log4shell

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

Simple local scanner for vulnerable log4j instances

log4j rce test environment and poc

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Remote command execution vulnerability scanner for Log4j.

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

A collection of intelligence about Log4Shell and its exploitation activity.

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库！Tribute to the most invincible Java logging library in the universe!

A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.

A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Manager

Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.

log4j2 remote code execution or IP leakage exploit (with examples)

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

Deobfuscate Log4Shell payloads with ease.

Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)

A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

Log4j jndi injection fuzz tool

nse script to inject jndi payloads

Mitigate log4shell (CVE-2021-44228) vulnerability attacks using Nginx LUA script