CVE-2021-44228
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Severity: CRITICAL
CVE ID: CVE-2021-44228
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-44228
Refrence: Project Discovery GitHub
tangxiaofeng7
Apache Log4j 远程代码执行
Refrence: GitHub
Glease
Patch up CVE-2021-44228 for minecraft forge 1.7.10 - 1.12.2
Refrence: GitHub
jacobtread
This tool patches the CVE-2021-44228 Log4J vulnerability present in all minecraft versions NOTE THIS TOOL MUST BE RE-RUN after downloading or updating versions of minecraft as its not a perminent patch
Refrence: GitHub
jas502n
Remote Code Injection In Log4j
Refrence: GitHub
HyCraftHD
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
Refrence: GitHub
boundaryx
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
Refrence: GitHub
dbgee
Apache Log4j 2 a remote code execution vulnerability via the ldap JNDI parser.
Refrence: GitHub
CreeperHost
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
Refrence: GitHub
DragonSurvivalEU
CVE-2021-44228 fix
Refrence: GitHub
simonis
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process
Refrence: GitHub
zlepper
A small server for verifing if a given java program is succeptibel to CVE-2021-44228
Refrence: GitHub
christophetd
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
Refrence: GitHub
NorthwaveSecurity
A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.
Refrence: GitHub
nkoneko
Vulnerable to CVE-2021-44228. trustURLCodebase is not required.
Refrence: GitHub
lhotari
Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shell
Refrence: GitHub
1in9e
Apache Log4j2 RCE( CVE-2021-44228)验证环境
Refrence: GitHub
KosmX
vulnerability POC
Refrence: GitHub
greymd
Vulnerability CVE-2021-44228 checker
Refrence: GitHub
mubix
Hashes for vulnerable LOG4J versions
Refrence: GitHub
OopsieWoopsie
CVE-2021-44228 server-side fix for minecraft servers.
Refrence: GitHub
wheez-y
Refrence: GitHub
izzyacademy
Mitigation for Log4Shell Security Vulnerability CVE-2021-44228
Refrence: GitHub
0xst4n
log4shell sample application (CVE-2021-44228)
Refrence: GitHub
takito1812
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
Refrence: GitHub
winnpixie
Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."
Refrence: GitHub
Azeemering
CVE-2021-44228 DFIR Notes
Refrence: GitHub
Puliczek
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Refrence: GitHub
kozmer
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
Refrence: GitHub
alexandreroman
Buildpack providing a workaround for CVE-2021-44228 (Log4j RCE exploit)
Refrence: GitHub
Adikso
Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
Refrence: GitHub
racoon-rac
Refrence: GitHub
TheArqsz
Refrence: GitHub
1lann
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
Refrence: GitHub
binganao
Log4j2 CVE-2021-44228 复现和回显利用
Refrence: GitHub
phoswald
A short demo of CVE-2021-44228
Refrence: GitHub
rakutentech
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
Refrence: GitHub
uint0
CVE-2021-44228 POC - Spring / Hibernate
Refrence: GitHub
saharNooby
Fixes CVE-2021-44228 in log4j by patching JndiLookup class
Refrence: GitHub
f0ng
CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
Refrence: GitHub
M1ngGod
Refrence: GitHub
byteboycn
Refrence: GitHub
lhotari
Log4Shell CVE-2021-44228 mitigation tester
Refrence: GitHub
toramanemre
A Nuclei Template for Apache Log4j RCE (CVE-2021-44228) Detection with WAF Bypass Payloads
Refrence: GitHub
logpresso
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Refrence: GitHub
vorburger
Refrence: GitHub
gauthamg
Test the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name\=CVE-2021-44228
Refrence: GitHub
b-abderrahmane
Refrence: GitHub
leetxyz
List of company advisories log4j
Refrence: GitHub
cado-security
Content to help the community responding to the Log4j Vulnerability Log4Shell CVE-2021-44228
Refrence: GitHub
WYSIIWYG
Log4j-RCE (CVE-2021-44228) Proof of Concept
Refrence: GitHub
mkhazamipour
A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228
Refrence: GitHub
Sh0ckFR
Public IoCs about log4j CVE-2021-44228
Refrence: GitHub
zzzz0317
CVE-2021-44228
Refrence: GitHub
datadavev
Simple demo of CVE-2021-44228
Refrence: GitHub
LemonCraftRu
Небольшой мод направленный на устранение уязвимости CVE-2021-44228
Refrence: GitHub
zhangxvx
Apache Log4j CVE-2021-44228 漏洞复现
Refrence: GitHub
darkarnium
Detections for CVE-2021-44228 inside of nested binaries
Refrence: GitHub
chilliwebs
Refrence: GitHub
irgoncalves
This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device
Refrence: GitHub
jeffbryner
docker compose solution to run a vaccine environment for the log4j2 vulnerability CVE-2021-44228
Refrence: GitHub
mergebase
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
Refrence: GitHub
unlimitedsola
A bare minimum proof-of-concept for Log4j2 JNDI RCE vulnerability (CVE-2021-44228/Log4Shell).
