l9fuzz

Fuzzes various protocols with JNDI LDAP payloads and listen for ping backs

Features

Low CPU/Memory footprint
Integrated LDAP server
Trace orignal source and vector
Gets a direct IP and not a DNS resolver
Use of templating with multiple tokens over TCP/SSL

Usage

Usage: l9fuzz scan --listen-address=STRING --input-file=INPUT-FILE

Scans url for JNDI

Flags:
  -h, --help                       Show context-sensitive help.

      --timeout=2s
      --wait=1m
  -l, --listen-address=STRING      Listen address (ip:port)
  -i, --input-file=INPUT-FILE      Input file, - for STDIN
  -o, --output-file=OUTPUT-FILE    Output file
  -L, --ldap-debug=LDAP-DEBUG      LDAP server debug log file
  -m, --max-connections=100        Max connections
  -q, --quiet                      No progress bar
  -k, --psk="no-payload-check"     Payload sign key
  -t, --template=STRING            Bypasses protocols and use TCP template (stateless)

Input file format

http://12.44.55.66:8000/test
ssh://34.54.33.22:22
ssh://32.54.33.32:22
ssh://34.54.33.25:2222
tls://43.33.44.11:8081
tcp://12.12.12.12:23
55.21.45.11:8080

No scheme means tcp://.tcp://, tls:// and ssl:// are only supported in template mode.

Output

$ ./l9fuzz scan -i - -m 400 -l 167.71.13.196:45432 
Started server at 167.71.13.196:45432
[ldap-reply] From: 14.201.105.110:51428 | Source: https://24.201.106.150:443 | Vector: http-header-x-forwarded-for | Delay: 1.849171982s
[ldap-reply] From: 14.201.105.110:51426 | Source: https://24.201.106.150:443 | Vector: http-url-path | Delay: 1.850494525s
[ldap-reply] From: 257.130.120.178:55897 | Source: http://45.199.107.194:80 | Vector: http-url-query-key | Delay: 14.506910982s
[ldap-reply] From: 257.130.120.178:10247 | Source: http://45.199.107.194:80 | Vector: http-url-query-key | Delay: 14.537421598s
[ldap-reply] From: 257.130.120.178:3467 | Source: http://45.199.107.194:80 | Vector: http-url-query-key | Delay: 14.54305658s
[ldap-reply] From: 257.130.120.178:29311 | Source: http://45.199.107.194:80 | Vector: http-url-query-key | Delay: 14.577900357s
[ldap-reply] From: 257.130.120.178:45846 | Source: http://45.199.107.194:80 | Vector: http-url-query-value | Delay: 14.764612109s
$ ./l9fuzz scan -t templates/http.txt -i source.txt -l 127.0.0.1:4555

Template mode

If -t template-file.txt is specified, template-file.txt is sent over the TCP/SSL connection instead of using the default payloads.

This allows for specifying your own requests while keeping track of fields :

eg http.txt:

PUT {{ .Fuzzer.PayloadJNDILog4J .Url.String "http-raw-url" }} HTTP/1.1
Host: {{ .Fuzzer.PayloadJNDILog4J .Url.String "http-header-host" }}
X-My-Header: {{ .Fuzzer.PayloadJNDILog4J .Url.String "http-x-my-header" }}

{{ .Fuzzer.PayloadJNDILog4J .Url.String "http-put-body" }}

Will generate PayloadJNDILog4J payloads tagged with the source url and vectors (http-put-body,http-raw-url, ... ).

0 Open More issues

Closed

v1.2

Added HTTP server
Made both payload and requests templates

"Should be" generic enough for lots of use cases

opened Dec 17, 2021 by gboddin 0

Closed

v1.1.0

added ssl/tls in generic mode
added debug mode

opened Dec 15, 2021 by gboddin 0

A Pure PHP LDAP Library.

JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.

A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability.

Fake ping times.

Basic LDAP Authenticator for Go 🔓🔑

tiny ldap logger

Payload for teensy like a rubber ducky but the syntax is different.

