log4j

《Spring Boot基础教程》，2.x版本持续连载中！点击下方链接直达教程目录！

Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture.

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Apache log4j1

对java、scala等运行于jvm的程序进行实时日志采集、索引和可视化，对系统进行进程级别的监控，对系统内部的操作进行策略性的报警、对分布式的rpc调用进行trace跟踪以便于进行性能分析

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

🦄🔒 Awesome list of secrets in environment variables 🖥️

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

Graylog Extended Log Format (GELF) implementation in Java for all major logging frameworks: log4j, log4j2, java.util.logging, logback, JBossAS7 and WildFly 8-12

log4j rce test environment and poc

A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Remote command execution vulnerability scanner for Log4j.

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

A tool that scans archives to check for vulnerable log4j versions

An All-In-One Pure Python PoC for CVE-2021-44228

🎯 LogCaptor captures log entries for unit testing purposes

Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information

A collection of intelligence about Log4Shell and its exploitation activity.

sofa-common-tools is a library that provide some utility functions to other SOFA libraries.

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库！Tribute to the most invincible Java logging library in the universe!

Powershell Script to aid Incidence Response and Live Forensics

A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.

Lilith is a Logging- and AccessEvent viewer for Logback, log4j, log4j2 and java.util.logging

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

OWASP Security Logging library for Java