Refrence: GitHub
Jeromeyoung
CVE-2021-44228,log4j2 burp插件 Java版本,dnslog选取了非dnslog.cn域名
Refrence: GitHub
corretto
An agent to hotpatch the log4j RCE from CVE-2021-44228.
Refrence: GitHub
alexandre-lavoie
An All-In-One Pure Python PoC for CVE-2021-44228
Refrence: GitHub
RedDrip7
Refrence: GitHub
mzlogin
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
Refrence: GitHub
blake-fm
Script to apply official workaround for VMware vCenter log4j vulnerability CVE-2021-44228
Refrence: GitHub
creamIcec
log4j2漏洞复现
Refrence: GitHub
uint0
Refrence: GitHub
RK800-DEV
CVE-2021-44228(Apache Log4j Remote Code Execution)
Refrence: GitHub
sud0x00
CVE-2021-44228
Refrence: GitHub
DiCanio
Refrence: GitHub
myyxl
Log4J CVE-2021-44228 Minecraft PoC
Refrence: GitHub
RrUZi
An awesome curated list of repos for CVE-2021-44228. Apache Log4j 2
Refrence: GitHub
future-client
Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :)
Refrence: GitHub
CodeShield-Security
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
Refrence: GitHub
Crane-Mocker
Poc of log4j2 (CVE-2021-44228)
Refrence: GitHub
dtact
Scan systems and docker images for potential log4j vulnerabilities. Able to patch (remove JndiLookup.class) from layered archives. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.
Refrence: GitHub
kali-dass
Sample log4j shell exploit
Refrence: GitHub
pravin-pp
Refrence: GitHub
Malwar3Ninja
IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228
Refrence: GitHub
urholaukkarinen
Dockerized Go app for testing the CVE-2021-44228 vulnerability
Refrence: GitHub
ssl
Python script that sends CVE-2021-44228 log4j payload requests to url list
Refrence: GitHub
infiniroot
Mitigate log4shell (CVE-2021-44228) vulnerability attacks using Nginx LUA script
Refrence: GitHub
lohanichaten
Refrence: GitHub
authomize
Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability
Refrence: GitHub
guardicode
Known IoCs for log4j framework vulnerability
Refrence: GitHub
fireflyingup
CVE-2021-44228 test demo
Refrence: GitHub
qingtengyun
Refrence: GitHub
nccgroup
A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability.
Refrence: GitHub
qingtengyun
Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
Refrence: GitHub
tasooshi
A micro lab for CVE-2021-44228 (log4j)
Refrence: GitHub
Hydragyrum
An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228
Refrence: GitHub
twseptian
Spring Boot Log4j - CVE-2021-44228 Docker Lab
Refrence: GitHub
OlafHaalstra
Check list of URLs against Log4j vulnerability CVE-2021-44228
Refrence: GitHub
Panyaprach
Refrence: GitHub
momos1337
Log4j RCE - (CVE-2021-44228)
Refrence: GitHub
palominoinc
Mitigate against log4j vulnerability
Refrence: GitHub
cyberxml
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
Refrence: GitHub
corneacristian
Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)
Refrence: GitHub
Diverto
Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
Refrence: GitHub
dotPY-hax
pythonic pure python RCE exploit for CVE-2021-44228 log4shell
Refrence: GitHub
sunnyvale-it
CVE-2021-44228 (Log4Shell) Proof of Concept
Refrence: GitHub
maxant
Refrence: GitHub
atnetws
fail2ban filter that catches attacks againts log4j CVE-2021-44228
Refrence: GitHub
kimobu
Some files for red team/blue team investigations into CVE-2021-44228
Refrence: GitHub
KainsRache
Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers.
Refrence: GitHub
bigsizeme
log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和burp内置DNS、可配合JNDIExploit生成payload
Refrence: GitHub
pedrohavay
This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).
