CVE-2021-44228

This is a writeup describing the exploitation of CVE-2021-44228 (Log4j) in AD Manager Plus before version 7122. It details the process of achieving RCE via LDAP injection in the `methodToCall` parameter of the `ADSearch.cc` request.

This exploit leverages CVE-2021-44228 (Log4Shell) to extract environment variables or other sensitive data from vulnerable Apache Log4j2 instances via JNDI LDAP injection. It sets up a malicious LDAP server to capture leaked data when the target processes the payload.

This exploit leverages CVE-2021-44228 (Log4Shell) to achieve remote code execution by generating a malicious LDAP payload that triggers JNDI injection in vulnerable Log4j versions. It sets up an LDAP server and HTTP server to deliver a reverse shell payload.

This repository contains a scanner for detecting CVE-2021-44228 (Log4j RCE) and related vulnerabilities (CVE-2021-45046, CVE-2022-42889). It supports DNS callback validation, WAF bypass payloads, and extensive fuzzing for HTTP headers, POST data, and JSON parameters.

This repository contains a functional Proof-of-Concept (PoC) for CVE-2021-44228 (Log4Shell), including a Python script to automate the exploit and a vulnerable Java web application for testing. The exploit leverages JNDI injection via LDAP to achieve remote code execution.

This repository contains a Spring Boot application intentionally vulnerable to CVE-2021-44228 (Log4Shell). It demonstrates the exploitation of the Log4j JNDI injection vulnerability via a malicious LDAP server to achieve remote code execution.

This repository provides a detailed writeup on various bypass techniques for CVE-2021-44228 (Log4Shell), including environment variables, case manipulation, Unicode tricks, and other obfuscation methods to evade WAFs and patches. It does not contain executable exploit code but documents methods for crafting payloads.

This repository contains a scanner tool for detecting and mitigating multiple Log4j and Logback vulnerabilities, including CVE-2021-44228. It supports scanning nested JAR files and applying patches by removing vulnerable classes.

This repository contains a Burp Suite extension for scanning and detecting CVE-2021-44228 (Log4j2 RCE). It includes various payloads and bypass techniques for testing vulnerabilities in HTTP requests.

This repository contains a Java-based scanner for detecting vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832) by examining compiled class files for specific string literals. It is designed to identify vulnerable instances of Log4J across file systems, including nested archives.

This repository contains a Java agent-based hotpatch tool designed to mitigate CVE-2021-44228 (Log4Shell) and CVE-2021-45046 by dynamically patching the `JndiLookup.lookup()` method in running JVM processes without requiring a restart. The tool uses bytecode manipulation via ASM to override vulnerable methods.

This repository provides a proof-of-concept for CVE-2021-44228, demonstrating remote code execution via Log4j2's JNDI lookup feature. It includes setup instructions, exploit examples via User-Agent injection, and references to JNDI exploitation tools.

This repository contains a Python script (`log4j-finder.py`) designed to scan filesystems and Java Archive files (JAR, WAR, EAR) for Log4j2 libraries vulnerable to CVE-2021-44228 (Log4Shell) and related CVEs. It identifies vulnerable versions by comparing MD5 hashes of `JndiManager.class` against known good and bad hashes.

LogMePwn is a multi-protocol scanner for detecting CVE-2021-44228 (Log4j RCE) across HTTP, IMAP, SSH, and FTP. It supports Canary Tokens, custom payloads, and multi-threaded scanning.

This repository provides Nmap NSE scripts to detect CVE-2021-44228 (Log4Shell) by sending crafted payloads to exposed services and checking DNS logs for callbacks. It includes various bypass techniques and supports custom DNS logging servers.

This repository contains a scanner for detecting the presence of JndiLookup.class in JAR, WAR, EAR, and ZIP files, which may indicate vulnerability to CVE-2021-44228 (Log4Shell). It includes scripts for PowerShell, Python, and Bash to search for vulnerable Log4j versions.

This repository contains a regex generator and scanner for detecting Log4Shell (CVE-2021-44228) exploitation attempts. It generates a comprehensive regex pattern to match various obfuscated payloads used in Log4Shell attacks.

