jndiRep - CVE-2021-44228

Basically a bad grep on even worse drugs.

search for malicious strings
decode payloads
print results to stdout or file
report ips (incl. logs) to AbuseIPDB

Scanning

Directory: python3 jndiRep.py -d /path/to/directory
File: python3 jndiRep.py -f /path/to/input.txt
Custom filter: python3 jndiRep.py ... -g "ldap"
Threading: If scanning a directory, 4 threads will work on the files in parallel. You can change this by using -t <threads>.

Output

You can either print results to a file or to stdout (includes coloring of IPs and payloads).

stdout: python3 jndiRep.py ...
file: python3 jndiRep.py ... -o /path/to/output.txt

Reporting

For reporting, an API Key (hex string of length 80) for AbuseIPDB is required, which you can obtain by register at the service and request IP Reporting ability.

Report IPs once: python3 jndiRep.py ... -a <api key>
Report every occurrence: python3 jndiRep.py ... -a <api key> --no-dedup
Change default comment: python3 jndiRep.py ... -c "your custom comment"
Include logs: python3 jndiRep.py ... --include-logs

Warning: Reporting is provided "as is". PII will not be cut, decoded payloads will not be uploaded.

Issues

Create pull request with your solution
Open an issue here and I'll try to fix it asap

Help

usage: jndiRep.py [-h] [-a API_KEY] [-d DIRECTORY] [-f FILE] [-g GREP] [-o OUTPUT] [-t THREADS] [-r] [-c COMMENT] [--include-logs] [--no-dedup]

optional arguments:
  -h, --help            show this help message and exit
  -a API_KEY, --api-key API_KEY
                        AbuseIPDB Api Key
  -d DIRECTORY, --directory DIRECTORY
                        Directory to scan
  -f FILE, --file FILE  File to scan
  -g GREP, --grep GREP  Custom word to grep for
  -o OUTPUT, --output OUTPUT
                        File to store results. stdout if not set
  -t THREADS, --threads THREADS
                        Number of threads to start. Default is 4
  -r, --report          Report IPs to AbuseIPDB with category 21 (malicious web request)
  -c COMMENT, --comment COMMENT
                        Comment sent with your report
  --include-logs        Include logs in your report. PII will NOT be stripped of!!!
  --no-dedup            If set, report ever occurrence of IP. Default: Report only once.

Scan your logs for CVE-2021-44228 related activity and report the attackers

Related tags

Overview

jndiRep - CVE-2021-44228

Scanning

Output

Reporting

Issues

Help

Owner

js-on

A semi-automatic osint/recon framework.

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

Brute force attack tool for Azure AD Autologon/Seamless SSO

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Cobalt Strike Beacon configuration extractor and parser.

Ini membuat tema berbasis bendera Indonesia with Python + Linux.py

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

USSR-Scanner - USSR Scanner with python

An Advanced Local Network IP Scanner, made in python of course!

Scanning for CVE-2021-44228

Safe Policy Optimization with Local Features

Log4j command generator: Generate commands for CVE-2021-44228

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

OLOP: One-Line & Obfuscated Python

Exploiting CVE-2021-42278 and CVE-2021-42287

ONT Analysis Toolkit (OAT)

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

自动化爆破子域名，并遍历所有端口寻找http服务，并使用crawlergo、dirsearch、xray等工具扫描并集成报告；支持动态添加扫描到的域名至任务；

A local Socks5 server written in python, used for integrating Multi-hop

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file