kali linux para miertuxzzzz digo, termux >:)

Msf-Tool 1.0 Termux apt install git -y apt install python apt install python3 apt install python3-pip apt install metasploit ---- ---- git clone ht

BruhGera 1 Feb 20, 2022
Log4j command generator: Generate commands for CVE-2021-44228

Log4j command generator Generate commands for CVE-2021-44228. Description The vulnerability exists due to the Log4j processor's handling of log messag

1 Jan 03, 2022
Some Attacks of Exchange SSRF ProxyLogon&ProxyShell

Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1

Jumbo 129 Dec 30, 2022
A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

Guilherme Paixão 6 Jul 14, 2022
Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use. Will try to add atleast 10 more tools currently use 7 sources to gather domains.

Harinder Singh 7 Jan 03, 2022
If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

Ph0tonz 3 Jun 07, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible

CRACKER911181 1 Jan 10, 2022
Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

Justakazh 6 Dec 28, 2022