Operational information regarding the vulnerability in the Log4j logging library.

Related tags

Security related resourceslog4jcve-2021-44228log4shell
Overview

Log4j Vulnerability (CVE-2021-44228)

This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228). For additional information see:

Repository contents

Directory Purpose
hunting Contains info regarding hunting for exploitation
iocs Contains any Indicators of Compromise, such as scanning IPs, etc
mitigation Contains info regarding mitigation, such as regexes for detecting scanning activity and more
scanning Contains references to methods and tooling used for scanning for the Log4j vulnerability
software Contains a list of known vulnerable and not vulnerable software
tools Contains a list of tools for automatically parsing info on this repo

Please note that these directories are not complete, and are currently being expanded.

NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.

Contributions welcome

If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open a Pull request. New to this? Read how to contribute in GitHub's documentation.

Thank you

Dear contributors, partners all over the world,

We have received an impressive/enormous number of pull requests on this repo. It contains vital information that contributes to the situational overview around the Log4j vulnerability. The list of vulnerable applications is currently one of the most up-to-date ones with continuous input from across the globe. It is still expanding and we are working hard to process all the contributions.

Due to our joint efforts and strong cooperation we are confident that we will be better equipped to manage this situation.

Thank you all very much for your hard work and we keep welcoming your input via GitHub.

Comments
  • APC - PowerChute Business Edition

    APC - PowerChute Business Edition

    Not visible anything on their site yet:

    C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib>dir | findstr log4j

    10-12-2020 18:42 264,058 log4j-api-2.11.1.jar 10-12-2020 18:42 1,607,936 log4j-core-2.11.1.jar 10-12-2020 18:42 23,242 log4j-slf4j-impl-2.11.1.jar

    PowerChute Business Edition - 10.0.2.301

    investigate 
    opened by OS3DrNick 8
  • ESET Secure Authentication

    ESET Secure Authentication

    ESET states that they're not vulnerable, but we have various companies that Have ESET Secure Authentication installed and perform a scan for files, then we see that log4j is included in ESET Secure Authentication in the Elasticsearch component which they're shipping in their binary.

    [2021-12-16 10:19:27.784944] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\lib\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2]

    [2021-12-16 10:19:28.847458] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\search-guard-tlstool-1.7\deps\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202:log4j 2.9.0 - 2.11.2]

    software PR-requested 
    opened by nvaert1986 6
  • Add Waters product statement

    Add Waters product statement

    Add product statement for family of Waters informatics solutions

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x ] Status: please select a value from the status table at the top
    • [ x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x ] Please mind the sorting
    software Stale 
    opened by StefanTIB 5
  • Update voor Dell EMC Unity

    Update voor Dell EMC Unity

    Dell EMC heeft versie 5.1.2.0.5.007 voor de Dell EMC Unity uitgebracht. "This release addresses the Apache Log4j issue", maar aangezien er (nog) geen release notes beschikbaar zijn weet ik niet welke van de CVE's wel of niet verholpen zijn.

    opened by dennixxNL 5
  • Add Fedex Ship Manager

    Add Fedex Ship Manager

    Updated Fedex Ship Manager to 3509, adding notes about pending 3510 update 1/24.

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [ ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [ ] Status: please select a value from the status table at the top
    • [ ] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [ ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [ ] Please mind the sorting
    software Stale 
    opened by Gadgetgeek2000 5
  • FEDEX Ship Manager

    FEDEX Ship Manager

    Following files were found on the FEDEX Ship Manager server installation, version 3508:

    C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-api-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-core-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-jcl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-slf4j-impl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4jna-api-2.0.jar

    software PR-requested 
    opened by Gadgetgeek2000 5
  • Add Beyond Compare and Bitwarden not vuln

    Add Beyond Compare and Bitwarden not vuln

    Neighter are vuln Beyondcompare makes the remark in the footer of there site.