A malicious LDAP server for JNDI injection attacks

log4jdemoforRCE

Check for LDAP protections regarding the relay of NTLM authentication

Fuzz Introspector

A web page based fuzzer that generates random JS statements then fuzz in the web-browser.

Pythonize Intruder Payload

:elephant: :busts_in_silhouette: Manage PostgreSQL roles and privileges from YAML or LDAP

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

Utility to safely fetch Java class files being served by LDAP servers. Includes deobfuscator for common Log4J URL obfuscation techniques.

The Rumor is pure, nasty growling bass fuzz pedal, with bold out-front presence, and cutting articulation.

🏓Ping multiple servers and show results in a top-like terminal UI.

selenium-auto-wait automatically manages all weblement waits and makes you to write wait free selenium tests.

« usbkill » is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

A simple ping library using ICMP echo requests.

Share this repo

Related Repos

Networking

Create, manage and execute http requests from the terminal

_ _ _ _ _ | |_| |_| |_ _ __ ___| |_ __ _ _ _ | |_____ _ _ | ' \ _| _| '_ \___| _/ _` | ' \| / / -_) '_| |_||

Networking

341

GoNN is an implementation of Neural Network in Go Language, which includes BPNN, RBF, PCN

GoNN Neural Network in GoLang Feature BackPropagation Network / RBF Network / Perceptron Network Parallel BackPropagation Network (each neural has its

Networking

Simple HTTP client for Go

GoRe (Go Requester) Simple HTTP client for Go Example g := gore.New( gore.WithBaseURL("https://api.products.com"), ) resp, err := g.Get("/entities"

Networking

A simple Go server that broadcasts any data/stream

broadcast A simple Go server that broadcasts any data/stream usage data You can POST data. curl -X POST --data-binary "@111.png" localhost:9222/test.p

Networking

Lightweight HTTP server to handle webhooks from listmonk and forward it to different messe...

listmonk-messenger Lightweight HTTP server to handle webhooks from listmonk and forward it to different messengers. Supported messengers Pinpoint Deve

Networking

Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud pr...

Cloud-Z Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers. Cloud type, instance id, and type CPU infor

Networking

3.1k

Expose localhost servers to the Internet

localtunnel What happened to localtunnel? After pioneering instant public tunnels to localhost, many people copied the project and started businesses

Networking

259

Distributed tracing using OpenTelemetry and ClickHouse

Distributed tracing backend using OpenTelemetry and ClickHouse Uptrace is a distributed tracing system that uses OpenTelemetry to collect data and Cli

Networking

Automatically exposes the remote container's listening ports back to the local machine

Auto-portforward (apf) A handy tool to automatically set up proxies that expose the remote container's listening ports back to the local machine. Just

Networking

An encrypted photo album for home network use

X2 An (eventually encrypted) private photo album for home network use. Getting Started The server should run on any Mac, Linux, or Windows machine but

Networking

USENET-inspired decentralized internet discussion system

=============================================================================== INTERACTIVE ASYNC / FULL DUPLEX ===============

Networking

🪝 Make requests to HTTP servers with Hackney

Hackney Bindings to Erlang's HTTP client, hackney. import gleam/hackney import gleam/http.{Get} import gleeunit/should pub fn main() { // Prepare a

Networking

It is simple proxy to work with tcp connection

Networking

Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI paylo...

l9fuzz Fuzzes various protocols with JNDI LDAP payloads and listen for ping backs Features Low CPU/Memory footprint Integrated LDAP server Trace orign

Networking

A light-weight high-performance UDP sockets library

DirectSockets A light-weight high-performance UDP sockets library. Background The Julia standard library Sockets provides a great UDPSocket implementa

Category: Golang / Networking
Watchers: 0
Star: 8
Fork: 0
Last update: Dec 17, 2021

Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload

l9fuzz

Features

Usage

Input file format

Output

Template mode

v1.2

v1.1.0

Related Repos