cve-2021-45046

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

Log4j jndi injection fuzz tool

Detections for CVE-2021-44228 inside of nested binaries

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system

Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.

Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.

CVE-log4j CheckMK plugin

log4shell vulnerability checker tool

This repository is designed to be a collection of resources to learn about, detect and mitigate the impact of the Log4j vulnerability - more formally known as CVE-2021-44228 and CVE-2021-45046 (mirror from GitLab.com)

PowerShell script to Remove JndiLookup.class from Jar-files to remediate LOG4J Vulnerability uses built-in compression library of Windows.

A Log4J Version 2 Detector written in golang

Replicating CVE-2021-45046

Scans the file system to find Log4Shell vulnerabilities.

Script to combine all host specific json outputs from log4j-detector into one single csv file. Requires only standard python installation, no further dependencies.

A simple log4j2 vulnerability scanner - but mainly play around with GitHub actions...