jndi-injection
CommunityConfirm and map Java JNDI injection paths.
Legal & Compliance#security testing#java#waf bypass#log4shell#jndi injection#dns confirmation#ldap exploitation
Authorok-helloworld
Version1.0.0
Installs0
System Documentation
What problem does it solve?
JNDI injection in Java allows attacker-controlled lookups to trigger outbound connections and potentially remote class loading or code execution, so testers need a reliable way to confirm the sink and assess exploitability.
Core Features & Use Cases
- Attack Surface Guidance: Targets cases where untrusted input reaches
InitialContext.lookup()and other JNDI sinks. - Environment-Aware Exploitability: Covers JDK version constraints and the post-8u191 shift to LDAP-based serialized-gadget and BeanFactory/EL abuse paths.
- Log4Shell Mapping (CVE-2021-44228): Provides Jndi lookup payloads, detection-only DNS confirmation, and WAF bypass variants to validate whether logging triggers the JNDI evaluation.
Quick Start
Ask the assistant to generate a JNDI injection testing plan for your Java target, including a DNS-only confirmation step and the appropriate LDAP/RMI strategy based on the detected JDK behavior.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jndi-injection Download link: https://github.com/ok-helloworld/vibe-pentest/archive/main.zip#jndi-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.