GitHUB安全搬运工之Log4j2集合
source link: https://www.heibai.org/2069.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
NoPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
地址:https://github.com/cube0x0/noPac
HackLog4j
本项目用来致敬全宇宙最无敌的Java日志库!同时也记录自己在学习Log4j漏洞过程中遇到的一些内容。
地址:https://github.com/0e0w/HackLog4j
Log4j2-CVE-2021-44228
Remote Code Injection In Log4j
地址:https://github.com/jas502n/Log4j2-CVE-2021-44228
log4j-fuzz-head-poc
批量检测log4j漏洞,主要还是批量fuzzz 头
地址:https://github.com/test502git/log4j-fuzz-head-poc
Log4j2-Vaccine
一款用于log4j2
漏洞的疫苗,基于Instrumentation
机制进行RASP防护,Patch了 org.apache.logging.log4j.core.net.JndiManager
的lookup
方法,部分代码借用了arthas
的实现
地址:https://github.com/chaitin/log4j2-vaccine
BurpSuitePlugin-Log4j2
Log4j2 RCE Passive Scanner plugin for BurpSuite
地址:https://github.com/whwlsfb/Log4j2Scan
Log4j_RCE_Tool
Log4j 多线程批量检测利用工具
地址:https://github.com/inbug-team/Log4j_RCE_Tool
JNDIExploit
一款用于 JNDI注入
利用的工具,大量参考/引用了 Rogue JNDI
项目的代码,支持直接植入内存shell
,并集成了常见的bypass 高版本JDK
的方式,适用于与自动化工具配合使用。
地址:https://github.com/feihong-cs/JNDIExploit
文由HACK学习君
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK