Version endpoint
User header is logged by Log4j.
Log4ShellVuln Java API
Spring Boot vulnerable surface for Log4Shell, XXE, deserialization and disclosure flows.
XML parser
Parses XML with unsafe entity settings.
XXEDeserialize
Accepts serialized object bytes.
Insecure DeserializationFile listing
Reads arbitrary paths from query string.
Path TraversalTry: /api/version, /api/xml, /api/files?path=/app, /api/env, /health