POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Last update: Dec 22, 2021

Overview

log4shell-poc-py

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Run on a system with python3 python3 log4shell-poc.py

pathToTargetFile - containing a list of targets (targets are seperated by newlines)
InteractionURL - the endpoint used to monitor out of band data extraction or interactions, e.g: https://github.com/projectdiscovery/interactsh

Example Output

[1] Testing asset: http://
   
    

[2] Testing asset: http://
    
     

[3] Testing asset: http://
     
      

[4] Testing asset: http://
      
       

[5] Testing asset: http://
       
         [6] Testing asset: http://
        
          [7] Testing asset: http://

Interaction Results

The example output as seen on the interactor due to a the Log4J vulnerability being found in an asset.

;; ANSWER SECTION:

   
    .
    
     .	3600	IN	A	
     
      

;; AUTHORITY SECTION:

      
       .
       
        . 3600 IN NS ns1.
        
         . 
         
          .
          
           . 3600 IN NS ns2.
           
            .

- represents the line number of the target in the target file

Owner

BCC Risk Advisory

GitHub Repository

Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers

Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers New Update : adding 'on-review' tag on an issue

13 Sep 19, 2021

带回显版本的漏洞利用脚本

CVE-2021-21978 带回显版本的漏洞利用脚本，更简单的方式 0. 漏洞信息 VMware View Planner Web管理界面存在一个上传日志功能文件的入口，没有进行认证且写入的日志文件路径用户可控，通过覆盖上传日志功能文件log_upload_wsgi.py，即可实现RCE 漏洞代码

24 Nov 09, 2022

client attack remotely , this script was written for educational purposes only

client attack remotely , this script was written for educational purposes only, do not use against to any victim, which you do not have permission for it

9 Jun 05, 2022

S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

CVE-2021-31805 Remote code execution S2-062 (CVE-2021-31805) Due to Apache Struts2's incomplete fix for S2-061 (CVE-2020-17530), some tag attributes c

31 Nov 22, 2022

This repository will contain python scripts for hackers and pentesters

This repository will contain python scripts for hackers and pentesters. stop being limited with availble tools. Build your own.

24 Nov 29, 2022

Python tool for exploiting CVE-2021-35616

OracleOTM Python tool for exploiting CVE-2021-35616 The script works in modules, which I implemented in the following order: ► Username enumeration ►

11 Dec 06, 2022

Hikvision 流媒体管理服务器敏感信息泄漏

Hikvisioninformation Hikvision 流媒体管理服务器敏感信息泄漏 Options optional arguments: -h, --help show this help message and exit -u url, --url url

13 Nov 09, 2022

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use. Will try to add atleast 10 more tools currently use 7 sources to gather domains.

7 Jan 03, 2022

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

11 Nov 15, 2022

It's a simple tool for test vulnerability Apache Path Traversal

SimplesApachePathTraversal Simples Apache Path Traversal It's a simple tool for test vulnerability Apache Path Traversal https://blog.mrcl0wn.com/2021

56 Dec 27, 2022

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

👑 Recon 👑 The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

171 Dec 31, 2022

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

259 Dec 31, 2022

Mad Spammer is a python webhook spammer which is very easy and safe to use.

Mad Spammer 👿 Pre-Setup: Open your terminal/console and type: pip install module colorama python MadSpammer.py Setup: After doing that, you should be

1 Nov 26, 2021

Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

Inspektur Cari informasi mengenai email dan nomor telepon dengan mudah. Inspektur adalah aplikasi OSINT yang berguna untuk mencari informasi berdasark

36 Dec 04, 2022

Hashpic - Hashpic creates an image from a MD5 or SHA512 hash

Hashpic Hashpic creates an image from the MD5 hash of your input. Since v0.2.0 i

15 Nov 23, 2022

the swiss army knife in the hash field. fast, reliable and easy to use

hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh

17 Apr 05, 2022

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Fuzzing PDFs like its 1990s This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some discl

14 Sep 30, 2022

GitGuardian Shield: protect your secrets with GitGuardian

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

1.2k Dec 27, 2022

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt Then just

282 Dec 30, 2022

A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

PyArmor Homepage (中文版网站) Documentation(中文版) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine

1.9k Dec 30, 2022

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Related tags

Overview

log4shell-poc-py

Example Output

Interaction Results

Owner

BCC Risk Advisory

Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers

带回显版本的漏洞利用脚本

client attack remotely , this script was written for educational purposes only

S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

This repository will contain python scripts for hackers and pentesters

Python tool for exploiting CVE-2021-35616

Hikvision 流媒体管理服务器敏感信息泄漏

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

It's a simple tool for test vulnerability Apache Path Traversal

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Mad Spammer is a python webhook spammer which is very easy and safe to use.

Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

Hashpic - Hashpic creates an image from a MD5 or SHA512 hash

the swiss army knife in the hash field. fast, reliable and easy to use

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

GitGuardian Shield: protect your secrets with GitGuardian

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.