jndiRep - CVE-2021-44228

Basically a bad grep on even worse drugs.

search for malicious strings
decode payloads
print results to stdout or file
report ips (incl. logs) to AbuseIPDB

Scanning

Directory: python3 jndiRep.py -d /path/to/directory
File: python3 jndiRep.py -f /path/to/input.txt
Custom filter: python3 jndiRep.py ... -g "ldap"
Threading: If scanning a directory, 4 threads will work on the files in parallel. You can change this by using -t <threads>.

Output

You can either print results to a file or to stdout (includes coloring of IPs and payloads).

stdout: python3 jndiRep.py ...
file: python3 jndiRep.py ... -o /path/to/output.txt

Reporting

For reporting, an API Key (hex string of length 80) for AbuseIPDB is required, which you can obtain by register at the service and request IP Reporting ability.

Report IPs once: python3 jndiRep.py ... -a <api key>
Report every occurrence: python3 jndiRep.py ... -a <api key> --no-dedup
Change default comment: python3 jndiRep.py ... -c "your custom comment"
Include logs: python3 jndiRep.py ... --include-logs

Warning: Reporting is provided "as is". PII will not be cut, decoded payloads will not be uploaded.

Issues

Create pull request with your solution
Open an issue here and I'll try to fix it asap

Help

usage: jndiRep.py [-h] [-a API_KEY] [-d DIRECTORY] [-f FILE] [-g GREP] [-o OUTPUT] [-t THREADS] [-r] [-c COMMENT] [--include-logs] [--no-dedup]

optional arguments:
  -h, --help            show this help message and exit
  -a API_KEY, --api-key API_KEY
                        AbuseIPDB Api Key
  -d DIRECTORY, --directory DIRECTORY
                        Directory to scan
  -f FILE, --file FILE  File to scan
  -g GREP, --grep GREP  Custom word to grep for
  -o OUTPUT, --output OUTPUT
                        File to store results. stdout if not set
  -t THREADS, --threads THREADS
                        Number of threads to start. Default is 4
  -r, --report          Report IPs to AbuseIPDB with category 21 (malicious web request)
  -c COMMENT, --comment COMMENT
                        Comment sent with your report
  --include-logs        Include logs in your report. PII will NOT be stripped of!!!
  --no-dedup            If set, report ever occurrence of IP. Default: Report only once.

Scan your logs for CVE-2021-44228 related activity and report the attackers

Related tags

Overview

jndiRep - CVE-2021-44228

Scanning

Output

Reporting

Issues

Help

Owner

js-on

zip-brute Zip File Password Cracking with Using Password List

orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

An Advanced Local Network IP Scanner, made in python of course!

A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks

Security System using OpenCV

Learning to compose soft prompts for compositional zero-shot learning.

Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify

IDA Python Script for anti ollvm

A Tool for subdomain scan with other tools

2021hvv漏洞汇总

spring-cloud-gateway-rce CVE-2022-22947

Windows Virus who destroy some impotants files on C:\windows\system32\

Springboot directory scanning

Lite version of my Gatekeeper backdoor for public use.

MongoDB-Injection - This challenge-script is custom-made for web-server running MongoDB which is vulnerable to No-SQL injection

Genpyteal - Experiment to rewrite Python into PyTeal using RedBaron

An easy-to-use wrapper for NTFS-3G on macOS

IDAPatternSearch adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidra’s function patterns format.

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

A set of blender assets created for the $yb NFT project.