Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

Related tags

Security related resourceslog4j-finder
Overview

log4j-finder

A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk and inside Java Archive files (JARs).

log4j-finder results

Usage

Example usage to scan a path (defaults to /):

$ python3 log4j-finder.py /path/to/scan

Or directly a JAR file:

$ python3 log4j-finder.py /path/to/jarfile.jar

Or multiple directories and or files:

$ python3 log4j-finder.py /path/to/dir1 /path/to/dir2 /path/to/jarfile.jar

Files or directories that cannot be accessed (Permission denied errors) are not printed. If you want to see more output, you can give the -v flag for verbose, or -vv for debug mode (only recommended for debugging purposes).

Comments
  • Windows - Export results to a file

    Windows - Export results to a file

    Looking to somehow run this EXE on all our Windows systems remotely and then somehow aggregate all the results and parse looking for findings.. Any work on possibly implementing this? Thanks for all the hard work!

    opened by kmccb 8
  • zipfile.Path is 3.8+ only

    zipfile.Path is 3.8+ only

    Your doco says python 3.6+ but you're using zipfile.Path that wasn't introduced until 3.8. Just FYI. So this can't be used on any RHEL boxes without custom python installs.

    opened by scoggins 7
  • Errors on one certain server - too long filename perhaps?

    Errors on one certain server - too long filename perhaps?

    Hi,

    One of my servers spits out an error. I've replaced the servername and username.

    My first wild guess is that the path is too long and the application can't handle that. But that's just a wild guess on the first glance at the path. Do note that the broken lines is copied as-is from the output I got.

    Traceback (most recent call last):
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : _<servername>_
Traceback (most recent call last):
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : _<servername>_

  File "log4j-finder.py", line 298, in <module>
  File "log4j-finder.py", line 298, in <module>

  File "log4j-finder.py", line 264, in main
  File "log4j-finder.py", line 264, in main

  File "pathlib.py", line 1193, in open
  File "pathlib.py", line 1193, in open

  File "pathlib.py", line 1046, in _opener
  File "pathlib.py", line 1046, in _opener

FileNotFoundError
FileNotFoundError
:
:
[Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application
 Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Appli
cation Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
[Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\App
lication Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
[
[
3189
3189
7
7
2] Failed
2] Failed
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
to execute
to execute
NotSpecified: (:) [], RemoteException
NotSpecified: (:) [], RemoteException
script l
script l
o
o
g4j-finder
g4j-finder
    opened by erottier 5
  • Adding -q option ?

    Adding -q option ?

    • WHAT ? One-liner output for each discovered log4j-core-2.x.jar file.
    [[email protected] log4j-finder]$ sudo ./dist/log4j-finder -bq  /tmp
$HOSTNAME [shorter timestamp ] VULNERABLE: /tmp/apache-log4j-2.8-bin/log4j-core-2.8.jar -> org/apache/logging/log4j/core/net/JndiManager.class [415c13e7c8505fb056d540eac29b72fa: log4j 2.7 - 2.8.1]
[[email protected] log4j-finder]$
    • WHY ? So that it is better used with CM tool like saltstack/ansible tools. -b option to exclude banner is still too much verbose for me.
    [[email protected] log4j-finder]$ sudo ./dist/log4j-finder -bq  /tmp
usage: log4j-finder [-h] [-v] [-n] [-b] [PATH ...]
log4j-finder: error: argument -b/--no-banner: ignored explicit argument 'q'
[[email protected] log4j-finder]$ sudo ./dist/log4j-finder -b  /tmp
[2021-12-16 20:55:05.573146] Scanning: /tmp
[2021-12-16 20:55:05.596662] VULNERABLE: /tmp/apache-log4j-2.8-bin/log4j-core-2.8.jar -> org/apache/logging/log4j/core/net/JndiManager.class [415c13e7c8505fb056d540eac29b72fa: log4j 2.7 - 2.8.1]
[2021-12-16 20:55:05.679576] Finished scan, elapsed time: 0.11 seconds

Summary:
 Processed 291 files and 23 directories
 Scanned 44 files
  Found 1 vulnerable files

Elapsed time: 0.11 seconds
[[email protected] log4j-finder]$
    opened by tjyang 5
  • Trojan-Downloader.Win32.Bitser infection found in log4j-finder.exe

    Trojan-Downloader.Win32.Bitser infection found in log4j-finder.exe

    Kaspersky Anti-Virus found this on .exe file

    Type: Cheval de Troie Nom: Trojan-Downloader.Win32.Bitser.cue Exactitude: Exactement Niveau de menace: Élevé Type d'objet: Fichier Nom de l'objet: log4j-finder.exe Chemin de l'objet: *********** MD5: 0E08555A17CA3E08D02DBD4CFB87C1AA Raison: Consigné dans le rapport

    Kind regards. Jipi69

    opened by JIPI69 5
  • Documentation should explicitly mention that other archive file types are NOT scanned

    Documentation should explicitly mention that other archive file types are NOT scanned

    I think the documentation should explicitly mention that only JAR, EAR and WAR files are scanned.

    For example, often a rolled out software comes in the form of a ZIP file or RAR, TAR, TAR.GZ (TGZ), TAR.BZ2 or platform-specific files types like an extractable EXE or MSI files.

    Other programming languages use ZIP the file format but with a different suffix as an archive format as well, e.g. Python uses the WHL suffix.

    Such archive files might contain Java classes as well, probably wrapped in *.JAR archives inside the outer archive.

    These file types will not be scanned and I think this should be mentioned.

    opened by hvbtup 4
  • Access Denied even after elevating cmd

    Access Denied even after elevating cmd

    Hello Team,

    Thanks for developing this tool. I was trying to run it on my PC(windows), just installed python and ran it as explained by you, however, I am seeing a lot of access denied(even after opening cmd as admin and running if from there).

    Is there a way to give it privilges?

    opened by laroshkhan 4
  • Critical issue on Windows

    Critical issue on Windows

    @yunzheng : you use standard path libraries for the lookups of files in zip files: this approach is incorrect.

    image

    On windows the Exception will always be hit becasue the path for lookup of the class gets passed in the wrong format:

    'org\\apache\\logging\\log4j\\core\\lookup\\JndiLookup.class'

    rather than

    'org/apache/logging/log4j/core/lookup/JndiLookup.class'

    And since you have defaulted to setting has_lookup = False, VULNERABLE jars are being labeled PATCHED.

    This is very bad if people using windows are to rely on your tool...

    The behavior is inconsistent across your codebase... this is OK:

    image

    Furtheron it is not OK:

    image

    opened by KrisJanssen 3
  • Show patched .jar files as PATCHED (removal of JndiLookup.class)

    Show patched .jar files as PATCHED (removal of JndiLookup.class)

    Following the official Apache Log4j 2.x mitigation regarding the removal of JndiLookup class, these JAR files will now show up as PATCHED.

    More info regarding the removing of JndiLookup.class is described here: https://logging.apache.org/log4j/2.x/security.html

    opened by yunzheng 3
  • Revert

    Revert "Remove incorrect has_lookup=False for JndiLookup.class"

    Reverts fox-it/log4j-finder#36

    The old behaviour was actually correct, when there is a KeyError, it means no JndiLookup.class file is found. However the KeyError was also triggered due to non posix paths on Windows, that is now fixed in #37.

    opened by yunzheng 1
  • Perhaps mention you need python 3.8.10 to support win7

    Perhaps mention you need python 3.8.10 to support win7

    Because when created with 3.9 or 3.10 the binary will not work, and result in "api-ms-win-core-path-l1-1-0.dll is missing"

    It says so on the download page of python.org, but it can't hurt to mention it.

    (lower is obviously also possible, but 3.8.10 is easiest to use in this case)

    opened by jkommeren 1
  • Signed Windows Binary Out-Of-Date

    Signed Windows Binary Out-Of-Date

    Hello,

    Thank you so much for providing the python script and binary. Are you able to release a new binary and signed version since the log4j version 2.17.1 is not recognized as clean ?

    Thank you !

    opened by SKAatGIT 0
  • Added option to store results in a file preserving color highlighting…

    Added option to store results in a file preserving color highlighting…

    … in addition to stdout. Added option to then view stored results displaying saved color highlighting.

    In other words not only are results displayed on the screen (stdout) in real time but are also saved in a file that can be viewed later with the same color highlighting. This is especially useful on Windows since piping to something like Tee loses color highlighting.

    opened by brian-oster-acme 0
  • quick + dirty multipass scan feature

    quick + dirty multipass scan feature

    Quick + dirty multi-pass scan feature

    • added multi-pass flag (skips zip files)
    • added input flag (ingests list of zip files)
    • added output flag (writes list of zip files)
    opened by B3K7 1
  • script (binary) requires executable option on /tmp mount

    script (binary) requires executable option on /tmp mount 

    [[email protected] tmp]# mount | grep /tmp
/dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
[[email protected] tmp]# /srv/log4j-finder 
/srv/log4j-finder: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted
[[email protected] tmp]# mount /tmp -o remount,exec
[[email protected] tmp]# mount | grep /tmp
/dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,relatime,seclabel,attr2,inode64,noquota)
[[email protected] tmp]# /srv/log4j-finder 
 __               _____  __         ___ __           __
|  |.-----.-----.|  |  ||__|______.'  _|__|.-----.--|  |.-----.----.
|  ||  _  |  _  ||__    |  |______|   _|  ||     |  _  ||  -__|   _|
|__||_____|___  |   |__||  |      |__| |__||__|__|_____||_____|__|
          |_____|      |___| v1.2.0 https://github.com/fox-it/log4j-finder

[2021-12-30 15:29:02] host Scanning: /
^C
Aborted!

    this is not expected, especially not from a security scan utility, as noexec is set with a reason on /tmp mount point. It would be nice to provide a different tmp dir for the binary.

    opened by rule88 2
  • redhat linux 6 glibc_2.14 not found error

    redhat linux 6 glibc_2.14 not found error

    on RHEL6 I see:

    [22407] Error loading Python lib '/tmp/_MEI7VUFgo/libpython3.7m.so.1.0': dlopen: /lib64/libc.so.6: version 'GLIBC_2.14' not found (required by /tmp/_MEI7VUFgo/libpython3.7m.so.1.0)

    When I compile and install glibc-2.14 manually and export as an env variable, I get:

    export LD_LIBRARY_PATH=/var/opt/glibc-2.14/lib && /tmp/log4j-finder -b
Traceback (most recent call last):
  File "log4j-finder.py", line 29, in <module>
  File "/root/.pyenv/versions/3.7.5/lib/python3.7/site-packages/PyInstaller/loader/pyimod03_importers.py", line 623, in exec_module
  File "platform.py", line 116, in <module>
  File "/root/.pyenv/versions/3.7.5/lib/python3.7/site-packages/PyInstaller/loader/pyimod03_importers.py", line 623, in exec_module
  File "subprocess.py", line 153, in <module>
ImportError: /var//opt/glibc-2.14/lib/libc.so.6: version `GLIBC_2.15' not found (required by /tmp/_MEIWmgHt6/select.cpython-37m-x86_64-linux-gnu.so)

    You guessed it, so I build and compiled glibc-2.15 too, and then it gives again the first error.

    What I don't understand is that seemingly it's not using these glibc versions:

    objdump -T /tmp/log4j-finder

/tmp/log4j-finder:     file format elf64-x86-64

DYNAMIC SYMBOL TABLE:
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strcat_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 getenv
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __snprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 raise
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 free
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __vfprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 unlink
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncpy
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncmp
0000000000000000  w   D  *UND*  0000000000000000              _ITM_deregisterTMCloneTable
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcpy
0000000000000000      DF *UND*  0000000000000000              inflate
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mkdir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 ferror
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fread
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mbstowcs
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setenv
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 getpid
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fclose
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 opendir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 stpcpy
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 rmdir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strlen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setbuf
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strchr
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dirname
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 memset
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strnlen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncat
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.4   __realpath_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 closedir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __strdup
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __libc_start_main
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 wcsncpy
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 calloc
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcmp
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 signal
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 ftell
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 feof
0000000000000000  w   D  *UND*  0000000000000000              __gmon_start__
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 clearerr
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3   realpath
0000000000000000      DF *UND*  0000000000000000              inflateEnd
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 kill
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __xpg_basename
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fileno
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __stpcpy_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __xstat
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 readdir
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlopen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 malloc
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fflush
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 nl_langinfo
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fseek
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __vsnprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strncpy_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strcpy_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mkdtemp
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setlocale
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fchmod
0000000000000000      DF *UND*  0000000000000000              inflateInit_
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 waitpid
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fopen
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 perror
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strtok
0000000000000000  w   D  *UND*  0000000000000000              _Jv_RegisterClasses
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 unsetenv
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 execvp
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcat
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fwrite
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __fprintf_chk
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strncat_chk
0000000000000000  w   D  *UND*  0000000000000000              _ITM_registerTMCloneTable
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlsym
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fork
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlerror
0000000000607a40 g    DO .bss   0000000000000008  GLIBC_2.2.5 stdout
0000000000607a48 g    DO .bss   0000000000000008  GLIBC_2.2.5 stdin
0000000000607a50 g    DO .bss   0000000000000008  GLIBC_2.2.5 stderr

    Could you compile the binary also for older versions of glibc, like 2.12? Or perhaps there's some option that does something dynamic, I'm no expert.

    opened by nin0-0 1
Releases(v1.2.0)

  • v1.2.0(Dec 20, 2021)

    Notable changes

    • Added Log4j 2.17.0 detection, versions lower than this is marked as VULNERABLE
    • Detect removal of JndiLookup.class, will show up as PATCHED
    • Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
    • Hostname is now added to the output, and there is an new option -q, --quiet to suppress summary and banner.
    • It now also processes .zip files
    • You can now exclude files or directories by using the --exclude option, eg: --exclude /mnt/media/*

    What's Changed

    • Add CVE-2021-45046 to the README by @lmorg in https://github.com/fox-it/log4j-finder/pull/9
    • Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/15
    • Update README.md with instructions for creating PyInstaller executables by @yunzheng in https://github.com/fox-it/log4j-finder/pull/17
    • Add -V/--version argument to print program version by @yunzheng in https://github.com/fox-it/log4j-finder/pull/21
    • Add hostname to output and refactored parts of script by @yunzheng in https://github.com/fox-it/log4j-finder/pull/23
    • Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in https://github.com/fox-it/log4j-finder/pull/25
    • Added "How it works" section to README.md by @yunzheng in https://github.com/fox-it/log4j-finder/pull/28
    • Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in https://github.com/fox-it/log4j-finder/pull/29
    • Fixing scanning issue of jars inside war files by @dariux in https://github.com/fox-it/log4j-finder/pull/22
    • Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in https://github.com/fox-it/log4j-finder/pull/33
    • Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in https://github.com/fox-it/log4j-finder/pull/36
    • Add ability to exclude files and directories by @mjsalmi in https://github.com/fox-it/log4j-finder/pull/34
    • Fix zip internal path issue on Windows by @KrisJanssen in https://github.com/fox-it/log4j-finder/pull/37
    • Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in https://github.com/fox-it/log4j-finder/pull/39
    • Added MIT License by @yunzheng in https://github.com/fox-it/log4j-finder/pull/41
    • Added missing log4j 2.12.2 MD5 hash by @yunzheng in https://github.com/fox-it/log4j-finder/pull/42
    • Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/43
    • Fixed files and directory stats by @yunzheng in https://github.com/fox-it/log4j-finder/pull/46
    • Output log4j-finder and Python version to debug and info logging by @yunzheng in https://github.com/fox-it/log4j-finder/pull/47
    • Add support for processing files with .zip extension by @yunzheng in https://github.com/fox-it/log4j-finder/pull/48
    • Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in https://github.com/fox-it/log4j-finder/pull/53

    New Contributors

    • @lmorg made their first contribution in https://github.com/fox-it/log4j-finder/pull/9
    • @dariux made their first contribution in https://github.com/fox-it/log4j-finder/pull/22
    • @mjsalmi made their first contribution in https://github.com/fox-it/log4j-finder/pull/34
    • @KrisJanssen made their first contribution in https://github.com/fox-it/log4j-finder/pull/37

    Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.1...v1.2.0

    Source code(tar.gz)
    Source code(zip)
    log4j-finder(8.43 MB)
    log4j-finder-linux-v1.2.0.zip(8.33 MB)
    log4j-finder-signed.exe(6.28 MB)
    log4j-finder-windows-signed-v1.2.0.zip(6.14 MB)
    log4j-finder-windows-v1.2.0.zip(6.13 MB)
    log4j-finder.exe(6.27 MB)

  • v1.0.1(Dec 15, 2021)

    What's Changed

    • Add colorama to pyinstaller builds for better color support on Windows by @yunzheng in https://github.com/fox-it/log4j-finder/pull/5
    • Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/6
    • Output scanning stats and version information by @yunzheng in https://github.com/fox-it/log4j-finder/pull/7

    New Contributors

    • @yunzheng made their first contribution in https://github.com/fox-it/log4j-finder/pull/5

    Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.0...v1.0.1

    Source code(tar.gz)
    Source code(zip)
    log4j-finder(8.42 MB)
    log4j-finder-linux-v1.0.1.zip(8.32 MB)
    log4j-finder-windows-v1.0.1.zip(6.13 MB)
    log4j-finder.exe(6.26 MB)

  • v1.0.0(Dec 14, 2021)

    Release of log4j-finder with Pyinstaller builds for Windows and Linux. So it can easily run on systems without Python 3.

    What's Changed

    • Add GitHub actions to generate pyinstaller binaries for windows and linux by @taufderl in https://github.com/fox-it/log4j-finder/pull/1

    New Contributors

    • @taufderl made their first contribution in https://github.com/fox-it/log4j-finder/pull/1

    Full Changelog: https://github.com/fox-it/log4j-finder/commits/v1.0.0

    Source code(tar.gz)
    Source code(zip)
    log4j-finder-linux-v1.0.0.zip(8.15 MB)
    log4j-finder-windows-v1.0.0.zip(6.05 MB)
Owner
Fox-IT
Fox-IT
GitHub Repository
A CTF2.5/MMF2 Decompiler

CondaDEV A CTF2.5/MMF2 Decompiler What is CondaDEV? CondaDEV (anaCondaDEVeloper) is a fork of Anaconda Mode 4.1, with a lot of Quality of Life patches

ClickNinYT 4 Mar 07, 2022
This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service

Francesco 3 Nov 23, 2022
Ethereum transaction decoder (community version).

EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di

240 Dec 21, 2022
Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains.

Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains. File Structure core/ colors.py db/ wordlist.txt REA

whoami security 4 Jul 02, 2022
Lite version of my Gatekeeper backdoor for public use.

MayorSec Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning Gatekee

Joe Helle 56 Mar 25, 2022
A honey token manager and alert system for AWS.

SpaceSiren SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey token

287 Nov 09, 2022
A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

Python tools for davecats/channel A python package with tools to read and postprocess the output of the channel dns solver, as well as its associated

Andrea Andreolli 1 Dec 13, 2021
ssh-audit is a tool for ssh server & client configuration auditing.

SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Joe Testa 1.4k Dec 31, 2022
Mips script decompiles MIPS assembly instructions & bot functionality

mips mips is a python-based script that decodes MIPS instructions. Usage cd into mips and run python decode.py command or open decode.py to run the sc

Anthony Tedja 0 Mar 30, 2022
:closed_lock_with_key: multi factor authentication system (2FA, MFA, OTP Server)

privacyIDEA privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you

1.3k Jan 03, 2023
A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

Pedro Havay 20 Nov 11, 2022
Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name

A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name. This project is for educational use, we are not responsible for i

20 Dec 02, 2022
WhPhisher: a Phishing tool With Python

WhPhisher Herramienta para hacer phishing con muchos métodos de túneling -----Como Instalarlo------- pkg install python3 pkg install git git clone htt

WhBeatZ 80 Jan 02, 2023
NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking

DosentTrust GithubDatabase 9 Jul 04, 2022
Bypass 4xx HTTP response status codes.

Forbidden Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreadi

Ivan Šincek 165 Dec 28, 2022
Wordlist attacks on Bitwarden data.json files

BitwardenDecryptBrute This is a slightly modified version of BitwardenDecrypt. In addition to the decryption this version can do wordlist attacks for

42 Nov 09, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 187 Jan 03, 2023
hackinsta: a program to hack instagram

hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold

1 Dec 04, 2021
Make your own huge Wordlist with advanced options

#It's my first tool i hope to be useful for everyone, Make your own huge Wordlist with advanced options, You need python3 to run this tool, If you hav

0.1Arafa 6 Dec 08, 2022
Exploit and Check Script for CVE 2022-1388

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022-1388 Usage Check against single host python3 CVE-2022-1388.py -v true -u target_url At

Andy Gill 52 Dec 22, 2022