Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j2 remote code execution or IP leakage exploit (with examples)

Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)

A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

Contains all my research and content produced regarding the log4shell vulnerability

Log4Shell Zero-Day Exploit Proof of Concept

Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability

Log4Shell PCAPS and Network Coverage

Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.

Log4J CVE-2021-44228 Minecraft PoC

Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.

Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the exploit scripts. Supporting cooki3 script as the main exploit tools & integration

Log4Shell dockerized full chain

log4j2 Log4Shell CVE-2021-44228 proof of concept

POC for Infamous Log4j CVE-2021-44228

A lab & assignment for CSC427