This repository contains scripts to scan for Log4j (CVE-2021-44228) vulnerabilities by checking for JAR files containing 'JndiLookup.class' and analyzing system packages. It includes Linux/macOS (Bash) and Windows (PowerShell) scripts for detection.

This repository contains a C# proof-of-concept exploit for CVE-2021-44228 (Log4Shell), targeting VMware products like vCenter, Horizon, and NSX. The exploit leverages HTTP headers to trigger JNDI-based remote code execution via the Log4j vulnerability.

This Python script detects CVE-2021-44228 (Log4j) by sending crafted DNS callback payloads via HTTP headers and parameters to a list of URLs. It uses multithreading for efficiency and relies on external DNS logging services (e.g., Burp Collaborator) for confirmation.

This repository contains a functional proof-of-concept exploit for CVE-2021-44228 (Log4Shell), demonstrating remote code execution via JNDI injection in Log4j. It includes an LDAP server setup to deliver serialized payloads, with examples for both RCE and data exfiltration.

This repository contains a pure Python3 PoC for CVE-2021-44228 (Log4Shell), including an HTTP/LDAP server setup and customizable Java payloads for RCE. It supports automated HTTP requests and manual JNDI injection.

This repository contains a functional exploit for CVE-2021-44228 (Log4Shell) targeting the Unifi Network Application. It automates the exploitation process by leveraging a malicious LDAP server (RogueJNDI) to deliver a reverse shell payload.

This repository provides hashes for vulnerable Log4j versions to aid in detection of CVE-2021-44228 (Log4Shell). It includes references to detection rules, vulnerable VMware products, and a PoC JNDI/LDAP server.

This repository contains a low-interaction honeypot designed to detect exploitation attempts targeting CVE-2021-44228 (Log4Shell). It monitors HTTP requests for suspicious patterns (e.g., '${') and alerts via webhooks (Slack/Teams/Mattermost).

This repository contains a Python-based scanner for detecting CVE-2021-44228 (Log4Shell) by injecting JNDI payloads into HTTP headers and GET requests, then checking for DNS callbacks. It is designed to identify vulnerable systems by leveraging DNS logging.

This repository contains a Runtime Application Self-Protection (RASP) module designed to mitigate CVE-2021-44228 (Log4j2 JNDI injection vulnerability). It uses Java instrumentation to inject hooks into the JVM, specifically targeting the `javax.naming.InitialContext` class to block malicious JNDI lookups.

This repository contains a functional exploit for CVE-2021-44228 (Log4Shell) targeting VMware vCenter. It automates the exploitation process to achieve remote code execution via JNDI injection, with modules for reverse shell and SAML database exfiltration.

This is a Java agent-based hotpatch tool designed to mitigate CVE-2021-44228 (Log4Shell) by dynamically redefining the `JndiLookup` class in running JVM processes to disable the vulnerable `lookup` method. It uses ASM for bytecode manipulation and the Java Attach API to inject the agent into target processes.

This repository is a honeypot designed to emulate a vulnerable Minecraft server (1.7.2 - 1.16.5) to capture and analyze Log4j exploitation attempts (CVE-2021-44228). It logs JNDI injection attempts and fetches payloads from LDAP servers for analysis.

This repository provides a Burp Suite extension for scanning the Log4Shell vulnerability (CVE-2021-44228). It allows users to inject custom payloads and uses Burp Collaborator for detection.

This repository contains tools for investigating CVE-2021-44228 (Log4Shell), including a script to fetch payloads from LDAP servers and a honeypot to detect exploitation attempts. The tools are designed to analyze and log malicious activity related to the Log4j vulnerability.

Log4Pot is a honeypot designed to detect and analyze exploitation attempts targeting the Log4Shell vulnerability (CVE-2021-44228). It listens on various ports, logs exploitation attempts, and can download payloads for further analysis. The tool includes a log analyzer to extract and deobfuscate payloads from logs.

This repository contains a functional PoC for CVE-2021-44228 (Log4Shell), demonstrating RCE via JNDI injection in Apache Log4j. It includes an exploit class that triggers a calculator app, an LDAP server setup, and a log4j trigger to simulate the attack.

This repository contains a Go-based tool for testing CVE-2021-44228 (Log4Shell) by simulating DNS and LDAP servers to detect vulnerable log4j instances. It generates unique test IDs and monitors for DNS/LDAP callbacks to confirm exploitation.