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • Status: please select a value from the status table at the top
    • Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • Please mind the sorting
    • Please put vendor/product name in PR title (instead of "Update README.md")
    opened by abtomat-inf 5
  • Added note from Schneider Electric about APC software

    Added note from Schneider Electric about APC software

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • Status: please select a value from the status table at the top
    • Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • Please mind the sorting
    • Please put vendor/product name in PR title (instead of "Update README.md")
    opened by ipbgeek 5
  • Add Fujifilm to software list

    Add Fujifilm to software list

    from advisory sent by vendor

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x] Status: please select a value from the status table at the top
    • [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x] Please mind the sorting
    software Stale 
    opened by alkajazz 4
  • Update software_list_s.md

    Update software_list_s.md

    Updated Stormshield with specific advisory for StormShield Visibility Center (only product announced vulnerable to CVE-2021-44228) Updated SonicWall product list based on v2.3 of their advisory

    Thank you for your contribution! Some pointers to get it merged quickly:

    For contributions in software/:

    • [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
    • [x] Status: please select a value from the status table at the top
    • [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
    • [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
    • [x] Please mind the sorting
    software 
    opened by anssi-cvp 4
  • please improve formatting quality

    please improve formatting quality

    The quality of markdown tables is slowly deteriorating:

    • some entries don't have a trailing |, some do
    • some table uses a different separator than |:----, namely |----

    This makes it hard for automated parsing tools to access the data.

    Doing a one-shot cleanup and sending a pull request fixing half the entries would not be wise, because it would make all the other waiting pull requests unmergeable. Also, implementing a commit hook would make the entire file un-commitable.

    My idea would be to

    • fix |:--- manually
    • ask contributors for a more rigid input formatting
    • add a pre-merge-commit hook, that would only check the diff for violations of the code, so that the old code can still be ugly (for some time)
    software PR-requested 
    opened by milankowww 4
Releases(log4shell_info_20220615)
Owner
Nationaal Cyber Security Centrum (NCSC-NL)
Nationaal Cyber Security Centrum (NCSC-NL)
GitHub Repository
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022
A local Socks5 server written in python, used for integrating Multi-hop

proxy-Zata proxy-Zata v1.0 This is a local Socks5 server written in python, used for integrating Multi-hop (Socks4/Socks5/HTTP) forward proxy then pro

4 Feb 24, 2022
AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not. The program requests the hash of the file and outputs information (if any). This version will

Kirk 1 Jan 03, 2022
A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

K4YT3X 408 Jan 03, 2023
A security system to warn you when people enter your room 🎥

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

Hocky Harijanto 0 Jan 10, 2022
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

Anontemitayo 9 Dec 30, 2022
A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

Hamza 64 Oct 18, 2022
A fast sub domain brute tool for pentesters

subDomainsBrute 1.4 A fast sub domain brute tool for pentesters. It works with P

Oliver 2 Oct 18, 2022
ssh-audit is a tool for ssh server & client configuration auditing.

SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Joe Testa 1.4k Dec 31, 2022
Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

ru55o 2 Oct 31, 2022
Gefilte Fish GMail filter creator

Gefilte Fish: GMail filter maker Gefilte Fish automates the creation of GMail filters. Use it like this: from gefilte import GefilteFish,

Ned Batchelder 31 Sep 28, 2022
🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

QeeqBox 259 Dec 31, 2022
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022
Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

MalwareTech 91 Dec 29, 2022
Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use. Will try to add atleast 10 more tools currently use 7 sources to gather domains.

Harinder Singh 7 Jan 03, 2022
This repo explains in details about buffer overflow exploit development for windows executable.

Buffer Overflow Exploit Development For Beginner Introduction I am beginner in security community and as my fellow beginner, I spend some of my time a

cris_0xC0 11 Dec 17, 2022
Open-source keylogger write in python

Python open-source keylogger Language Python open-source keylogger using pynput module Using Install dependences in archive setup.py or install.sh in

Dio brando 4 Jan 15, 2022
威胁情报播报

Threat-Broadcast 威胁情报播报 运行环境 项目介绍 从以下公开的威胁情报来源爬取并整合最新信息: 360:https://cert.360.cn/warning 奇安信:https://ti.qianxin.com/advisory/ 红后:https://redqueen.tj-u

东方有鱼名为咸 148 Nov 09, 2022
Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container

Home Assistant LDAP Auth Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container. Usage Deploy NGINX's l

Erik 1 Sep 21, 2022