Refrence: GitHub
0xRyan
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes
Refrence: GitHub
fireeye
OpenIOC rules to facilitate hunting for indicators of compromise
Refrence: GitHub
fullhunt
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Refrence: GitHub
rubo77
a fast check, if your server could be vulnerable to CVE-2021-44228
Refrence: GitHub
thecyberneh
Scanner for Log4j RCE CVE-2021-44228
Refrence: GitHub
halibobor
CVE-2021-44228
Refrence: GitHub
sourcegraph
Using code search to help fix/mitigate log4j CVE-2021-44228
Refrence: GitHub
thedevappsecguy
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
Refrence: GitHub
helsecert
Refrence: GitHub
markuman
CVE-2021-44228 log4j mitigation using aws wafv2 with ansible
Refrence: GitHub
tuyenee
A lab for playing around with the Log4J CVE-2021-44228
Refrence: GitHub
JiuBanSec
Log4j Remote Code Injection (Apache Log4j 2.x < 2.15.0-rc2)
Refrence: GitHub
ycdxsb
Log4Shell Docker Env
Refrence: GitHub
avwolferen
This repository contains a script that you can run on your (windows) machine to mitigate CVE-2021-44228
Refrence: GitHub
kek-Sec
Simple tool for scanning entire directories for attempts of CVE-2021-44228
Refrence: GitHub
Camphul
Research into the implications of CVE-2021-44228 in Spring based applications.
Refrence: GitHub
lov3r
CVE-2021-4428 复现
Refrence: GitHub
sinakeshmiri
simple python scanner to check if your network is vulnerable to CVE-2021-44228
Refrence: GitHub
0xDexter0us
Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.
Refrence: GitHub
LutziGoz
Refrence: GitHub
0xsyr0
This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.
Refrence: GitHub
1hakusai1
log4j2 CVE-2021-44228 POC
Refrence: GitHub
jeffli1024
CVE-2021-44228 - Apache log4j RCE quick test
Refrence: GitHub
zsolt-halo
Refrence: GitHub
manuel-alvarez-alvarez
Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...
Refrence: GitHub
VNYui
Mass recognition tool for CVE-2021-44228
Refrence: GitHub
flxhaas
Refrence: GitHub
justakazh
Mass Check Vulnerable Log4j CVE-2021-44228
Refrence: GitHub
irgoncalves
This tool creates a custom signature set on F5 WAF and apply to policies in blocking mode
Refrence: GitHub
madCdan
Some tools to help mitigating Apache Log4j 2 CVE-2021-44228
Refrence: GitHub
Koupah
A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).
Refrence: GitHub
AlexandreHeroux
Apply class remove process from ear/war/jar/zip archive, see https://logging.apache.org/log4j/2.x/
Refrence: GitHub
kossatzd
demo project to highlight how to execute the log4j (CVE-2021-44228) vulnerability
Refrence: GitHub
tobiasoed
Refrence: GitHub
hackinghippo
log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)
Refrence: GitHub
p3dr16k
log4j version 1 with a patch for CVE-2021-44228 vulnerability
Refrence: GitHub
claranet
Find Log4Shell CVE-2021-44228 on your system
Refrence: GitHub
taurusxin
Refrence: GitHub
corelight
Log4j Exploit Detection Logic for Zeek
Refrence: GitHub
rodfer0x80
CVE-2021-44228
Refrence: GitHub
yanghaoi
Log4Shell A test for CVE-2021-44228
Refrence: GitHub
lfama
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.
Refrence: GitHub
threatmonit
Public IOCs about log4j CVE-2021-44228
Refrence: GitHub
ben-smash
Compiling links of value i find regarding CVE-2021-44228
Refrence: GitHub
strawhatasif
Demonstration of CVE-2021-44228 with a possible strategic fix.
Refrence: GitHub
giterlizzi
Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
Refrence: GitHub
tica506
Refrence: GitHub
chilit-nl
The goal of this project is to demonstrate the log4j cve-2021-44228 exploit vulnerability in a spring-boot setup, and to show how to fix it.
Refrence: GitHub
Occamsec
Bash and PowerShell scripts to scan a local filesystem for Log4j .jar files which could be vulnerable to CVE-2021-44228 aka Log4Shell.
Refrence: GitHub
snatalius
Just a personal proof of concept of CVE-2021-44228 on log4j2
Refrence: GitHub
Contrast-Security-OSS
Professional Service scripts to aid in the identification of affected Java applications in TeamServer
Refrence: GitHub
back2root
PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
Refrence: GitHub
alexbakker
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
Refrence: GitHub
perryflynn
Find log4j for CVE-2021-44228 on some places * Log4Shell
Refrence: GitHub
5l1v3r1
Scan your logs for CVE-2021-44228 related activity and report the attackers
Refrence: GitHub
alpacamybags118
Sample docker-compose setup to show how this exploit works
Refrence: GitHub
sandarenu
Demo project to evaluate Log4j2 Vulnerability | CVE-2021-44228
Refrence: GitHub
roticagas
Refrence: GitHub
Woahd
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading
Refrence: GitHub
faisalfs10x
Log4j2 CVE-2021-44228 revshell, ofc it suck!!
Refrence: GitHub
gcmurphy
Some siimple checks to see if JAR file is vulnerable to CVE-2021-44228
Refrence: GitHub
0xInfection
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
Refrence: GitHub
toramanemre
A Nuclei template for Apache Solr affected by Apache Log4J CVE-2021-44228
Refrence: GitHub
codiobert
Check CVE-2021-44228 vulnerability
Refrence: GitHub
cbuschka
Little recap of the log4j2 remote code execution (CVE-2021-44228)
Refrence: GitHub
andrii-kovalenko-celonis
Endpoint to test CVE-2021-44228 – Log4j 2
Refrence: GitHub
jan-muhammad-zaidi
On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short.
Refrence: GitHub
fox-it
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
Refrence: GitHub
34zY
Details : CVE-2021-44228
Refrence: GitHub
didoatanasov
Refrence: GitHub
ReynerGonzalez
The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell.
Refrence: GitHub
ShaneKingBlog
CVE-2021-44228
Refrence: GitHub
wortell
Repo containing all info, scripts, etc. related to CVE-2021-44228
Refrence: GitHub
municipalparkingservices
Refrence: GitHub
BinaryDefense
Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228
Refrence: GitHub
MalwareTech
Tools for investigating Log4j CVE-2021-44228
Refrence: GitHub
mufeedvh
A firewall reverse proxy for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks.
Refrence: GitHub
guerzon
Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)
Refrence: GitHub
ab0x90
Refrence: GitHub
stripe
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
Refrence: GitHub
xsultan
Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
Refrence: GitHub
HynekPetrak
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Refrence: GitHub
0xThiebaut
CVE-2021-44228 Response Scripts
Refrence: GitHub
CERTCC
Scanners for Jar files that may be vulnerable to CVE-2021-44228
Refrence: GitHub
CrackerCat
Refrence: GitHub
dbzoo
Fast filesystem scanner for CVE-2021-44228
Refrence: GitHub
jeremyrsellars
Aims to find JndiLookup.class in nearly any directory or zip, jar, ear, war file, even deeply nested.
Refrence: GitHub
JustinDPerkins
Quick Deploy to show case cve-2021-44228
Refrence: GitHub
VinniMarcon
Log4J Updater Bash Script to automate the framework update process on numerous machines and prevent the CVE-2021-44228
Refrence: GitHub
bhprin
This project is just to show Apache Log4j2 Vulnerability - aka CVE-2021-44228
Refrence: GitHub
avirahul007
Refrence: GitHub
rgl
A playground for poking at the Log4Shell (CVE-2021-44228) vulnerability mitigations
Refrence: GitHub
anuvindhs
A one-stop repo/ information hub for all log4j vulnerability-related information.
Refrence: GitHub
KeysAU
Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
Refrence: GitHub
kubearmor
Apache Log4j Zero Day Vulnerability aka Log4Shell aka CVE-2021-44228
Refrence: GitHub
jyotisahu98
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Refrence: GitHub
gitlab-de
This repository is designed to be a collection of resources to learn about, detect and mitigate the impact of the Log4j vulnerability - more formally known as CVE-2021-44228 and CVE-2021-45046 (mirror from GitLab.com)
Refrence: GitHub
redhuntlabs
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
Refrence: GitHub
mss
Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions
Refrence: GitHub
MeterianHQ
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
Refrence: GitHub
sebiboga
fix cve 44228 for windows
Refrence: GitHub
mitiga
we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them
Refrence: GitHub
isuruwa
A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228
Refrence: GitHub
honeynet
Data we are receiving from our honeypots about CVE-2021-44228
Refrence: GitHub
inettgmbh
Scans for Log4j versions effected by CVE-2021-44228
Refrence: GitHub
b1tm0n3r
CVE-2021-44228 demo webapp
Refrence: GitHub
VerveIndustrialProtection
Refrence: GitHub
alenazi90
An automated header extensive scanner for detecting log4j RCE CVE-2021-44228
Refrence: GitHub
pmontesd
Very simple Ansible playbook that scan filesystem for JAR files vulnerable to Log4Shell
Refrence: GitHub
LiveOverflow
Small example repo for looking into log4j CVE-2021-44228
Refrence: GitHub
aws-samples
Refrence: GitHub
michaelsanford
Dockerized honeypot for CVE-2021-44228.
