An Awesome List of Log4Shell resources to help you stay informed and secure! π
β232Aug 25, 2022Updated 3 years ago
Alternatives and similar repositories for awesome-log4shell
Users that are interested in awesome-log4shell are comparing it to the libraries listed below
Sorting:
- An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.β45Jan 22, 2025Updated last year
- Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusionβ27Jan 25, 2022Updated 4 years ago
- Operational information regarding the log4shell vulnerabilities in the Log4j logging library.β1,889Jun 15, 2022Updated 3 years ago
- A collection of intelligence about Log4Shell and its exploitation activity.β184Mar 4, 2022Updated 4 years ago
- gup aka Get All Urls parameters to create wordlists for brute forcing parameters.β18Dec 4, 2021Updated 4 years ago
- Recon scripts for bug huntingβ10Nov 19, 2021Updated 4 years ago
- Enumerate AWS permissions and resources.β71Jun 23, 2022Updated 3 years ago
- Compiles a list of major CDN and WAF subnets.β67Updated this week
- Misc stuff from internetβ12Nov 5, 2025Updated 4 months ago
- Looking for JAR files that are vulnerable to Log4j RCE (CVEβ2021β44228)?β45Mar 2, 2022Updated 4 years ago
- Generate a dynamic PAC script that will route traffic to your Burp proxy only if it matches the scope defined in your Burp target.β33Nov 8, 2021Updated 4 years ago
- A Security Tool for Enumerating WebSocketsβ369Jan 10, 2022Updated 4 years ago
- β12Dec 26, 2021Updated 4 years ago
- π Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.β426Feb 20, 2026Updated last month
- JNDI-Exploitation-KitοΌA modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Sβ¦β937Sep 2, 2025Updated 6 months ago
- Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).β1,139Apr 26, 2024Updated last year
- Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.β256Dec 21, 2021Updated 4 years ago
- Serverless plugin for securing your dependencies with Snykβ41Apr 22, 2021Updated 4 years ago
- React Suspended is an educational frontend application riddled with security vulnerabilitiesβ10Jan 29, 2024Updated 2 years ago
- Kudzu is a Go C2 platform with an emphasis on extensibility.β11Mar 30, 2021Updated 4 years ago
- A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.β126Dec 14, 2021Updated 4 years ago
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains.β¦β177Oct 21, 2022Updated 3 years ago
- Scripts to aid analysis of files obfuscated with ScatterBee.β24Jan 6, 2023Updated 3 years ago
- Public testing data. Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-β¦β14Dec 30, 2021Updated 4 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ139Sep 14, 2021Updated 4 years ago
- A step by step workshop to exploit various vulnerabilities in Node.js and Java applicationsβ156Mar 17, 2024Updated 2 years ago
- python3 scripts to help with aws triage needsβ15Feb 11, 2022Updated 4 years ago
- Repository containing a set of policies for aws resources created with terraformβ12Sep 16, 2019Updated 6 years ago
- β73Jan 5, 2022Updated 4 years ago
- A fully automated, reliable, super-fast, scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.β397Dec 11, 2024Updated last year
- Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.β34Feb 12, 2022Updated 4 years ago
- Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12β96Oct 18, 2022Updated 3 years ago
- A collection of tools for hackers, pentesters & security researchers.β18Mar 22, 2022Updated 4 years ago
- Fetch the details of assets hosted on AWS.β88Dec 4, 2023Updated 2 years ago
- Make it easy to probe the strengths and weaknesses of a hardened Node.js stackβ21May 3, 2019Updated 6 years ago
- GraphQL security auditing script with a focus on performing batch GraphQL queries and mutationsβ408Dec 24, 2022Updated 3 years ago
- Sigstore user storiesβ31Aug 25, 2023Updated 2 years ago
- Prototype Pollution exploits collectionβ37Aug 8, 2021Updated 4 years ago
- log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulβ¦β1,280Dec 6, 2022Updated 3 years ago