GitHub - chaitin/log4j2-vaccine: log4j2-vaccine

3 years ago

source link: https://github.com/chaitin/log4j2-vaccine
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Log4j2-Vaccine

一款用于log4j2漏洞的疫苗，基于Instrumentation机制进行RASP防护，Patch了 org.apache.logging.log4j.core.net.JndiManager的lookup方法，部分代码借用了arthas的实现

Usage1: Java进程已经启动

启动Loader

java -jar loader.jar --agent agent.jar

选择需要Patch的进程(输入序号即可)

[INFO] Found existing java process, please choose one and hit RETURN.
* [1]: 50508 log4j2vuln3-0.0.1-SNAPSHOT.jar

Patch成功

如果Java进程较多，可在启动时添加all参数，Patch所有存活的Java进程

java -jar loader.jar --agent agent.jar all

Usage2: Java进程仍未启动

使用javaagent参数加载agent.jar

java -javaagent:agent.jar -jar web.jar

Recommend

399

Github github.com 7 years ago
Cache

GitHub - chaitin/passionfruit: [WIP] Crappy iOS app analyzer

Discontinued Project This project has been discontinued. Please use the new Grapefruit

Github github.com 6 years ago
Cache

chaitin/cloudwalker: CloudWalker Platform

CloudWalker（牧云）开源计划 CloudWalker（牧云）是长亭推出的一款开源服务器安全管理平台。根据项目计划会逐步覆盖服务器资产管理、威胁扫描、Webshell 查杀、基线检测等各项功能。本次开源作为开源计划的第一步，...

Github github.com 6 years ago
Cache

GitHub - chaitin/cloudwalker: CloudWalker Platform

README.md CloudWalker（牧云）开源计划 CloudWalker（牧云）是长亭推出的一款开源服务器安全管理平台。根据项目计划会逐步覆盖服务器资产管理、威胁扫描、Webshe...

Github github.com 5 years ago
Cache

GitHub - chaitin/xray: xray 安全评估工具

README.md Welcome to xray ?

en.wikipedia.org 5 years ago
Cache

Chaitin's Constant

In thecomputer science subfield of algorithmic information theory , a Chaitin constant ( Chaitin omega number )or halting proba...

Github github.com 3 years ago
Cache

GitHub - apache/logging-log4j2: Apache Log4j 2 is an upgrade to Log4j that provi...

Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logba...

Github github.com 3 years ago
Cache

GitHub - whwlsfb/Log4j2Scan: Log4j2 RCE Passive Scanner plugin for BurpSuite

Log4j2Scan This tool is only for learning, research and self-examination. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me! ...

Github github.com 3 years ago
Cache

GitHub - ilsubyeega/log4j2-exploits: log4j2 remote code execution or IP leakage...

log4j2-exploits 2021-12-11.12-17-44.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by

www.heibai.org 3 years ago
Cache

GitHUB安全搬运工之Log4j2集合

NoPacCVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.地址：https://github.c...

Github github.com 3 years ago
Cache

veinmind-tools/README.en.md at master · chaitin/veinmind-tools · GitHub

veinmind-tools Documentation veinmind-tools is self-developed by chaitin technology ，a container se...

GitHub - chaitin/log4j2-vaccine: log4j2-vaccine

Log4j2-Vaccine

Usage1: Java进程已经启动

Usage2: Java进程仍未启动

Recommend

About Joyk