log4j burp插件
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
请勿将本项目技术或代码应用在恶意软件制作、软件著作权/知识产权盗取或不当牟利等非法用途中。实施上述行为或利用本项目对非自己著作权所有的程序进行数据嗅探将涉嫌违反《中华人民共和国刑法》第二百一十七条、第二百八十六条,《中华人民共和国网络安全法》《中华人民共和国计算机软件保护条例》等法律规定。本项目提及的技术仅可用于私人学习测试等合法场景中,任何不当利用该技术所造成的刑事、民事责任均与本项目作者无关。
Purposes ? Hey there is abosolutely no need to do this we do it only to irritate
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF
xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/
Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru
unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe
TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works
Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss
Traceback (most recent call last):
File "/home/user/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py", line 17, in
2 Jan 24, 2022
118 Nov 7, 2022
588 Jan 9, 2023
364 Dec 30, 2022
16 Aug 30, 2022
86 Dec 31, 2022
29 Nov 9, 2022
162 Nov 25, 2022
7 Dec 7, 2022
at org.python.core.Py.ImportError(Py.java:329)
at org.python.core.imp.import_first(imp.java:1230)
at org.python.core.imp.import_module_level(imp.java:1361)
at org.python.core.imp.importName(imp.java:1528)
at org.python.core.ImportFunction.__call__(__builtin__.java:1285)
at org.python.core.PyObject.__call__(PyObject.java:433)
at org.python.core.__builtin__.__import__(__builtin__.java:1232)
at org.python.core.imp.importOne(imp.java:1547)
at org.python.pycode._pyx4.f$0(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py:373)
at org.python.pycode._pyx4.call_function(/home/anubi5/tools/web/burp/jar.pro/log4jscanner-main/log4jscanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1687)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:287)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at burp.ann.<init>(Unknown Source)
at burp.g8p.a(Unknown Source)
at burp.bf8.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
插件主要识别五种形式:
1.get请求,a=1&b=2&c=3
2.post请求,a=1&b=2&c=3
3.post请求,{“a”:”1”,”b”:”22222”}
4.post请求,a=1¶m={“a”:”1”,”b”:”22222”}
5.post请求,{"params":{"a":"1","b":"22222"}}
修复了bug,thanks @guguyu1
Source code(tar.gz)master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth
ClusterFuzz ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all
DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m
520_APK_HOOK 介绍 将msf生成的payload,注入到一个正常的apk文件中,重新打包后进行加固,bypass手机安全管家的检测。 项目地址: https://github.com/cleverbao/520apkhook 作者: BaoGuo 优点 相比于原始的msf远控,此版本ap
Snake Map Extensive Python3 network scanner, simplified. _,.--. --..,_ .'`__ o `;__, `'.'. .'.'` '---'` '
hash-cracker hash cracker is a multi-functional and compact...hash cracking tool...that supports dictionary attacks against three kinds of hashes: md5
Discord-email-spammer-exploit was made by Love ❌ code ✅ 🎈 ・Description First it
ez-cuisine-classifier A Python application to predict what is cooking Environment Python 3.9 Windows 10 Install python -m venv venv .\venv\Scripts\act
Python Code Obfuscator A handy and necessary tool that can protect your code anytime! Mostly Command Line tool that will obfuscate your code. Features
Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁♀️ How to use first download the scanner.p
Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec
Mad Spammer 👿 Pre-Setup: Open your terminal/console and type: pip install module colorama python MadSpammer.py Setup: After doing that, you should be
loggef Facebook automation tool, Facebook account hacking and cloning advanced tool + dictionary attack added Warning Use this tool for educational pu
Hammer-DDos $ apt update $ apt upgrade $ apt install python $ apt install git $
threat-intel This repository contains IoCs related to Volexity public threat intelligence blog posts. They are organised by year, and within each year
pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where
💳 Credit Card Checker (CC Checker) & Mass SK Checker & Generator 💳
A hashtag check python module
Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t
Bypass ReCaptcha Bypass ReCaptcha is a Python script for dealing with recaptcha.
167 Dec 19, 2022
4.9k Jan 08, 2023
1 Jan 11, 2022
368 Jan 02, 2023
4 Apr 16, 2022
3 Feb 22, 2022
25 Aug 13, 2022
1 Jun 21, 2022
5 Nov 18, 2022
2 Jan 07, 2022
2 Oct 29, 2022
1 Nov 26, 2021
149 Aug 10, 2022
1 Jan 24, 2022
130 Dec 29, 2022
795 Dec 29, 2022
53 Dec 31, 2022
3 Aug 10, 2022
5k Jan 05, 2023
1 Jan 11, 2022