Refrence: GitHub
thomaspatzke
A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
Refrence: GitHub
ubitech
A Remote Code Execution PoC for Log4Shell (CVE-2021-44228)
Refrence: GitHub
rv4l3r3
This script is used to perform a fast check if your server is possibly affected by CVE-2021-44228 (the log4j vulnerability).
Refrence: GitHub
dpomnean
log4j vulnerability wrapper scanner for CVE-2021-44228
Refrence: GitHub
roxas-tan
This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
Refrence: GitHub
shamo0
log4shell (CVE-2021-44228) scanning tool
Refrence: GitHub
snow0715
Log4j漏洞(CVE-2021-44228)的Burpsuite检测插件
Refrence: GitHub
Joefreedy
CVE-2021-44228 vulnerability in Apache Log4j library | Log4j vulnerability scanner on Windows machines.
Refrence: GitHub
Nanitor
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)
Refrence: GitHub
Gyrfalc0n
Simple bash script to scan multiples url for log4j vulnerability (CVE-2021-44228)
Refrence: GitHub
korteke
Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)
Refrence: GitHub
recanavar
Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228
Refrence: GitHub
DXC-StrikeForce
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
Refrence: GitHub
andalik
Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 e CVE-2021-44832)
Refrence: GitHub
lonecloud
CVE-2021-44228-Apache-Log4j
Refrence: GitHub
gyaansastra
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
Refrence: GitHub
axisops
log4j mitigation work
Refrence: GitHub
kal1gh0st
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
Refrence: GitHub
hozyx
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.
Refrence: GitHub
andypitcher
Log4J checker for Apache CVE-2021-44228
Refrence: GitHub
Vulnmachines
Refrence: GitHub
kannthu
Refrence: GitHub
Kr0ff
Log4Shell Proof of Concept (CVE-2021-44228)
Refrence: GitHub
suuhm
Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell
Refrence: GitHub
wajda
Test exploit of CVE-2021-44228
Refrence: GitHub
obscuritylabs
A lab demonstration of the log4shell vulnerability: CVE-2021-44228
Refrence: GitHub
Fazmin
Script - Workaround instructions to address CVE-2021-44228 in vCenter Server
Refrence: GitHub
Grupo-Kapa-7
PoC RCE Log4j CVE-2021-4428 para pruebas
Refrence: GitHub
rohankumardubey
Refrence: GitHub
sysadmin0815
Log4Shell mitigation (CVE-2021-44228) - search and remove JNDI class from *log4j*.jar files on the system with Powershell (Windows)
Refrence: GitHub
RenYuH
Log4j2 Vulnerability (CVE-2021-44228)
Refrence: GitHub
scheibling
Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228)
Refrence: GitHub
zaneef
Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione
Refrence: GitHub
metodidavidovic
Scan your IP network and determine hosts with possible CVE-2021-44228 vulnerability in log4j library.
Refrence: GitHub
WatchGuard-Threat-Lab
A collection of IOCs for CVE-2021-44228 also known as Log4Shell
Refrence: GitHub
Aschen
Provide patched version of Log4J against CVE-2021-44228 and CVE-2021-45046 as well as a script to manually patch it yourself
Refrence: GitHub
Nikolas-Charalambidis
A simple simulation of the infamous CVE-2021-44228 issue.
Refrence: GitHub
m0rath
CVE-2021-44228
Refrence: GitHub
nu11secur1ty
Refrence: GitHub
ankur-katiyar
Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability)
Refrence: GitHub
immunityinc
This project will help to test the Log4j CVE-2021-44228 vulnerability.
Refrence: GitHub
DANSI
can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046
Refrence: GitHub
suniastar
A scanning suite to find servers affected by the log4shell flaw (CVE-2021-44228) with example to test it
Refrence: GitHub
shivakumarjayaraman
An attempt to understand the log4j vulnerability by looking through the code
Refrence: GitHub
j3kz
Self-contained lab environment that runs the exploit safely, all from docker compose
Refrence: GitHub
Apipia
A fun activity using a packet capture file from the log4j exploit (CVE-2021-44228)
Refrence: GitHub
axelcurmi
Log4Shell (CVE-2021-44228) docker lab
Refrence: GitHub
otaviokr
This is a showcase how the Log4J vulnerability (CVE-2021-44228) could be explored. This code is safe to run, but understand what it does and how it works!
Refrence: GitHub
kkyehit
Refrence: GitHub
trickyearlobe
An Inspec profile to check for Log4j CVE-2021-44228 and CVE-2021-45046
Refrence: GitHub
TheInterception
Vulnerability analysis, patch management and exploitation tool forCVE-2021-44228 / CVE-2021-45046 / CVE-2021-4104
Refrence: GitHub
KeysAU
Identifying all log4j components across on local windows servers. CVE-2021-44228
Refrence: GitHub
mschmnet
Demo to show how Log4Shell / CVE-2021-44228 vulnerability works
Refrence: GitHub
Rk-000
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Refrence: GitHub
puzzlepeaches
Exploiting CVE-2021-44228 in vCenter for remote code execution and more.
Refrence: GitHub
Labout
A Proof of Concept of the Log4j vulnerabilities (CVE-2021-44228) over Java-RMI
Refrence: GitHub
TotallyNotAHaxxer
a project written in go and java i abandoned for CVE-2021-44228 try to fix it if you can XD
Refrence: GitHub
spasam
log4j2 Log4Shell CVE-2021-44228 proof of concept
Refrence: GitHub
bumheehan
Refrence: GitHub
JagarYousef
A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks
Refrence: GitHub
dmitsuo
Shell script to remove JndiLookup class from Log4J 2 jar file, inside WAR file, in order to mitigate CVE-2021-44228, a.k.a., #Log4Shell
Refrence: GitHub
Y0-kan
log4j2 RCE漏洞(CVE-2021-44228)内网扫描器,可用于在不出网的条件下进行漏洞扫描,帮助企业内部快速发现Log4jShell漏洞。
Refrence: GitHub
julian911015
Script en bash que permite identificar la vulnerabilidad Log4j CVE-2021-44228 de forma remota.
Refrence: GitHub
intel-xeon
Refrence: GitHub
chandru-gunasekaran
Windows Batch Scrip to Fix the log4j-issue-CVE-2021-44228
Refrence: GitHub
erickrr-bd
Java application vulnerable to CVE-2021-44228
Refrence: GitHub
snapattack
Vulnerable web application to test CVE-2021-44228 / log4shell and forensic artifacts from an example attack
Refrence: GitHub
sassoftware
Scan and patch tool for CVE-2021-44228 and related log4j concerns.
Refrence: GitHub
xx-zhang
相关的复现和文档
Refrence: GitHub
r00thunter
Python script to detect Log4Shell Vulnerability CVE-2021-44228
Refrence: GitHub
mn-io
POC for CVE-2021-44228 within Springboot
Refrence: GitHub
rejupillai
Log4j2 CVE-2021-44228 hack demo for a springboot app
Refrence: GitHub
lucab85
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
Refrence: GitHub
BabooPan
Log4Shell Demo with AWS
Refrence: GitHub
ossie-git
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner
Refrence: GitHub
r00thunter
Generic Scanner for Apache log4j RCE CVE-2021-44228
Refrence: GitHub
asyzdykov
CVE-2021-44228-FIX-JARS
Refrence: GitHub
BJLIYANLIANG
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
Refrence: GitHub
badb33f
Proof of Concept of apache log4j LDAP lookup vulnerability. CVE-2021-44228
Refrence: GitHub
TaroballzChen
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
Refrence: GitHub
lucab85
Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).
Refrence: GitHub
grimch
general purpose workaround for the log4j CVE-2021-44228 vulnerability
Refrence: GitHub
cybersecurityworks553
A Proof-Of-Concept Exploit for CVE-2021-44228 vulnerability.
Refrence: GitHub
Toolsec
CVE-2021-44228 检查工具
Refrence: GitHub
puzzlepeaches
Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more.
Refrence: GitHub
many-fac3d-g0d
Log4j2 CVE-2021-44228 Vulnerability POC in Apache Tomcat
Refrence: GitHub
marcourbano
PoC for CVE-2021-44228.
Refrence: GitHub
bsigouin
Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.
