2

GitHUB安全搬运工之Log4j2集合

 2 years ago
source link: https://www.heibai.org/2069.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

NoPac

CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.

20211213070108163935006851332.jpg

地址:https://github.com/cube0x0/noPac

HackLog4j

本项目用来致敬全宇宙最无敌的Java日志库!同时也记录自己在学习Log4j漏洞过程中遇到的一些内容。

20211213070109163935006962861.jpg

20211213070110163935007031865.jpg

地址:https://github.com/0e0w/HackLog4j

Log4j2-CVE-2021-44228

Remote Code Injection In Log4j

20211213070112163935007250256.jpg

地址:https://github.com/jas502n/Log4j2-CVE-2021-44228

log4j-fuzz-head-poc

批量检测log4j漏洞,主要还是批量fuzzz 头

20211213070113163935007316970.jpg

地址:https://github.com/test502git/log4j-fuzz-head-poc

Log4j2-Vaccine

一款用于log4j2漏洞的疫苗,基于Instrumentation机制进行RASP防护,Patch了 org.apache.logging.log4j.core.net.JndiManagerlookup方法,部分代码借用了arthas的实现

20211213070114163935007449299.jpg

地址:https://github.com/chaitin/log4j2-vaccine

BurpSuitePlugin-Log4j2

Log4j2 RCE Passive Scanner plugin for BurpSuite

20211213070116163935007640135.jpg

20211213070117163935007767833.jpg

地址:https://github.com/whwlsfb/Log4j2Scan

Log4j_RCE_Tool

Log4j 多线程批量检测利用工具

20211213070118163935007873315.jpg

地址:https://github.com/inbug-team/Log4j_RCE_Tool

JNDIExploit

一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。

20211213070119163935007936482.jpg

地址:https://github.com/feihong-cs/JNDIExploit

文由HACK学习君


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK