Visibility and Mitigation for Log4J vulnerabilities

Overview

Visibility and Mitigation for Log4J vulnerabilities

Several scripts for the visibility and mitigation of Log4J vulnerabilities.

Static Scanner - Linux

How it works
The tool works by identifying files that are either vulnerable Log4J jars, or files containing potentially vulnerable Log4J jars. It uses a number of different methods to do this:

  1. Name identification - This matches the name of the file with the vulnerable version range.
  2. Hash identification - This performs hashing on the file and compares it with known hashes of vulnerable versions of Log4J.
  3. Deep search identification - This searches for known classes within the vulnerable version range. If the file is zip-like, then the file names will be compared using name identification.

Usage
--disable-deep-search - Disables deep search and resorts to using only hashes and filenames (Default: False)
--deep-search-filesize=N - Sets the largest size of a file that this script will search in (Default: 30)
--search-binaries - Sets whether the script will look in .jar files, or all files (Default: False)
--output-dir=XYZ - Sets the output directory (Default: /tmp/)\

Example Output

[email protected]:~$ sudo python log.py --search-binaries
{"MachineName":"test","OS_Version":"Linux-5.11.0-37-generic-x86_64-with-Ubuntu-20.04-focal","Found":[{"file_path":"/home/test/filename","method":"deep_search","sha1":"d1879ffaf40d4fa77d2dafb0163f91fefacefa06"}],"Errors":[]}

Static Scanner - Windows

How it works
The tool works by identifying files that are either vulnerable Log4J jars, or files containing potentially vulnerable Log4J jars. It uses a number of different methods to do this:

  1. Hash identification - This performs hashing on the file and compares it with known hashes of vulnerable versions of Log4J.
  2. Deep search identification - This searches for known classes within the vulnerable version range. If the file is zip-like, then the file names will be compared using name identification.

Usage
Ivnoke-Log4JScan - This function scans the entire machine for potential Log4J vulnerable jar files. -StringsLookup - If this parameter set to True, deep search indentification will be enabled

Example Output

PS > . .\invoke-log4jscan.ps1
PS > Ivnoke-Log4JScan -StringsLookup $True
{"Found" :[{"sha1" :"9ed084377e4396f3fe97a780610e3fd418813b83","method" :"deep_search","file_path" :"C:\\filename.jar"}],"MachineName" :"WIN-TEST","OS_Version" :"Windows_NT"}
PS > . .\invoke-log4jscan.ps1
PS > Ivnoke-Log4JScan -StringsLookup $True | Out-File $(join-path $env:temp 'log4j_scan_results.json')

Dynamic Scanner And Patching - Windows & Linux

How it works
We recommend using a great tool released this week by the Amazon Corretto team.
A fork of the tool is included in this repo, with an added visibility feature that logs more info about possibly affected processes.
It works by loading Java code into running Java processes using standard Java mechanisms.
After being loaded into the processes, it detects if log4j is loaded and tries to do two things:

  1. Log information about the module.
  2. Patch the vulnerable function.

Usage
Full instructions on building and running the tool is found in the repository itself.

Owner
SentinelLabs
SentinelLabs
Python exploit for vsftpd 2.3.4 - Backdoor Command Execution

CVE-2011-2523 - vsftpd 2.3.4 Exploit Discription vsftpd, which stands for Very Secure FTP Daemon,is an FTP server for Unix-like systems, including Lin

Padsala Tushal 5 Nov 08, 2022
A small script to export all AWAF policies from a BIG-IP device

This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

3 Feb 03, 2022
Reverse engineered Parler API

Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre

393 Nov 26, 2022
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

Varun Jagtap 5 Oct 08, 2022
Cisco RV110w UPnP stack overflow

Cisco RV110W UPnP 0day 分析 前言 最近UPnP比较火,恰好手里有一台Cisco RV110W,在2021年8月份思科官方公布了一个Cisco RV系列关于UPnP的0day,但是具体的细节并没有公布出来。于是想要用手中的设备调试挖掘一下这个漏洞,漏洞的公告可以在官网看到。 准

badmonkey 25 Nov 09, 2022
Metasploit Multi Purpose Exploiting Toolkit For Termux

MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me

Mr.X 22 Dec 29, 2022
A Python tool to automate some dorking stuff to find information disclosures.

WebDork v1.0.3 A open-source tool to find publicly available sensitive information about Companies/Organisations! WebDork A Python tool to automate so

Rahul rc 123 Jan 08, 2023
Zero-attacker is an multipurpose hacking tool with over 12 tools

Zero Attacker Zero Attacker is bunch of tools which we made for people.These all tools are for purpose of ethical hacking and discord tools. Who is th

Asjad 300 Dec 28, 2022
Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

loggef Facebook automation tool, Facebook account hacking and cloning advanced tool + dictionary attack added Warning Use this tool for educational pu

Md Josif Khan 149 Aug 10, 2022
SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

Jake Baines 80 Dec 29, 2022
A Tool for subdomain scan with other tools

ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. Obs: In a close future recontrac

15 Dec 18, 2021
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS

Enox 47 Nov 09, 2022
Log4j exploit catcher, detect Log4Shell exploits and try to get payloads.

log4j_catcher Log4j exploit catcher, detect Log4Shell exploits and try to get payloads. This is a basic python server that listen on a port and logs i

EntropyQueen 17 Dec 20, 2021
DNS hijacking via dead records automation tool

DeadDNS Multi-threaded DNS hijacking via dead records automation tool How it works 1) Dig provided subdomains file for dead DNS records. 2) Dig the fo

45 Dec 20, 2022
🔐 A simple command-line password manager.

PassVault What Is It? It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in

5 Aug 15, 2022
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

之乎者也 2.8k Dec 29, 2022
Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

KrisIsHere 1 Nov 17, 2021
Python APK Reverser & Patcher Tool

DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (

DedSecTL 10 Oct 31, 2022
Fast Fb Cracking Tool

fb-brute Fast Fb Cracking Tool 🏆

Aryan 8 Jun 29, 2022
Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

🕷️ Scarecrow 🕷️ Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts. It looks for processes with specific names to v

Billy 33 Sep 28, 2022