Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
PoC: log4j-remediation-tools
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228) log4j2, remediation, tools
PoC: Log4Shell-obfuscated-payloads-generator
Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.
PoC: CVE-2021-44228
Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability
PoC: CVE-2021-44228-Mass-RCE-Log4j
CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.
PoC: Solar-exploiting-log-4j
This repository presents a comprehensive walkthrough of the Solar Exploiting Log4j room on TryHackMe, with a focus on understanding and exploiting the critical Log4Shell vulnerability (CVE-2021-44228).The process of triggering the exploit and gaining a reverse shell is explained in a practical and easy-to-follow manner.
PoC: PY-Log4j-RCE-Scanner
Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.
PoC: Log4j-Vulnerability
Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (Log4Shell). Attackers can exploit vulnerable servers by connecting over any protocol, such as HTTPS, and sending a specially crafted string.
PoC: tf-log4j-aws-poc
This project files demostrate a proof-of-concept of log4j vulnerability (CVE-2021-44228) on AWS using Terraform Infrastructure-as-a-code means.
PoC: Writing-Sample-1
CVE-2021-44228 Log4j Summary
PoC: log4shell-lab
Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버
PoC: ehir-vuln-enterprise-login
webapp vulnerable to CVE-2021-44228
PoC: Log4Shell-Vulnerability-Replication
CVE-2021-44228 漏洞复现完整记录(含环境搭建、触发验证)
PoC: vulnerable-java-app
Spring Boot app with log4j 2.14.1 (CVE-2021-44228) — VulnFix agent test target
PoC: Log4ShellAuditor
An autonomous reflective Go agent for full-cycle security auditing, WAF evasion, OOB LDAP verification, self-remediation (auto-patching), and compliance reporting for CVE-2021-44228 (Log4Shell).
PoC: log4shell-poc-maven
Intentionally vulnerable Maven project — CVE-2021-44228 (Log4Shell) SCA demo target
PoC: mi-laboratorio-log4shell
Laboratorio automatizado Plug & Play en Docker para auditar y estudiar la vulnerabilidad Log4Shell (CVE-2021-44228)
PoC: log4j-vuln-demo
Intentionally vulnerable Log4j 2.14.1 demo for Sysdig CNAPP scanning (CVE-2021-44228)
PoC: craready-test-java-vulns
CRAReady SBOM test fixture — Java/Maven app with Log4Shell (CVE-2021-44228), Spring4Shell, Text4Shell, and other critical CVEs
PoC: Cyber-Attack-Simulation-
Log4Shell (CVE-2021-44228)
PoC: log4shell-coraza
Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.
PoC: Log4Shell-Attack
Multi-Stage Attack Modeling and Detection of Log4Shell for CVE-2021-44228
PoC: HTB-Unified-Writeup
A technical walkthrough of exploiting CVE-2021-44228 (Log4Shell) in a UniFi Network Application environment, including MongoDB manipulation and privilege escalation.
PoC: EXPLOIT-CVE-2021-44228
PoC of CVE-2021-44228
PoC: SecureOps-Lab
Performed a live cybersecurity assessment on a university Linux server. During analysis, active attack activity was identified, including brute-force authentication attempts and exploitation attempts targeting Log4Shell (CVE-2021-44228).
PoC: TryHackMe-Solar-exploiting-log4j-
Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.
PoC: solar-exploiting-log4j
This repository provides a detailed walkthrough of the *Solar Exploiting Log4j room* on TryHackMe, focusing on exploiting the critical Log4Shell vulnerability (CVE-2021-44228). The project demonstrates how attackers can leverage insecure logging mechanisms in Java applications to achieve remote code execution.
PoC: THM---Solar-exploiting-Log-4j
This room is based on exploiting the notorious Log4j vulnerability ( CVE-2021-44228), also referred to as the Log4Shell. The weakness enables attackers to execute a remote code via injection of the malicious payloads into the log messages.
PoC: wmohamed2033.github.io
CVE-2021-44228 Log4Shell — Penetration Test Writeup
PoC: log4shell-poc
POC for log4shll Vulnerablity (CVE-2021-44228)
PoC: CVE-2021-44228
CVE-2021-44228
PoC: log4shell-remediation
Log4Shell (CVE-2021-44228) security remediation demo - Showcasing Antigravity's ability to identify and fix critical security vulnerabilities in Java applications
PoC: Log4Shell-PoC
**Log4Shell PoC is a high-fidelity exploitation environment designed to replicate the CVE-2021-44228 vulnerability.** It provides a containerized sandbox to demonstrate JNDI injection, LDAP/RMI referral redirection, and remote code execution (RCE) via the Log4j 2 library.
