The purpose of this project is to demonstrate the Log4Shell exploit with Log4J vulnerabilities using PDF as delivery channel
☆206Dec 15, 2021Updated 4 years ago
Alternatives and similar repositories for log4jshell-pdf
Users that are interested in log4jshell-pdf are comparing it to the libraries listed below
Sorting:
- 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks☆950Jan 15, 2022Updated 4 years ago
- RCE 0-day for GhostScript 9.50 - Payload generator☆544Sep 8, 2021Updated 4 years ago
- parse ffuf & map endpoints to wordlists☆21Feb 25, 2021Updated 5 years ago
- XSTREAM<=1.4.17漏洞复现(CVE-2021-39141、CVE-2021-39144、CVE-2021-39150)☆62Aug 25, 2021Updated 4 years ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆866Jun 24, 2024Updated last year
- Django QuerySet.annotate(), aggregate(), extra() SQL 注入☆25May 31, 2022Updated 3 years ago
- ☆28Dec 2, 2021Updated 4 years ago
- Remote Code Injection In Log4j☆469Jan 18, 2022Updated 4 years ago
- A little implant which SSH's back with a shell☆39Feb 1, 2022Updated 4 years ago
- VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS☆218Dec 1, 2021Updated 4 years ago
- POC for VMWARE CVE-2022-22954☆282Apr 13, 2022Updated 3 years ago
- Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework☆169Feb 4, 2023Updated 3 years ago
- Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)☆233Sep 16, 2021Updated 4 years ago
- ☆1,200Sep 2, 2022Updated 3 years ago
- ☆46Jul 13, 2021Updated 4 years ago
- 记录各语言、框架中危险的sink,个人代码审计、漏洞研究使用。☆117Dec 30, 2021Updated 4 years ago
- RPC远程主机信息匿名扫描工具☆317Sep 30, 2022Updated 3 years ago
- Nmap script to guess* a GitLab version.☆249Updated this week
- 域信息收集工具☆11Jun 5, 2023Updated 2 years ago
- 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入☆770Jan 26, 2022Updated 4 years ago
- Java应用的一些配置文件字典,来源于公开的字典与平时收集☆321Feb 1, 2024Updated 2 years ago
- 一款通过污点追踪发现Jsp webshell的工具(A tool to find Jsp Webshell through stain tracking)☆176Jan 4, 2022Updated 4 years ago
- CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.☆1,397Dec 16, 2021Updated 4 years ago
- FOFAX是一个基于fofa.info的API命令行查询工具☆814Jan 26, 2026Updated last month
- Go实现部分Rubeus功能,可执行asktgt, asktgs, s4u, describe ticket, renew ticket, asreproast等☆142May 5, 2022Updated 3 years ago
- 改造一个基于jrmp的AMF反序列化利用工具☆16Jul 7, 2022Updated 3 years ago
- JNDI在java高版本的利用工具,FUZZ利用链☆597Oct 8, 2022Updated 3 years ago
- Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification.☆148May 11, 2022Updated 3 years ago
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆461Jan 12, 2025Updated last year
- 可在Windows下执行系统命令的Redis模块,可用于Redis主从复制攻击。☆264Nov 25, 2022Updated 3 years ago
- ☆36Dec 1, 2020Updated 5 years ago
- JetBrains系列产品.idea钓鱼反制红队☆331Jan 27, 2026Updated last month
- 利用EFSRPC协议批量探测出网☆67Oct 12, 2023Updated 2 years ago
- Log4j jndi injects the Payload generator☆486Dec 13, 2021Updated 4 years ago
- PolicyKit CVE-2021-3560 Exploit (Authentication Agent)☆117May 2, 2022Updated 3 years ago
- 冰蝎Java WebShell自动化免杀生成☆783Mar 15, 2022Updated 3 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆647Feb 15, 2025Updated last year
- dotnet 反序列化学习笔记☆513Oct 19, 2023Updated 2 years ago
- RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.☆1,562Aug 20, 2024Updated last year