This repository contains an Nmap NSE script for detecting CVE-2021-44228 (Log4Shell) by injecting JNDI payloads via HTTP headers or TCP/UDP sockets. It relies on a callback server to confirm vulnerability.

This repository contains a functional Proof-of-Concept (PoC) for CVE-2021-44228 (Log4Shell), demonstrating LDAP-based RCE, DNS exfiltration, and RMI exploitation against vulnerable Log4j2 configurations in Tomcat servers. It includes Dockerized environments for testing and a Python-based exploit script.

This repository provides a Java agent-based mitigation for CVE-2021-44228 (Log4j JNDI vulnerability) by disabling JNDI lookups and logging attempts. It includes tests demonstrating the vulnerability and the fix.

This repository contains a minimal Java-based PoC for CVE-2021-44228 (Log4Shell), demonstrating the JNDI injection vulnerability in Log4j. The code logs a malicious string that triggers the vulnerability, though it does not include a full exploit chain (e.g., LDAP server setup).

This repository describes a Burp Suite plugin for detecting CVE-2021-44228 (Log4Shell) vulnerabilities, supporting DNS callback checks via dnslog.cn or Burp's built-in DNS, with RC1 bypass and JSON data type support. It is a modified version of @pmiaowu's fastjson plugin, adapted for large-scale security assessments.

This is a functional PoC for CVE-2021-44228 (Log4Shell) that exploits the JNDI/LDAP injection vulnerability in Log4j to achieve RCE. It includes a payload that patches the vulnerability in the target Minecraft session and displays a warning message to the user.

This repository provides an Ansible playbook to scan Linux hosts for CVE-2021-44228 (Log4Shell) using Red Hat's official detector script. It automates the download, verification, and execution of the detector script to identify vulnerable Log4j installations.

This repository is a curated list of affected components and applications by CVE-2021-44228 (Log4Shell). It provides resources for security responders to identify internal and external risks associated with the vulnerability.

This repository contains a Java agent-based mitigation tool for CVE-2021-44228 (Log4Shell). It patches Log4j2 by disabling JNDI lookups and Lookup conversions via bytecode transformation.

This repository contains a scanner tool for detecting CVE-2021-44228 (Log4Shell) in JAR files by comparing class hashes against a pre-computed list of vulnerable hashes. It also checks for vulnerable dependencies in POM files.

Log4JHunt is an automated scanner for detecting the Log4Shell vulnerability (CVE-2021-44228). It sends crafted HTTP requests with JNDI payloads to target hosts and uses Canary Tokens or custom DNS callbacks to detect exploitation attempts.

This repository contains a scanner tool designed to detect vulnerable Log4j versions (CVE-2021-44228 and related CVEs) by recursively scanning files, archives, and Docker images for known vulnerable Log4j libraries and JndiLookup.class files. It also includes a patching feature to mitigate the vulnerability by removing the JndiLookup.class file.

This repository provides IOCs (Indicators of Compromise) related to attacks exploiting CVE-2021-44228 (Log4Shell), including malicious IPs, C2 servers, and detection rules for Snort/Suricata. It does not contain exploit code but serves as a reference for defenders.

This repository contains a Go-based scanner tool designed to detect Java archives (JAR, WAR, EAR) potentially vulnerable to CVE-2021-44228 (Log4Shell) and related CVEs by inspecting class paths and embedded files. It supports recursive scanning and multithreading for efficiency.

This repository contains tools for detecting CVE-2021-44228 (Log4j2) vulnerabilities in running JVM processes. It includes a heuristic scanner and a confirmation tool that injects JNDI lookups to verify exploitation.

This repository contains a Python-based file system scanner for detecting vulnerable log4j instances, including CVE-2017-5645. It identifies log4j (1.x), reload4j (1.2.18+), and log4j-core (2.x) versions vulnerable to multiple CVEs.

This repository provides a mitigation strategy for CVE-2021-44228 (Log4Shell) using an Nginx LUA script. It describes how to configure Nginx to block exploitation attempts by including a provided configuration file in the server or http context.

This repository provides OpenIOC rules for detecting indicators of compromise related to CVE-2021-44228 (Log4j RCE). It includes hunting rules for execution and presence-based IOCs but does not contain exploit code.

