This gist gather a list of log4shell payloads seen on my twitter feeds.
💨 I will update it every time I see new payloads.
The goal is to allows testing detection regexes defined in protection systems.
Dominique RIGHETTO righettod
👨💻
righettod
/ scan-code-with-semgrep.sh
Last active
March 21, 2025 09:44
Scan a code base with semgrep from scratch.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Assume that PYTHON3 and GIT are installed | |
| # and available for the user execution the script | |
| # https://semgrep.dev/docs/cli-reference | |
| PYENV_HOME="/tmp/pyenv" | |
| SEMGREP_RULES_HOME="/tmp/semgrep-rules" | |
| SEMGREP_RULES_FOLDER="python" | |
| SEMGREP_FINDINGS_FILE="semgrep-findings.json" | |
| function initialize(){ |
righettod
/ clear-sensitive-info-from-clipboard.html
Last active
May 29, 2024 13:09
POC to remove a "sensitive" information from the clipboard after a short period of time.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <!-- | |
| POC to remove a "sensitive" information from the clipboard after a short period of time. | |
| It is used, as an hardening measure, for a legit feature to copy the info into the clipboard. | |
| Here the info taken is an IBAN for the example. | |
| https://developer.mozilla.org/en-US/docs/Web/API/Clipboard | |
| --> |
righettod
/ find-javaee-jws-methods-without-authz.sh
Created
July 28, 2023 08:49
Script to identify classes defining JavaEE JWS web accessible methods without an authorization annotation on them.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Folder:" | |
| pwd | |
| for line in $(grep -rFc "@WebMethod" * | grep -v ":0") | |
| do | |
| services_count=$(echo $line | cut -d':' -f2) | |
| java_class_file=$(echo $line | cut -d':' -f1) | |
| auth_annot_count=$(grep -rFc "@RolesAllowed" $java_class_file) | |
| if [ "$services_count" != "$auth_annot_count" ] | |
| then |
righettod
/ SecurityUtils.java
Last active
May 24, 2024 16:32
Provides different utilities methods to apply processing from a security perspective.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package eu.righettod.snippet; | |
| import org.apache.pdfbox.Loader; | |
| import org.apache.pdfbox.pdmodel.PDDocument; | |
| import org.apache.pdfbox.pdmodel.PDDocumentCatalog; | |
| import org.apache.pdfbox.pdmodel.PDDocumentInformation; | |
| import org.apache.pdfbox.pdmodel.PDDocumentNameDictionary; | |
| import org.apache.pdfbox.pdmodel.common.PDMetadata; | |
| import org.apache.pdfbox.pdmodel.interactive.action.*; | |
| import org.apache.pdfbox.pdmodel.interactive.annotation.AnnotationFilter; |
righettod
/ portswigger-webacademy-status-check.ps1
Last active
September 2, 2022 16:48
Quick PowerShell functions to identify any courses or labs missed from the Portswigger WebAcademy courses.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Test-WebAcademy-Labs-Status($sessionCookieValue){ | |
| $storageFile="$env:USERPROFILE\.webacademy-labs-status" | |
| $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession | |
| $cookie = New-Object System.Net.Cookie | |
| $cookie.Name = "SessionId" | |
| $cookie.Value = $sessionCookieValue | |
| $cookie.Domain = ".portswigger.net" | |
| $session.Cookies.Add($cookie); | |
| Write-Host "[i] Status storage file: $storageFile" -ForegroundColor Cyan | |
| Write-Host "[+] Retrieving labs status from PortSwigger labs web page..." -ForegroundColor Yellow |
righettod
/ CVE-2022-21449.yaml
Last active
December 18, 2023 06:50
Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2022-21449 | |
| info: | |
| name: CVE-2022-21449 test exposure | |
| description: The JDK 15-18 have a vulnerability in validation of ECDSA signature so this template detect exposure to CVE-2022-21449 by the JWT validation API in place. | |
| author: righettod | |
| severity: info | |
| tags: cve,2022,java | |
| reference: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java |
righettod
/ log4shell-payloads.md
Last active
December 18, 2023 06:41
List of log4shell payloads seen on my twitter feeds
righettod
/ identify-log4j-class-location.sh
Last active
January 17, 2022 12:01
Script to identify Log4J affected class for CVE-2021-44228 in a collection of ear/war/jar files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ######################################################################################################### | |
| # Script to identify Log4J affected class for CVE-2021-44228 in a collection of EAR/WAR/JAR files | |
| # Based on this script: | |
| # https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh | |
| ######################################################################################################### | |
| if [ "$#" -lt 1 ]; then | |
| script_name=$(basename "$0") | |
| echo "Usage:" | |
| echo " $script_name [BASE_SEARCH_FOLDER]" |
righettod
/ identify-class-location.sh
Last active
December 13, 2021 19:16
Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ######################################################################################################### | |
| # Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files | |
| # Based on this script: | |
| # https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh | |
| ######################################################################################################### | |
| if [ "$#" -lt 1 ]; then | |
| script_name=$(basename "$0") | |
| echo "Usage:" | |
| echo " $script_name [APP_LIBS_FOLDER]" |
righettod
/ npm_report.py
Last active
November 10, 2021 09:18
Quick script to format the results of a JSON scan report from NPM audit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Script was migrated below for better evolution and consistency: | |
| https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-report-npm.py | |
| """ |
NewerOlder