check_mkExtension to check for log4j2 CVE-2021-44228This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0)
Run in 5 steps:
META-INF/maven/org.apache.logging.log4j/log4j-core/pom.properties entry from JAR file.Log4j command generator Generate commands for CVE-2021-44228. Description The vulnerability exists due to the Log4j processor's handling of log messag
log4j-tools Quick links Click to find: Inclusions of log4j2 in compiled code Calls to log4j2 in compiled code Calls to log4j2 in source code Overview
1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://
log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.
Log4j dork scanner This is an auto script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks. Installation:
CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre
#1 使用说明 CVE-2021-44228 log4j 2.x rce漏洞检测工具,对目标链接发起get请求并利用dnslog探测是否有回显 $ python3 log4j-scan.py -h
yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log
log4shell_scanner Scans all drives for log4j jar files and gets their version from the manifest. Windows and Windows Server only.
Logpresso Log4j2 Scanner version 2.6.1
Source code(tar.gz)Logpresso Log4j2 Scanner version 2.5.3
Source code(tar.gz)New functionality
Fixes:
Changes:
Logpresso Log4j2 Scanner to version 2.1.3
Source code(tar.gz)Logpresso Log4j2 Scanner to version 2.1.0
Source code(tar.gz)Logpresso Log4j2 Scanner version 1.7.0
Source code(tar.gz)Update Logpresso Log4j2 Scanner to version 1.6.3
Source code(tar.gz)SSLyze SSLyze is a fast and powerful SSL/TLS scanning tool and Python library. SSLyze can analyze the SSL/TLS configuration of a server by connecting
auto-derby 自动化养马 育成结果 Nurturing result 功能 支持客户端 DMM (前台) 实验性 安卓 ADB 连接(后台)开发基于 1080x1920 分辨率 团队赛 (Team race) 有胜利确定奖励时吃帕菲 日常赛 (Daily race) PvP 活动赛 (Cha
infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s
NEW FACEBOOK CLONER WITH NEW PASSWORD, TERMUX FB CLONE, FB CLONING COMMAND. M
LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o
PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, dis
Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell
Interactsh An OOB interaction gathering server and client library Features • Usage • Interactsh Client • Interactsh Server • Interactsh Integration •
GO-WAFW00F 介绍 WAFW00F是一款优秀的web应用防火墙识别开源工具:https://github.com/EnableSecurity/wafw00f 使用Golang重写的原因:Python环境配置不便利,Golang打包生成可执行文件直接运行 目前还在开发阶段,规则解析存在小问题
IDA Pattern Search by Argus Cyber Security Ltd. The IDA Pattern Search plugin adds a capability of finding functions according to bit-patterns into th
Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,
Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i
kingkong 解密哥斯拉Godzilla-V2.96 webshell管理工具流量 目前只支持jsp类型的webshell流量解密 Usage 获取攻击者上传到服务器的webshell样本 获取wireshark之类的流量包,一般甲方有科来之类的全流量镜像设备,联系运维人员获取,这里以test.
Hactivity A Tool to find subdomains from Hackerone reports of a given company or a search term (xss, ssrf, etc). It can also print out URL and Title o
omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa
Subdah 🔎 another subdomains scanner. Installation ⚠️ Python 3.10 required ⚠️ $ git clone https://github.com/traumatism/subdah $ cd subdah $ pip3 inst
CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS
Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works
Python tool for enumerating directories and for fuzzing
CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre
1 Jan 3, 2022
171 Dec 25, 2022
7 Aug 6, 2022
2 Dec 16, 2021
5 Dec 27, 2022
7 Nov 9, 2022
4 Jan 13, 2022
1 Jan 31, 2022
1 Dec 29, 2021
2.8k Jan 03, 2023
376 Jan 01, 2023
41 Dec 30, 2022
81 Jan 08, 2023
5 Jul 19, 2022
56 Jul 31, 2022
16 Nov 09, 2022
2.1k Jan 08, 2023
80 Dec 30, 2021
48 Dec 29, 2022
4 Dec 07, 2021
116 Jan 08, 2023
46 Dec 21, 2022
15 Jul 24, 2022
13 Jul 13, 2022
14 Oct 18, 2022
47 Nov 09, 2022
92 Dec 29, 2022
5 Feb 21, 2022