log4j2 remote code execution or IP leakage exploit (with examples)

Log4J CVE-2021-44228 Minecraft PoC

The goal of this project is to demonstrate the log4j cve-2021-44228 exploit vulnerability in a spring-boot setup, and to show how to fix it.

Log4Shell dockerized full chain

A playground for poking at the Log4Shell (CVE-2021-44228) vulnerability mitigations

Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

log4j2 Log4Shell CVE-2021-44228 proof of concept

Log4Shell PCAPS and Network Coverage

Tool to try to retrieve the java class used as dropper for the RCE in the context of log4shell vulnerability.

POC for Infamous Log4j CVE-2021-44228

Contains all my research and content produced regarding the log4shell vulnerability

[ARCHIVED: Unnecessary] This Spigot plugin detects and blocks potential Log4Shell attacks

A lab & assignment for CSC427

Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)

A web application vulnerable to Log4Shell. It's a target for https://github.com/nth347/JNDI-injection-servers

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Log4Shell Zero-Day Exploit Proof of Concept

Simple proof of concept of the famous Java's Log4Shell vulnerability 💣

A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell