jndiRep - CVE-2021-44228

Basically a bad grep on even worse drugs.

search for malicious strings
decode payloads
print results to stdout or file
report ips (incl. logs) to AbuseIPDB

Scanning

Directory: python3 jndiRep.py -d /path/to/directory
File: python3 jndiRep.py -f /path/to/input.txt
Custom filter: python3 jndiRep.py ... -g "ldap"
Threading: If scanning a directory, 4 threads will work on the files in parallel. You can change this by using -t <threads>.

Output

You can either print results to a file or to stdout (includes coloring of IPs and payloads).

stdout: python3 jndiRep.py ...
file: python3 jndiRep.py ... -o /path/to/output.txt

Reporting

For reporting, an API Key (hex string of length 80) for AbuseIPDB is required, which you can obtain by register at the service and request IP Reporting ability.

Report IPs once: python3 jndiRep.py ... -a <api key>
Report every occurrence: python3 jndiRep.py ... -a <api key> --no-dedup
Change default comment: python3 jndiRep.py ... -c "your custom comment"
Include logs: python3 jndiRep.py ... --include-logs

Warning: Reporting is provided "as is". PII will not be cut, decoded payloads will not be uploaded.

Issues

Create pull request with your solution
Open an issue here and I'll try to fix it asap

Help

usage: jndiRep.py [-h] [-a API_KEY] [-d DIRECTORY] [-f FILE] [-g GREP] [-o OUTPUT] [-t THREADS] [-r] [-c COMMENT] [--include-logs] [--no-dedup]

optional arguments:
  -h, --help            show this help message and exit
  -a API_KEY, --api-key API_KEY
                        AbuseIPDB Api Key
  -d DIRECTORY, --directory DIRECTORY
                        Directory to scan
  -f FILE, --file FILE  File to scan
  -g GREP, --grep GREP  Custom word to grep for
  -o OUTPUT, --output OUTPUT
                        File to store results. stdout if not set
  -t THREADS, --threads THREADS
                        Number of threads to start. Default is 4
  -r, --report          Report IPs to AbuseIPDB with category 21 (malicious web request)
  -c COMMENT, --comment COMMENT
                        Comment sent with your report
  --include-logs        Include logs in your report. PII will NOT be stripped of!!!
  --no-dedup            If set, report ever occurrence of IP. Default: Report only once.

Scan your logs for CVE-2021-44228 related activity and report the attackers

Related tags

Overview

jndiRep - CVE-2021-44228

Scanning

Output

Reporting

Issues

Help

Owner

js-on

A simple Burp Suite extension to extract datas from source code

An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

Provides script to download and format public IP lists related to the Log4j exploit.

Phishing Campaign Toolkit

Springboot directory scanning

An ARP Spoofer attacker for windows to block away devices from your network.

Open Source Tool - Cybersecurity Graph Database in Neo4j

AMC- Automatic Media Access Control [MAC] Address Spoofing Tool

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

Discord exploit allowing you to be unbannable.

Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

Small python script to look for common vulnerabilities on SMTP server.

A simple Log4Shell Scan with python

A Python & JavaScript Obfuscator made in Python 3.

Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container

A curated list of amazingly awesome Cybersecurity datasets

Example for the NFT 3D Collectibles using Blender Scripting (Python).

Learning to compose soft prompts for compositional zero-shot learning.

S2-061 的payload，以及对应简单的PoC/Exp

Port scanner tool with easy installation