# LOG4J-mass-rce-CVE-2021-44228


CVE-2021-44228 Mass Exploitation tool written in Python 3 compatible with lists of URL/IPs. For a large number of targets you can increase the number of threads, we don't recommend more than 1024. In order to perform command injection (bash/powershell) replace the "payload_cmd" variable inside the file with your code. This download includes a list of over 505,900 potentially vulnerable hosts according to and personal scans. This tool is NOT free to prevent abuse and do not expect to find a fix-it-all proof of concept for exploitation for free. Only for those knowledgeable.

Due to lots of requests for we release 4 LAST COPIES:

We put up 4 limited copies for sale, available at: (SOLD OUT)

Another updated vulnerable hosts list including over 252,512 will be released to the buyers on 30th of January from our most recent global scan. As of now patches are being applied but the majority of systems aren't patched.

sudo yum install python3 python3-pip java

ulimit -n 2048

pip3 install queuelib requests


CVE-2021-44228 vulnerability scores a 10 out of 10 on severity scale. The total number of potentially vulnerable devices can be as large as 1 million. In this kit we included a scan of ours coupled with results from SHODAN.IO into a list of over 505,900 hosts that may be vulnerable. The recently released patch has an exploit of in itself, bypass update is included, please email for updates. This vulnerability can take up to 1 year to patch a significant number of hosts.