PoC: Log4j-Vulnerability
Étude technique et mise en œuvre d'un environnement de test pour la faille Apache Log4j (CVE-2021-44228). Contient un Proof of Concept (PoC) Dockerisé et une proposition de mise à jour de PSSI. Pour un objectif de TP
PoC: Log4Shell-CVE-2021-44228
Hands-on lab for exploiting and understanding Log4Shell (CVE-2021-44228) using Docker, Kali Linux, Burp Suite and log4j-shell-poc. For teaching and defensive training in controlled lab environments only.
PoC: CVE-2021-44228---Log4Shell-Analysis
Technical deep dive into Apache Log4j2 JNDI injection vulnerability. Features static code analysis, patch comparison, attack vectors (LDAP/RMI/DNS), and enterprise mitigation guidance.
PoC: Log4Shell
This repository contains my work for a cybersecurity assignment where I exploited the real-world Log4Shell (CVE-2021-44228) vulnerability inside a safe, controlled virtual machine. The project followed a Capture-the-Flag format with multiple exploitation tasks to retrieve hidden flags.
PoC: Blackash-CVE-2021-44228
CVE-2021-44228
PoC: log4j2-bugmaker
Demo of CVE-2021-44228 Log4Shell.
PoC: log4shell
Log4Shell (CVE-2021-44228) PoC
PoC: Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device
This repository documents how deployment of Microsoft Defender for Endpoint on a Windows 11 device, including onboarding via local script, enabling device discovery, configuring Log4j2 detection (CVE-2021-44228), and validating incident response workflows.
PoC: Log4Shell
Log4Shell CVE-2021-44228 PoC
PoC: CVE-2021-44228
A simple Log4j PoC written by Go
PoC: hka-seminar-log4shell
Praktische Demonstration der Log4Shell-Sicherheitslücke (CVE-2021-44228)
PoC: CVE-2021-44228-Log4j-JNDI
CVE-2021-44228 Vulnerability Reproduction Environment CVE-2021-44228 漏洞复现环境
PoC: log4shell-homework9
Log4Shell (CVE-2021-44228) exploit demo for SEAS 8405. Includes a vulnerable Spring Boot app, fake LDAP server, Docker setup, MITRE mapping, incident response, and a full screen recording.
PoC: Log4j-_Vulnerability
The Web Is Vulnerable to CVE-2021-44228
PoC: CVE-2021-44228-Log4Shell-
Kiểm thử xâm nhập
PoC: Log4shell
CVE-2021-44228
PoC: log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell
PoC: log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell
PoC: log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell
PoC: Log4Shell-vulnerability-CVE-2021-44228-
This repository provides an in-depth analysis of the Log4Shell vulnerability (CVE-2021-44228) and implements a machine learning-based approach to detect exploitation attempts in log data.
PoC: CVE-2021-44228
调试环境
PoC: cve-2021-44228
这是安徽大学 “漏洞分析实验”(大三秋冬)期中作业归档。完整文档位于https://testgames.me/2024/11/10/cve-2021-44228/
PoC: -Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-
In December 2021, the world of cybersecurity was shaken by the discovery of the Log4Shell vulnerability (CVE-2021-44228), embedded within the widely-used Apache Log4j library. With a CVSS score of 10
PoC: TPASLog4ShellPoC
Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at FCUP.
PoC: log4j-shell-poc
Log4J exploit CVE-2021-44228
PoC: CVE-2021-44228
CVE-2021-44228 vulnerability study
PoC: Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment
Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking application environment.
PoC: Log4Shell-PoC-Application
Log4Shell (CVE-2021-44228) PoC Application
PoC: Wireshark
Downloaded a packet capture (.pcapng) file from malware-traffic-analysis.net which was an example of an attempted attack against a webserver using the Log4J vulnerability (CVE-2021-44228). I examined teh amount of endpoints communicating with the server and knowing jnidi as a common in the vulnerbilty found it in clear text
PoC: CVE-2021-44228-POC
exploit CVE-2021-44228
PoC: l4s-vulnapp
This is a potentially vulnerable Java web application containing Log4j affected by log4shell(CVE-2021-44228).
