log4j burp插件
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
请勿将本项目技术或代码应用在恶意软件制作、软件著作权/知识产权盗取或不当牟利等非法用途中。实施上述行为或利用本项目对非自己著作权所有的程序进行数据嗅探将涉嫌违反《中华人民共和国刑法》第二百一十七条、第二百八十六条,《中华人民共和国网络安全法》《中华人民共和国计算机软件保护条例》等法律规定。本项目提及的技术仅可用于私人学习测试等合法场景中,任何不当利用该技术所造成的刑事、民事责任均与本项目作者无关。
Purposes ? Hey there is abosolutely no need to do this we do it only to irritate
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF
xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/
Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru
unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe
TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works
Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss
Traceback (most recent call last):
File "/home/user/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py", line 17, in
2 Jan 24, 2022
118 Nov 7, 2022
588 Jan 9, 2023
364 Dec 30, 2022
16 Aug 30, 2022
86 Dec 31, 2022
29 Nov 9, 2022
162 Nov 25, 2022
7 Dec 7, 2022
at org.python.core.Py.ImportError(Py.java:329)
at org.python.core.imp.import_first(imp.java:1230)
at org.python.core.imp.import_module_level(imp.java:1361)
at org.python.core.imp.importName(imp.java:1528)
at org.python.core.ImportFunction.__call__(__builtin__.java:1285)
at org.python.core.PyObject.__call__(PyObject.java:433)
at org.python.core.__builtin__.__import__(__builtin__.java:1232)
at org.python.core.imp.importOne(imp.java:1547)
at org.python.pycode._pyx4.f$0(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py:373)
at org.python.pycode._pyx4.call_function(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1687)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:287)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at burp.ann.<init>(Unknown Source)
at burp.g8p.a(Unknown Source)
at burp.bf8.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
修复了bug,thanks @guguyu1
Source code(tar.gz)Virus-Builder - This tool will generate a virus that can only destroy Windows computer. You can also configure to auto run in usb drive
DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this
Log4j dork scanner This is an auto script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks. Installation:
Parsing files from Deduplicated volumes. It can also recover deleted files from NTFS Filesystem that were deduplicated. Installation git clone https:/
reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re
The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.
一款利用加载器以及Python反序列化绕过AV的在线免杀工具 因为打包方式的局限性,不能跨平台,若要生成exe格式的只能在Windows下运行本项目 打包速度有点慢,提交后稍等一会 开发环境及运行 前端使用Bootstrap框架,后端使用Django框架 。
fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on
This is a simple Port Flooder written in Python 3. Use this tool to quickly stress test your network devices and measure your router's or server's load.
It is a very simple XSS simulator based on flask, python. The purpose of making this is for teaching the concept of XSS.
Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.
OMIGOD Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) For background information and context, read the our blog post detailing this vulnerabilit
CVE-2021-45897 PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM = 8.0.1 This vulnerability was repor
ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe
Hikvisioninformation Hikvision 流媒体管理服务器敏感信息泄漏 Options optional arguments: -h, --help show this help message and exit -u url, --url url
Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers New Update : adding 'on-review' tag on an issue
NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds.
IMPORTANT: Please contact us before you use any styling or content shown here! Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition -
KCMTicketFormatter This tools takes the output from https://github.com/fireeye/SSSDKCMExtractor and turns it into properly formatted CCACHE files for
16 Dec 30, 2022
8 Sep 02, 2022
5 Dec 27, 2022
0 Aug 28, 2022
560 Dec 23, 2022
12 Nov 09, 2022
172 Nov 28, 2022
1 May 06, 2022
4 Feb 20, 2022
3 May 10, 2022
91 Dec 29, 2022
37 Dec 06, 2022
231 Nov 12, 2022
17 Nov 09, 2022
13 Nov 09, 2022
13 Sep 19, 2021
1.4k Jan 01, 2023
48 Aug 28, 2022
35 Oct 25, 2022