Refrence: GitHub
ToxicEnvelope
this repository contains a POC of CVE-2021-44228 (log4j2shell) as part of a security research
Refrence: GitHub
felipe8398
Regra ModSec para proteção log4j2 - CVE-2021-44228
Refrence: GitHub
ceyhuncamli
CVE-2021-44228
Refrence: GitHub
mazhar-hassan
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j
Refrence: GitHub
cungts
IOCs for CVE-2021-44228
Refrence: GitHub
s-retlaw
Log4Shell (Cve-2021-44228) Proof Of Concept
Refrence: GitHub
Ravid-CheckMarx
Refrence: GitHub
yesspider-hacker
log4j-paylaod generator : A generic payload generator for Apache log4j RCE CVE-2021-44228
Refrence: GitHub
LinkMJB
Quick and dirty scanner, hitting common ports looking for Log4Shell (CVE-2021-44228) vulnerability
Refrence: GitHub
NS-Sp4ce
A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Manager
Refrence: GitHub
PoneyClairDeLune
A spigot plugin to fix CVE-2021-44228 Log4j remote code execution vulnerability, to protect Minecraft clients.
Refrence: GitHub
MarceloLeite2604
Presents how to exploit CVE-2021-44228 vulnerability.
Refrence: GitHub
romanutti
This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, known as log4shell.
Refrence: GitHub
marklindsey11
Log4j Vulnerability Scanner
Refrence: GitHub
marklindsey11
Log4j-Scanner
Refrence: GitHub
mklinkj
Log4j2 LDAP 취약점 테스트 (CVE-2021-44228)
Refrence: GitHub
4jfinder
Searchable page for CISA Log4j (CVE-2021-44228) Affected Vendor & Software List
Refrence: GitHub
alexpena5635
Refrence: GitHub
kanitan
A vulnerable web app for log4j2 RCE(CVE-2021-44228) exploit test.
Refrence: GitHub
mr-r3b00t
Backdoor detection for VMware view
Refrence: GitHub
ChandanShastri
A simple program to demonstrate how Log4j vulnerability can be exploited ( CVE-2021-44228 )
Refrence: GitHub
puzzlepeaches
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.
Refrence: GitHub
Vulnmachines
Log4jshell - CVE-2021-44228
Refrence: GitHub
mr-vill4in
CVE-2021-44228
Refrence: GitHub
nix-xin
A vulnerable Java based REST API for demonstrating CVE-2021-44228 (log4shell).
Refrence: GitHub
maximofernandezriera
This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
Refrence: GitHub
mebibite
Created after the disclosure of CVE-2021-44228. Bash script that detects Log4j occurrences in your projects and systems, allowing you to get insight on versions used. Unpacks JARs and analyses their Manifest files.
Refrence: GitHub
jxerome
Démo du fonctionnement de log4shell (CVE-2021-44228)
Refrence: GitHub
solitarysp
Refrence: GitHub
atlassion
Script to create a log4j (CVE-2021-44228) exploit with support for different methods of getting a reverse shell
Refrence: GitHub
atlassion
Fix: CVE-2021-44228 4LOGJ
Refrence: GitHub
sdogancesur
This work includes testing and improvement tools for CVE-2021-44228(log4j).
Refrence: GitHub
jrocia
This Pwsh script run AppScan Standard scans against a list of web sites (URLs.txt) checking for Log4J (CVE-2021-44228) vulnerability
Refrence: GitHub
aajuvonen
A Java application intentionally vulnerable to CVE-2021-44228
Refrence: GitHub
arnaudluti
Static detection of vulnerable log4j librairies on Windows servers, members of an AD domain.
Refrence: GitHub
ColdFusionX
POC for Infamous Log4j CVE-2021-44228
Refrence: GitHub
robrankin
Testing WAF protection against CVE-2021-44228 Log4Shell
Refrence: GitHub
0xalwayslucky
vulnerable setup to display an attack chain of log4j CVE-2021-44228 with privilege escalation to root using the polkit exploit CVE-2021-4034
Refrence: GitHub
y-security
PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)
Refrence: GitHub
FeryaelJustice
This repository is for Log4j 2021 (CVE-2021-44228) Vulnerability demonstration and mitigation.
Refrence: GitHub
hotpotcookie
Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the exploit scripts. Supporting cooki3 script as the main exploit tools & integration
Refrence: GitHub
s-retlaw
Rust implementation of the Log 4 Shell (log 4 j - CVE-2021-44228)
Refrence: GitHub
Ananya-0306
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Refrence: GitHub
paulvkitor
Springboot web application accepts a name get parameter and logs its value to log4j2. Vulnerable to CVE-2021-44228.