This repository contains a scanner for detecting CVE-2021-44228 (Log4jShell) vulnerabilities. It uses a combination of HTTP requests and LDAP callbacks to identify vulnerable systems, with options for bypassing WAFs and testing related vulnerabilities like CVE-2021-45046.

This repository aggregates and processes known malicious IPs associated with Log4Shell (CVE-2021-44228) exploits. It includes a script to fetch, filter, and compile IOCs from multiple sources into a consolidated list.

This repository provides YARA rules and a STACS-based scanner to detect vulnerable versions of Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) in binary artifacts such as Docker images, JARs, and other archives. It does not exploit the vulnerability but identifies potentially affected files for further review.

This repository contains a proof-of-concept for CVE-2021-44228 (Log4Shell), demonstrating the vulnerability by triggering a JNDI lookup to an LDAP server that returns a serialized payload. The payload is a harmless string displayed as ASCII art, confirming the vulnerability without executing arbitrary code.

This repository contains a scanner and patcher tool for CVE-2021-44228 (Log4Shell). It recursively scans directories and archives for vulnerable Log4j versions and can patch them by removing the vulnerable classes.

This is a Burp Suite extension designed to scan for CVE-2021-44228 (Log4j2 RCE) by injecting JNDI payloads into various HTTP request fields (headers, parameters) and checking for DNS callbacks. It uses a custom DNS log service for verification.

This repository provides a Docker-based lab environment to demonstrate the Log4Shell vulnerability (CVE-2021-44228) in a Spring Boot application using Log4j 2.14.1. It includes step-by-step instructions for exploiting the vulnerability to achieve remote code execution via JNDI injection.

This repository contains a Python script designed to generate obfuscated payloads for CVE-2021-44228 (Log4Shell) and CVE-2021-45046. The tool allows users to create primary and secondary obfuscated payloads to evade WAF detection.

This repository provides a hot-patch for CVE-2021-44228 (Log4Shell) by exploiting the vulnerability itself to disable the JNDI lookup functionality in Log4j. It includes a custom LDAP server and a serialized payload generator.

This repository provides a Rust-based reverse proxy firewall designed to block Log4Shell (CVE-2021-44228) exploit attempts by scanning HTTP requests for malicious JNDI payloads. It includes a regex-based detection mechanism and acts as a protective layer for vulnerable applications.

This repository contains a Nuclei template for detecting CVE-2021-44228 (Log4Shell) with WAF bypass techniques. It sends multiple crafted requests to trigger DNS callbacks via JNDI lookups, but does not include exploit code for RCE.

This repository contains a proof-of-concept exploit for CVE-2021-44228, the Log4j RCE vulnerability. It includes Python scripts to generate and serve malicious payloads that trigger the JNDI injection flaw in vulnerable Log4j versions.

This repository provides a Zeek package for detecting CVE-2021-44228 (Log4Shell) exploitation attempts by analyzing HTTP headers, LDAP traffic, and Java class downloads. It generates notices and logs for potential exploits.

This repository contains a working proof-of-concept for mitigating CVE-2021-44228 (Log4Shell) by patching vulnerable Log4j lookups in Minecraft mod environments. The code dynamically modifies Log4j's Interpolator to prevent JNDI exploitation.

This is a functional exploit for CVE-2021-44228 (Log4Shell) that generates a malicious Java class, compiles it, and uses JNDI injection via LDAP to trigger a reverse shell. It includes bypass techniques for header-based detection and verifies exploitation via network connection checks.

This repository provides a bash script to mitigate CVE-2021-44228 (Log4Shell) in VMware vCenter by applying workarounds such as removing JndiLookup.class and setting log4j2.formatMsgNoLookups=true. It supports vCenter versions 6.5, 6.7, and 7.0.

This repository contains a Python-based PoC for CVE-2021-44228 (Log4Shell), which exploits the Log4j vulnerability to achieve remote code execution (RCE) via JNDI injection. The script uses marshalsec for LDAP server setup and crafts a malicious payload to trigger a reverse shell.

This repository provides a functional PoC for CVE-2021-44228 (Log4Shell), demonstrating JNDI injection via Log4j 2.14.1. It includes mitigation testing and exploitation examples using Rogue JNDI for RCE and information leakage.

