Visibility and Mitigation for Log4J vulnerabilities

Overview

Visibility and Mitigation for Log4J vulnerabilities

Several scripts for the visibility and mitigation of Log4J vulnerabilities.

Static Scanner - Linux

How it works
The tool works by identifying files that are either vulnerable Log4J jars, or files containing potentially vulnerable Log4J jars. It uses a number of different methods to do this:

  1. Name identification - This matches the name of the file with the vulnerable version range.
  2. Hash identification - This performs hashing on the file and compares it with known hashes of vulnerable versions of Log4J.
  3. Deep search identification - This searches for known classes within the vulnerable version range. If the file is zip-like, then the file names will be compared using name identification.

Usage
--disable-deep-search - Disables deep search and resorts to using only hashes and filenames (Default: False)
--deep-search-filesize=N - Sets the largest size of a file that this script will search in (Default: 30)
--search-binaries - Sets whether the script will look in .jar files, or all files (Default: False)
--output-dir=XYZ - Sets the output directory (Default: /tmp/)\

Example Output

[email protected]:~$ sudo python log.py --search-binaries
{"MachineName":"test","OS_Version":"Linux-5.11.0-37-generic-x86_64-with-Ubuntu-20.04-focal","Found":[{"file_path":"/home/test/filename","method":"deep_search","sha1":"d1879ffaf40d4fa77d2dafb0163f91fefacefa06"}],"Errors":[]}

Static Scanner - Windows

How it works
The tool works by identifying files that are either vulnerable Log4J jars, or files containing potentially vulnerable Log4J jars. It uses a number of different methods to do this:

  1. Hash identification - This performs hashing on the file and compares it with known hashes of vulnerable versions of Log4J.
  2. Deep search identification - This searches for known classes within the vulnerable version range. If the file is zip-like, then the file names will be compared using name identification.

Usage
Ivnoke-Log4JScan - This function scans the entire machine for potential Log4J vulnerable jar files. -StringsLookup - If this parameter set to True, deep search indentification will be enabled

Example Output

PS > . .\invoke-log4jscan.ps1
PS > Ivnoke-Log4JScan -StringsLookup $True
{"Found" :[{"sha1" :"9ed084377e4396f3fe97a780610e3fd418813b83","method" :"deep_search","file_path" :"C:\\filename.jar"}],"MachineName" :"WIN-TEST","OS_Version" :"Windows_NT"}
PS > . .\invoke-log4jscan.ps1
PS > Ivnoke-Log4JScan -StringsLookup $True | Out-File $(join-path $env:temp 'log4j_scan_results.json')

Dynamic Scanner And Patching - Windows & Linux

How it works
We recommend using a great tool released this week by the Amazon Corretto team.
A fork of the tool is included in this repo, with an added visibility feature that logs more info about possibly affected processes.
It works by loading Java code into running Java processes using standard Java mechanisms.
After being loaded into the processes, it detects if log4j is loaded and tries to do two things:

  1. Log information about the module.
  2. Patch the vulnerable function.

Usage
Full instructions on building and running the tool is found in the repository itself.

Owner
SentinelLabs
SentinelLabs
Local File Inclusion Scanner and Exploiter

LFI-Paradise Local File Inclusion Scanner and Exploiter Features 1- Scanner 2- E

11 Sep 04, 2022
Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

Hocky Harijanto 0 Jan 10, 2022
This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks. The goal is to successfully use this notebook project below with Security Onion for beacon detection

4 Jun 08, 2022
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Driver Buddy Reloaded Quickstart Table of Contents Installation Usage About Driver Buddy Reloaded Finding DispatchDeviceControl Labelling WDM & WDF St

Paolo 'VoidSec' Stagno 199 Jan 04, 2023
Discord Region Swapping Exploit (VC Overload)

Discord-VC-Exploit Discord Region Swapping Exploit (VC Overload) aka VC Crasher How does this work? Discord has multiple servers that lets people arou

Rainn 11 Sep 10, 2022
Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ

Steven Black 22.1k Jan 02, 2023
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Infoga - Email OSINT Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pg

m4ll0k (mallok) 1.8k Jan 04, 2023
Fast Fb Cracking Tool

fb-brute Fast Fb Cracking Tool 🏆

Aryan 8 Jun 29, 2022
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo Hanžek 1 Jan 14, 2022
StarUML cracker - StarUML cracker With Python

StarUML_cracker Usage On Linux Clone the repo. git clone https://github.com/mana

Bibek Manandhar 9 Jun 20, 2022
List of S3 Hacks

s3-leaks List of AWS S3 Leaks Feel free to send in a PR if you know of other leaks Date Description Notes Aug2020 S3 bucket mess up exposed 182GB of s

Nag 291 Dec 28, 2022
neo Tool is great one in binary exploitation topic

neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it

Hamza Elansari 4 Oct 10, 2022
ShoLister - a tool that collects all available subdomains for specific hostname or organization from Shodan

ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.

Eslam Akl 45 Dec 28, 2022
RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data

RedlineSpam Python tool to spam Redline Infostealer panels with legit looking da

4 Jan 27, 2022
Cobalt Strike Beacon configuration extractor and parser.

Cobalt Strike Configuration Extractor and Parser Overview Pure Python library and set of scripts to extract and parse configurations (configs) from Co

Stroz Friedberg 102 Dec 18, 2022
Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

This program is an non-object oriented opensource, hidden and undetectable backdoor/reverse shell/RAT for Windows made in Python 3 which contains many features such as multi-client support and cross-

35 Apr 17, 2022
Sudo Baron Samedit Exploit

CVE-2021-3156 (Sudo Baron Samedit) This repository is CVE-2021-3156 exploit targeting Linux x64. For writeup, please visit https://datafarm-cybersecur

Worawit Wang 559 Jan 03, 2023
This is a simple Port Flooder written in Python 3.

This is a simple Port Flooder written in Python 3. Use this tool to quickly stress test your network devices and measure your router's or server's load.

Júlio Carneiro 4 Feb 20, 2022
Template for new OSINT command-line tools

OSINT cli tool skeleton Template for new OSINT command-line tools. Press button "Use this template" to generate your own tool repository. See INSTALL.

36 Dec 20, 2022
PKUAutoElective for 2021 spring semester

PKUAutoElective 2021 Spring Version Update at Mar 7 15:28 (UTC+8): 修改了 get_supplement 的 API 参数,已经可以实现课程列表页面的正常跳转,请更新至最新 commit 版本 本项目基于 PKUAutoElectiv

Zihan Mao 84 Sep 09, 2022