Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
☆195Dec 13, 2021Updated 4 years ago
Alternatives and similar repositories for log4j-detect
Users that are interested in log4j-detect are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆16Dec 15, 2021Updated 4 years ago
- This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"☆29May 1, 2018Updated 8 years ago
- An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228☆12Dec 12, 2021Updated 4 years ago
- IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io☆130Mar 10, 2022Updated 4 years ago
- This is GitHub_Dorks and some tips i collect from different resources.Recon_Api is tip when you find token or api without knowing what to…☆21Sep 15, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with…☆311Jul 4, 2023Updated 2 years ago
- Burpsuite Extension for Jsmon☆25Jun 3, 2026Updated last week
- This repository presents a proof-of-concept of CVE-2024-23897☆17Apr 16, 2024Updated 2 years ago
- A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228☆3,428Nov 23, 2022Updated 3 years ago
- ☆44Apr 30, 2021Updated 5 years ago
- Log4j jndi injection fuzz tool☆70Dec 24, 2021Updated 4 years ago
- ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.☆713Oct 9, 2023Updated 2 years ago
- A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.☆184Nov 22, 2021Updated 4 years ago
- X-Platform bind shell in TypeScript!☆30Jul 11, 2025Updated 11 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects☆972Dec 8, 2021Updated 4 years ago
- A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.☆126Dec 14, 2021Updated 4 years ago
- ☆11Mar 7, 2021Updated 5 years ago
- Simple tool to gather domains from crt.sh using the organization name☆102Dec 16, 2021Updated 4 years ago
- S3 Recon tips and tricks collected from different resources,Sorry if i missed to mention all resources owners☆28Nov 13, 2021Updated 4 years ago
- Check AWS S3 instances for read/write/delete access☆121Feb 8, 2022Updated 4 years ago
- Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.☆35Feb 12, 2022Updated 4 years ago
- 0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover☆57Dec 15, 2020Updated 5 years ago
- ☆753Jun 26, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Dangerously fast DNS/network/port scanner☆923Mar 18, 2022Updated 4 years ago
- Detector for Log4Shell exploitation attempts☆726Feb 12, 2022Updated 4 years ago
- XSS Finder Via SSTI☆57Sep 14, 2023Updated 2 years ago
- Wraps projectdiscovery's cdncheck library to exclude CDN hosts from input passed over stdin☆45Mar 13, 2023Updated 3 years ago
- QUESTER is a Web Pentesting & Bug Bounty Recon tool which queries URLs / Subdomains from the given list of URLs or subdomains.☆15Aug 2, 2021Updated 4 years ago
- BugBounty , sort and delete duplicates param value without missing original value☆22Jul 31, 2021Updated 4 years ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆49Apr 25, 2022Updated 4 years ago
- Simple recon using multiple tools!☆165Jan 10, 2022Updated 4 years ago
- Simple command shell collections☆35Mar 7, 2021Updated 5 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆121Sep 13, 2023Updated 2 years ago
- Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user☆1,060Jul 10, 2022Updated 3 years ago
- bypass-url-parser☆1,135Jun 6, 2026Updated last week
- GH-Takeover — GitHub Pages Sub-domain Takeover Automation!☆29Apr 17, 2021Updated 5 years ago
- win32k LPE☆462Jan 27, 2022Updated 4 years ago
- Most of the Google Acquisitions for Bug Bounty Hunter.☆66Sep 3, 2022Updated 3 years ago
- Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965☆377Nov 9, 2022Updated 3 years ago