Log4Shell Sentinel is a file-based scanner for detecting vulnerable log4j-core jars in various Java application formats (JAR, WAR, EAR). It includes features for container image mapping, MD5 hashing, and ignore list functionality to aid in vulnerability management.

This repository contains a Burp Suite plugin designed to detect the Log4j vulnerability (CVE-2021-44228) by automatically injecting payloads into various parts of HTTP requests (headers, POST parameters, GET parameters, and cookies). It includes filtering and logging capabilities for passive and active scanning.

This repository contains a bash script designed to scan for and patch JAR files affected by the Log4j vulnerability CVE-2021-44228. It identifies vulnerable JARs by checking for the presence of the JndiLookup.class file and can remove it to mitigate the vulnerability.

This repository contains a scanner for detecting Log4Shell (CVE-2021-44228) vulnerabilities in AWS environments. It identifies exposed EC2 instances and load balancers, then crafts requests to test for the vulnerability.

This repository provides a Spring Boot test service with Log4j 2.13.0 to demonstrate CVE-2021-44228 (Log4Shell). It includes endpoints that log user-controlled input, allowing testing of JNDI injection payloads.

This repository contains a Go-based tool to detect and mitigate CVE-2021-44228 (Log4Shell) by scanning and removing the JndiLookup class from JAR/WAR/EAR files. It is not an exploit but a remediation utility.

This is a functional PoC for CVE-2021-44228 (Log4Shell) that creates an evil RMI server to exploit unsafe reflection in BeanFactory, allowing arbitrary command execution. It binds a malicious ReferenceWrapper to the RMI registry, which can be used in local privilege escalation scenarios.

This repository provides an Ansible role to scan systems for Log4Shell (CVE-2021-44228) by detecting vulnerable Log4j JAR/WAR files. It checks for the presence of JndiLookup.class and reports versions, but does not include exploit code.

This repository contains a scanner for CVE-2021-44228 (Log4j RCE). It automates the process of checking domains or lists of URLs for vulnerability by sending crafted HTTP requests with JNDI payloads to trigger the Log4j vulnerability.

This repository provides a minimalistic LDAP server designed to test vulnerability to JNDI+LDAP injection attacks, specifically CVE-2021-44228 (Log4Shell). It allows users to simulate an exploit scenario by logging a crafted JNDI string and observing if the server receives a connection, indicating vulnerability.

This repository is a comprehensive writeup and resource collection for CVE-2021-44228 (Log4Shell), including scanning tools, indicators of compromise, vulnerable applications, and mitigation guidance. It does not contain exploit code but provides links to external tools and references.

This repository contains a functional proof-of-concept exploit for CVE-2021-44228 (Log4Shell), demonstrating remote code execution via JNDI injection in Apache Log4j. The exploit triggers a calculator app as a benign payload, leveraging LDAP and HTTP servers to deliver the malicious class file.

This repository demonstrates the use of Tai-e, a static analysis tool, to detect the Log4Shell vulnerability (CVE-2021-44228) in a sample Java application. It includes a vulnerable Log4j 2.14.0 server that logs a malicious JNDI lookup string, showcasing the taint flow analysis capabilities of Tai-e.

This repository contains a functional PoC for CVE-2021-44228 (Log4Shell), providing RMI, LDAP, and deserialization attack vectors to achieve remote code execution. It includes an HTTP server to dynamically compile and serve malicious payloads.

This repository contains a PoC for CVE-2021-44228 (Log4Shell), demonstrating RCE via JNDI injection. The attack script sends a malicious LDAP payload to a vulnerable Log4j server, triggering remote code execution.

This repository is a curated list of IoCs (Indicators of Compromise) related to CVE-2021-44228 (Log4Shell), including IPs, domains, hashes, and YARA rules. It aggregates data from various sources and provides references to detection tools and payload lists.

This repository provides a detailed writeup and guidance on reproducing and mitigating the Log4Shell vulnerability (CVE-2021-44228) in a Kubernetes environment. It includes steps to set up a vulnerable environment, exploit it using a malicious LDAP server, and apply security policies using KubeArmor and Cilium.

