The purpose of this project is to demonstrate the Log4Shell exploit with Log4J vulnerabilities using PDF as delivery channel
☆206Dec 15, 2021Updated 4 years ago
Alternatives and similar repositories for log4jshell-pdf
Users that are interested in log4jshell-pdf are comparing it to the libraries listed below
Sorting:
- Adobe Reader DC Information Leak Exploit☆23Oct 13, 2022Updated 3 years ago
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 5 years ago
- ☆28Dec 2, 2021Updated 4 years ago
- 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks☆950Jan 15, 2022Updated 4 years ago
- RCE 0-day for GhostScript 9.50 - Payload generator☆544Sep 8, 2021Updated 4 years ago
- Remote Code Injection In Log4j☆469Jan 18, 2022Updated 4 years ago
- Django QuerySet.annotate(), aggregate(), extra() SQL 注入☆25May 31, 2022Updated 3 years ago
- XSTREAM<=1.4.17漏洞复现(CVE-2021-39141、CVE-2021-39144、CVE-2021-39150)☆62Aug 25, 2021Updated 4 years ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆871Jun 24, 2024Updated last year
- Go实现部分Rubeus功能,可执行asktgt, asktgs, s4u, describe ticket, renew ticket, asreproast等☆142May 5, 2022Updated 3 years ago
- A little implant which SSH's back with a shell☆39Feb 1, 2022Updated 4 years ago
- RPC远程主机信息匿名扫描工具☆319Sep 30, 2022Updated 3 years ago
- POC for VMWARE CVE-2022-22954☆282Apr 13, 2022Updated 3 years ago
- ☆46Jul 13, 2021Updated 4 years ago
- 域信息收集工具☆11Jun 5, 2023Updated 2 years ago
- 记录各语言、框架中危险的sink,个人代码审计、漏洞研究使用。☆117Dec 30, 2021Updated 4 years ago
- 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入☆772Jan 26, 2022Updated 4 years ago
- CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.☆1,397Dec 16, 2021Updated 4 years ago
- Nmap script to guess* a GitLab version.☆250Updated this week
- Java应用的一些配置文件字典,来源于公开的字典与平时收集☆320Feb 1, 2024Updated 2 years ago
- SolarView Compact through 6.00 downloader.php commands injection (RCE) nuclei-templates☆15Jun 16, 2023Updated 2 years ago
- VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS☆218Dec 1, 2021Updated 4 years ago
- ☆1,202Sep 2, 2022Updated 3 years ago
- Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)☆233Sep 16, 2021Updated 4 years ago
- ☆36Dec 1, 2020Updated 5 years ago
- ☆14Feb 7, 2024Updated 2 years ago
- 可在Windows下执行系统命令的Redis模块,可用于Redis主从复制攻击。☆264Nov 25, 2022Updated 3 years ago
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆462Jan 12, 2025Updated last year
- Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework☆169Feb 4, 2023Updated 3 years ago
- 改造一个基于jrmp的AMF反序列化利用工具☆16Jul 7, 2022Updated 3 years ago
- Log4j jndi injects the Payload generator☆486Dec 13, 2021Updated 4 years ago
- PolicyKit CVE-2021-3560 Exploit (Authentication Agent)☆117May 2, 2022Updated 3 years ago
- Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification.☆148May 11, 2022Updated 3 years ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆176Oct 26, 2024Updated last year
- JetBrains系列产品.idea钓鱼反制红队☆330Jan 27, 2026Updated last month
- FOFAX是一个基于fofa.info的API命令行查询工具☆815Mar 6, 2026Updated 2 weeks ago
- 一个提供查询 TXT 记录的 DNS 服务利用工具。例如:可配合 Windows 下的 certutil 工具传输小文件(64KB)☆37Dec 31, 2021Updated 4 years ago
- A Python script to find tenant id an region from a list of domain names.☆18Jan 31, 2025Updated last year
- 利用EFSRPC协议批量探测出网☆67Oct 12, 2023Updated 2 years ago