PoC: CVE-2021-44228
Log4Shell CVE Analysis
PoC: l4j-fp1
jee web project with sanitised log4shell (CVE-2021-44228) vulnerability
PoC: l4j-tp1
jee web project with log4shell (CVE-2021-44228) vulnerability
PoC: CVE-Research
Research on CVE-2021-44228 and CVE-2023-46604
PoC: log4shell_lab
CVE-2021-44228
PoC: log4shell-minecraft-demo
Log4Shell (CVE-2021-44228) minecraft demo. Used for education fairs
PoC: CVE-2021-44228
Log4j Vulnerability RCE - CVE-2021-44228
PoC: Odysseus
A demo of the Log4Shell (CVE-2021-44228) vulnerability.
PoC: log4j-exploit-with-fork-bomb
💣💥💀 Пример запуска fork-бомбы на удаленном сервере благодаря уязвимости CVE-2021-44228
PoC: Log4ShellRemediation
A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105
PoC: log4shell-vulnweb
this web is vulnerable against CVE-2021-44228
PoC: CVE-2021-44228
CVE-2021-44228
PoC: Log4j-PoC
An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecraft
PoC: log4j_poc
PoC of CVE-2021-44228 , log4j
PoC: Log4Shell-CVE-2021-44228-PoC
CVE 2021-44228 Proof-of-Concept. Log4Shell is an attack against Servers that uses vulnerable versions of Log4J.
PoC: CVE-2021-44228
DO NOT USE FOR ANYTHING REAL. Simple springboot sample app with vulnerability CVE-2021-44228 aka "Log4Shell"
PoC: CVE-2021-44228-poc
CVE-2021-44228 POC / Example
PoC: log4j-shell-poc
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
PoC: CVE-2021-44228-RCE
Mass exploitation scripts for 12 software which are affected by log4j rce
PoC: Log4j-CVE-2021-44228-Remediation
This powershell script is intended to be used by anyone looking to remediate the Log4j Vulnerability within their environment. It can target multiple machines and run remotely as a job on all or only affected devices.
PoC: jankybank
Simple Java Front and Back end with bad log4j version featuring CVE-2021-44228
PoC: autoL4s
Autopwn Log4Shell (CVE-2021-44228)!!!
PoC: CVE-2021-44228
Apache Log4j is a logging tool written in Java. This paper focuses on what is Log4j and log4shell vulnerability and how it works, how it affects the victim, and how can this be mitigated
PoC: Ethical-Hacking-Report-Log4j
:page_with_curl: A report about CVE-2021-44228
PoC: CVE-2021-44228-Mass-RCE-Log4j
CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL/IP lists.
PoC: Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228
Remote Code Execution attacks are one of the most frequent methods employed by cybercriminals to compromise susceptible computers. In the previous year, a serious zero-day vulnerability was identified in Log4j, a java program used by developers for debugging and application modification loggings. This is also a significant vulnerability that affects the so-called Ghidra reverse engineering tool.
PoC: log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
PoC: Log4Shell-CVE-2121-44228-Demo
Log4Shell CVE-2021-44228 Demo
PoC: CVE-2021-44228
Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)
PoC: log4j
CVE-2021-44228 vulnerability in Apache Log4j library
PoC: CVE-2021-44228-mass
CVE-2021-44228 PoC for more than 12 affected softwares(not publicly disclossed yet) with mass exploitation script for each.
PoC: CVE-2021-44228
Log4Shell Proof-Of-Concept derived from https://github.com/kozmer/log4j-shell-poc
PoC: log4j-scanner
A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046
PoC: log4shell-honeypot
Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability
PoC: CVE-2021-44228
Log4j2组件命令执行RCE / Code By:Jun_sheng
PoC: vulescanjndilookup
HERRAMIENTA AUTOMATIZADA PARA LA DETECCION DE LA VULNERABILIDAD CVE-2021-44228
PoC: log4shellwithlog4j2_13_3
Springboot web application accepts a name get parameter and logs its value to log4j2. Vulnerable to CVE-2021-44228.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free