This repository provides a hotpatch for CVE-2021-44228 (Log4Shell) using JVM Instrumentation API to modify the JndiLookup class at runtime without restarting the Java process. It supports JDK versions 6-11 and includes scripts for Linux and Windows to inject the patch into running JVMs.

This repository is a comprehensive research summary and resource collection for CVE-2021-44228 (Log4Shell), including threat intelligence, mitigations, malware reports, and exploitation techniques. It does not contain direct exploit code but serves as a curated reference for incident response and analysis.

This repository provides a fail2ban filter configuration to detect and block Log4j CVE-2021-44228 exploitation attempts by monitoring Apache access logs for JNDI LDAP injection patterns. It includes installation instructions and regex-based detection rules.

This is a functional Proof-of-Concept exploit for CVE-2021-44228 (Log4Shell), which leverages JNDI injection to achieve remote code execution. The script generates a malicious Java payload, sets up an LDAP server, and serves the payload via HTTP to trigger a reverse shell.

This Python script scans for CVE-2021-44228 (Log4Shell) by sending JNDI payloads in HTTP headers and form parameters, then listens for callbacks on a specified port to confirm vulnerability. It does not execute a reverse shell but checks for vulnerable Log4j instances.

This repository contains a functional Proof of Concept (PoC) for CVE-2021-44228 (Log4Shell), demonstrating remote code execution via JNDI injection over RMI. The exploit triggers a calculator app on the target system by leveraging Log4j's vulnerable JNDI lookup feature.

This is a Burp Suite extension designed to actively scan for CVE-2021-44228 (Log4Shell) and CVE-2021-45046 by injecting JNDI payloads into various HTTP request parameters and headers. It uses Burp Collaborator to verify exploitation by detecting DNS callbacks.

This repository contains a functional Proof of Concept for CVE-2021-44228 (Log4Shell), demonstrating arbitrary code execution via JNDI injection in Apache Log4j2. The exploit triggers a calculator app launch on Windows or macOS by leveraging a malicious LDAP server and HTTP server to serve the payload.

This repository contains a functional proof-of-concept for CVE-2021-44228 (Log4Shell), including an LDAP server, a vulnerable application, and an exploit class that executes arbitrary commands upon class loading.

This repository demonstrates CVE-2021-44228 (Log4Shell) by providing a vulnerable server and a malicious server that exploits the JNDI injection vulnerability in Log4j. The exploit triggers remote code execution via LDAP callback to a malicious server hosting a Java payload.

This repository contains a Metasploit auxiliary module for scanning and detecting the Log4j RCE vulnerability (CVE-2021-44228). It includes WAF bypass payloads and supports GET/POST requests with custom headers and DNS callbacks for vulnerability confirmation.

This PowerShell script scans Active Directory for Windows servers, copies tools, and checks for Log4j vulnerabilities (CVE-2021-44228) by extracting JAR files and verifying the presence of JNDI lookup classes. It does not include exploit payloads but automates detection across domains.

This repository is a DFIR (Digital Forensics and Incident Response) writeup documenting the analysis of CVE-2021-44228 (Log4Shell) exploitation attempts. It includes detection methods, YARA rules, Splunk queries, and analysis of a malicious payload delivering a crypto miner.

This repository contains a PHP-based PoC for CVE-2021-44228 (Log4j RCE), which exploits the JNDI injection vulnerability in Log4j. The script sends malicious payloads via HTTP headers and parameters to trigger remote code execution.

This repository provides a Java-based tool to patch vulnerable Log4j2 versions (CVE-2021-44228) by replacing them with Log4j 2.15.0 and adding the 'nolookups' flag to log4j2.xml. It is designed for unsupported Minecraft server software like Spigot and PaperSpigot.

The repository appears to be a collection of JavaScript files, primarily jQuery-related, with no clear exploit code for CVE-2021-44228. The presence of cryptocurrency mining-related terms in the file paths suggests potential misuse or deception.

This repository contains a functional exploit for CVE-2021-44228 (Log4Shell), including a Python-based exploit script that generates a malicious LDAP payload and a Java-based reverse shell. It also includes a vulnerable application for testing purposes.

This PoC demonstrates a regex-based string replacement vulnerability in the DragonSurvival plugin for Bukkit, which can lead to arbitrary code execution via crafted chat messages or commands. The fix method recursively processes placeholders, allowing for unintended evaluation of nested expressions.

This repository contains a proof-of-concept exploit for CVE-2021-44228, demonstrating how to trigger the Log4j2 JNDI lookup vulnerability to leak environment variables or achieve remote code execution. It includes a custom ObjectFactory (LoggerFactory) and an example (RCEExample) to log a malicious JNDI payload.

This script enforces F5 BIG-IP ASM/Adv.WAF attack signatures related to CVE-2021-44228 (Log4Shell) across all policies in blocking mode. It automates the process of applying specific signature IDs to mitigate the vulnerability.

This repository provides a utility to scan and remove the malicious JndiLookup.class from Java archives (JAR, WAR, EAR, ZIP) to mitigate CVE-2021-44228 (Log4Shell). It does not exploit the vulnerability but instead helps remediate it.

This repository contains a Python script designed to scan multiple targets for the Log4j vulnerability (CVE-2021-44228) by sending crafted HTTP requests with JNDI payloads and checking DNS logs for callbacks. It uses a public DNS logging service to detect vulnerable systems.

This repository contains a Python script designed to scan multiple URLs for CVE-2021-44228 (Log4j) by sending crafted payloads via HTTP headers. It reads targets, payloads, and headers from text files and uses concurrent requests for efficiency.

This repository provides a Java Agent that mitigates CVE-2021-44228 (Log4Shell) by disabling the JNDI Lookup functionality in Apache Log4J. It uses bytecode manipulation to patch the vulnerable `JndiLookup.lookup` method at runtime.

This repository contains a proof-of-concept exploit for CVE-2021-44228 (Log4Shell), demonstrating remote code execution (RCE) via JNDI injection in Apache Tomcat 10.0.14. The exploit uses an LDAP server to deliver a malicious payload, resulting in arbitrary code execution (e.g., launching Calculator).

This repository provides a multitool for testing and exploiting CVE-2021-44228 (Log4Shell). It includes system checks, fixes, and attack capabilities such as reverse shells and LDAP server setup.

This repository contains a Python-based scanner for detecting CVE-2021-44228 (Log4Shell) vulnerabilities. It supports various HTTP headers, POST data, and JSON parameter fuzzing, along with WAF bypass payloads and DNS callback validation.

This repository contains a functional proof-of-concept for CVE-2021-44228 (Log4Shell), demonstrating remote code execution via LDAP, RMI, and DNS lookups. It includes both a malicious server and a vulnerable application to test the exploit.

This repository contains a deliberately vulnerable Java application to demonstrate CVE-2021-44228 (Log4Shell). It includes a vulnerable servlet that logs user-controlled input via Log4j, along with attack artifacts and instructions for exploitation.

This repository contains a multithreaded Python script to check for CVE-2021-44228 (Log4Shell) by sending crafted requests with JNDI payloads in headers and parameters. It supports multiple HTTP methods and headers, and logs results for correlation with DNS callbacks.

This repository provides a proof-of-concept for CVE-2021-44228 (Log4Shell) using Docker and Kubernetes YAMLs to demonstrate the vulnerability. It includes setup instructions for deploying a vulnerable web server, an attack server, and a marshalsec server to exploit the Log4j RCE vulnerability.

This PowerShell script scans a local Windows system for Log4j vulnerabilities (CVE-2021-44228) by identifying .jar files, extracting them, and checking for the presence of the JndiLookup.class file. It also attempts to exploit local listening ports by sending malicious HTTP headers.

This repository provides a patch for the Log4j vulnerability (CVE-2021-44228) in Minecraft clients and servers by modifying log file configurations to replace %msg with %msg{nolookups}. It is a mitigation tool rather than an exploit.

This repository contains a functional proof-of-concept exploit for CVE-2021-44228 (Log4Shell), demonstrating remote code execution via LDAP and HTTP servers. The exploit leverages JNDI injection to load a malicious payload from a remote server.

This repository provides a proof-of-concept for CVE-2021-44228 (Log4Shell), demonstrating remote code execution via JNDI injection in Log4j. It includes curl commands and variations to bypass WAFs.