Refrence: GitHub
MiguelM001
HERRAMIENTA AUTOMATIZADA PARA LA DETECCION DE LA VULNERABILIDAD CVE-2021-44228
Refrence: GitHub
Jun-5heng
Log4j2组件命令执行RCE / Code By:Jun_sheng
Refrence: GitHub
honypot
Refrence: GitHub
honypot
Refrence: GitHub
vulnerable-apps
Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability
Refrence: GitHub
manishkanyal
A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046
Refrence: GitHub
TPower2112
CVE-2021-44228 Log4j Summary
Refrence: GitHub
Willian-2-0-0-1
Refrence: GitHub
r3kind1e
Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.
Refrence: GitHub
Phineas09
Log4Shell Proof-Of-Concept derived from https://github.com/kozmer/log4j-shell-poc
Refrence: GitHub
hassaanahmad813
CVE-2021-44228 vulnerability in Apache Log4j library
Refrence: GitHub
yuuki1967
Refrence: GitHub
moshuum
This project files demostrate a proof-of-concept of log4j vulnerability (CVE-2021-44228) on AWS using Terraform Infrastructure-as-a-code means.
Refrence: GitHub
jaehnri
Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)
Refrence: GitHub
ra890927
Log4Shell CVE-2021-44228 Demo
Refrence: GitHub
bughuntar
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Refrence: GitHub
vidrez
📃 A report about CVE-2021-44228
Refrence: GitHub
vino-theva
Apache Log4j is a logging tool written in Java. This paper focuses on what is Log4j and log4shell vulnerability and how it works, how it affects the victim, and how can this be mitigated
Refrence: GitHub
tharindudh
Refrence: GitHub
eurogig
Simple Java Front and Back end with bad log4j version featuring CVE-2021-44228
Refrence: GitHub
digital-dev
This powershell script is intended to be used by anyone looking to remediate the Log4j Vulnerability within their environment. It can target multiple machines and run remotely as a job on all or only affected devices.
Refrence: GitHub
ocastel
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
Refrence: GitHub
bcdunbar
CVE-2021-44228 POC / Example
Refrence: GitHub
srcporter
DO NOT USE FOR ANYTHING REAL. Simple springboot sample app with vulnerability CVE-2021-44228 aka "Log4Shell"
Refrence: GitHub
Nexolanta
Refrence: GitHub
demining
Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (Log4Shell). Attackers can exploit vulnerable servers by connecting over any protocol, such as HTTPS, and sending a specially crafted string.
Refrence: GitHub
pierpaolosestito-dev
CVE 2021-44228 Proof-of-Concept. Log4Shell is an attack against Servers that uses vulnerable versions of Log4J.
Refrence: GitHub
Sma-Das
An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecraft
Refrence: GitHub
heeloo123
CVE-2021-44228
Refrence: GitHub
53buahapel
this web is vulnerable against CVE-2021-44228
Refrence: GitHub
demonrvm
A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-44832, CVE-2021-45046 and CVE-2021-45105
Refrence: GitHub
funcid
💣💥💀 Proof of Concept: пример запуска fork-бомбы на удаленном сервере благодаря уязвимости CVE-2021-44228
Refrence: GitHub
MrHarshvardhan
Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.
Refrence: GitHub
Muhammad-Ali007
Refrence: GitHub
Tai-e
Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability
Refrence: GitHub
LucasPDiniz
Log4j Vulnerability RCE - CVE-2021-44228
Refrence: GitHub
felixslama
Log4Shell (CVE-2021-44228) minecraft demo. Used for education fairs
Refrence: GitHub
ShlomiRex
CVE-2021-44228
Refrence: GitHub
dcm2406
Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604
Refrence: GitHub
scabench
jee web project with log4shell (CVE-2021-44228) vulnerability
Refrence: GitHub
scabench
jee web project with sanitised log4shell (CVE-2021-44228) vulnerability
Refrence: GitHub
KtokKawu
This is a potentially vulnerable Java web application containing Log4j affected by log4shell(CVE-2021-44228).
Refrence: GitHub
sec13b
exploit CVE-2021-44228
Refrence: GitHub
KirkDJohnson
Downloaded a packet capture (.pcapng) file from malware-traffic-analysis.net which was an example of an attempted attack against a webserver using the Log4J vulnerability (CVE-2021-44228). I examined teh amount of endpoints communicating with the server and knowing jnidi as a common in the vulnerbilty found it in clear text
Refrence: GitHub
YangHyperData
Refrence: GitHub
Content on GitHub
yahoo | watchers:173
check-log4j
To determine if a host is vulnerable to log4j CVE‐2021‐44228
Refrence: GitHub