A honeypot for the Log4Shell vulnerability (CVE-2021-44228)

Last update: Dec 27, 2022

Related tags

Security related resources Log4Pot

Overview

Log4Pot

A honeypot for the Log4Shell vulnerability (CVE-2021-44228).

License: GPLv3.0

Features

Listen on various ports for Log4Shell exploitation.
Detect exploitation in request line and headers.
Log to file and Azure blob storage.

Usage

Install Poetry: curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python3 -
Fetch this GitHub repository git clone https://github.com/thomaspatzke/Log4Pot.git
Change directory into the local copy with cd Log4Pot
Install dependencies: poetry install
Put parameters into log4pot.conf.
Run: poetry run python log4pot.py @log4pot.conf

Alternatively, you can also run log4pot without external dependencies:

$ python log4pot.py @log4pot.conf

This will run log4pot without support for logging to Azure blob storage.

Analyzing Logs with JQ

List payloads from exploitation attempts:

select(.type == "exploit") | .payload

Decode all base64-encoded payloads from JNDI exploit:

select(.type == "exploit" and (.payload | contains("Base64"))) | .payload | sub(".*/Base64/"; "") | sub ("}$"; "") | @base64d

Owner

Thomas Patzke

Loves to build InfoSec-related tools.

Thomas Patzke

GitHub Repository

Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix Framework is an environment for writing, testing and using exploit code. 🖼 Screenshots 🎪 Community PwnWiki Forums 🔑 Licen

42 Aug 09, 2022

Ethereum transaction decoder (community version).

EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di

240 Dec 21, 2022

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage: python ProxyLogon.py --host=exchang

112 Dec 01, 2022

Lite - Lite cracker tool for python

Wellcome to tools Results Install Tools

23 Dec 17, 2022

PoC for CVE-2021-26855 -Just a checker-

CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C

17 Dec 22, 2022

Fetch Chrome, Firefox, WiFi password and system info

DISCLAIMER : OUR TOOLS ARE FOR EDUCATIONAL PURPOSES ONLY. DON'T USE THEM FOR ILLEGAL ACTIVITIES. YOU ARE THE ONLY RESPONSABLE FOR YOUR ACTIONS! OUR TO

59 Nov 17, 2022

Brute force attack tool for Azure AD Autologon/Seamless SSO

Brute force attack tool for Azure AD Autologon

89 Jan 02, 2023

This script allows you to make a onion host instantly.

Installation It only works in Debian based Linux distros. Clone the repo: git clone https://github.com/0xStevenson/Auto-Tor-Host.git Go to the direct

4 Feb 22, 2022

Official implementation of the paper "Backdoor Attacks on Self-Supervised Learning".

SSL-Backdoor Abstract Large-scale unlabeled data has allowed recent progress in self-supervised learning methods that learn rich visual representation

44 Nov 21, 2022

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including P

95 Dec 26, 2022

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

17 Nov 09, 2022

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray3

246 Dec 28, 2022

Volunteer & Campaign Management System

Cleansweep Requirements A Linux (or Mac OS X) node with the following software installed. Ubuntu 14.04 is preferred. PostgreSQL 9.3 database server Py

39 May 24, 2022

一款针对向日葵的识别码和验证码提取工具

Sunflower_get_Password 一款针对向日葵的识别码和验证码提取工具 👮🏻‍♀️ 免责声明由于传播、利用Sunflower_get_Password工具提供的功能而造成的任何直接或者间接的后果及损失，均由使用者本人负责，本人不为此承担任何责任。安装环境本工具使用Python

635 Dec 20, 2022

This repo explains in details about buffer overflow exploit development for windows executable.

Buffer Overflow Exploit Development For Beginner Introduction I am beginner in security community and as my fellow beginner, I spend some of my time a

11 Dec 17, 2022

A curated list of amazingly awesome Cybersecurity datasets

A curated list of amazingly awesome Cybersecurity datasets

758 Dec 28, 2022

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods This repository is the official implementation of Seohong Park, Jaeky

6 Aug 02, 2022

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze SSLyze is a fast and powerful SSL/TLS scanning tool and Python library. SSLyze can analyze the SSL/TLS configuration of a server by connecting

2.8k Jan 03, 2023

Script Crack Facebook Premium 🚶‍♂

prem Script Crack Facebook Premium 🚶‍♂ Install Script $ pkg update && pkg update $ termux-setup-storage $ pkg install git $ pkg install python $ pip

1 Dec 03, 2021

MVT is a forensic tool to look for signs of infection in smartphone devices

Mobile Verification Toolkit Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic

8.3k Jan 08, 2023