This repository contains a functional PoC for CVE-2021-44228 (Log4Shell) targeting Minecraft 1.17.1 with Java 16. It includes an LDAP server that serves serialized payloads to exploit the JNDI injection vulnerability in Log4j.

This repository contains a functional PoC for CVE-2021-44228 (Log4Shell) targeting Minecraft 1.17.1 with Paper server build #397. It includes an LDAP server that serves serialized payloads to exploit the JNDI injection vulnerability in Log4j.

This repository contains a dockerized honeypot for detecting and logging exploitation attempts against CVE-2021-44228 (Log4Shell). It includes comprehensive pattern matching for various exploit vectors, rate limiting, and monitoring capabilities.

This repository provides a Checkmk extension to scan for Log4j vulnerabilities, specifically CVE-2021-44228 and related CVEs. It wraps around the logpresso/CVE-2021-44228-Scanner to detect vulnerable Log4j versions in JAR, WAR, EAR, and AAR files.

This repository contains a Python-based scanner for detecting CVE-2021-44228 (Log4j RCE) by sending crafted JNDI payloads via HTTP headers and parameters. It supports domain and URL list scanning, leveraging tools like curl, httpx, subfinder, assetfinder, and amass.

This repository contains a functional proof-of-concept exploit for CVE-2021-44228 (Log4Shell), which leverages JNDI injection to achieve remote code execution. The exploit includes an LDAP server and HTTP server to deliver a Java-based reverse shell payload.

This repository provides a mitigation tool for CVE-2021-44228 (Log4Shell) in Minecraft servers, specifically targeting Bukkit/Spigot and BungeeCord platforms. It includes filters and patches to prevent Log4j format strings, including JNDI lookups, from being processed.

This repository provides an Ansible role to scan Linux hosts for Log4Shell (CVE-2021-44228) using Red Hat's official detector script. It automates the download and execution of the script to identify vulnerable Log4j instances.

This repository contains a filesystem scanner for detecting vulnerable Log4j versions affected by CVE-2021-44228 (Log4Shell) and related CVEs. It checks file hashes against known vulnerable versions of Log4j classes.

This repository contains a Python script that generates various payloads for exploiting CVE-2021-44228 (Log4Shell), a critical RCE vulnerability in Apache Log4j. The script provides multiple obfuscated JNDI lookup strings to bypass WAFs and other protections.

This repository contains a functional PoC for CVE-2021-44228 (Log4Shell), including a Java-based reverse shell exploit, automation scripts, and a vulnerable application for testing. It demonstrates JNDI injection to achieve remote code execution.

This repository contains scripts to detect .jar files vulnerable to CVE-2021-44228 (Log4Shell) by checking SHA-256 hashes or the presence of the JndiLookup class. It does not exploit the vulnerability but aids in identification.

This repository contains a bash script for scanning targets for CVE-2021-44228 (Log4Shell) by sending crafted HTTP requests with JNDI payloads to detect vulnerable Log4j instances. It uses external tools like httpx, subfinder, and assetfinder for target enumeration.

This repository contains a Python script that automates the retrieval of malicious IPs associated with CVE-2021-44228 (Log4j RCE) from Greynoise and configures null routes on Cisco IOS-XE and Arista EOS routers to block them. It includes functionality to exclude specific IPs via an exceptions file.

This YAML file is a Nuclei template designed to detect CVE-2021-44228 (Log4Shell) in Apache Solr by sending a crafted GET request with a JNDI LDAP payload and checking for DNS interaction via interactsh. It does not execute arbitrary code but confirms vulnerability via callback.

This repository provides a functional proof-of-concept for CVE-2021-44228 (Log4Shell), including Docker environments for both vulnerable and attacking machines. It demonstrates RCE via JNDI injection, using LDAP callbacks to execute a reverse shell payload.

This repository contains a Python scanner for CVE-2021-44228 (Log4Shell) that sends JNDI payloads to target hosts via HTTP/HTTPS requests. It checks for vulnerable Log4j instances by injecting a malicious LDAP JNDI lookup string in headers and query parameters.

This repository provides a vulnerable Spring Boot application for testing CVE-2021-44228 (Log4Shell). It includes endpoints that log user-controlled input, demonstrating the vulnerability via GET/POST requests and User-Agent headers.