Log4j is an automated scanner designed to find the Apache Log4j RCE CVE-2021-44228 vulnerability.
Log4j is an automated scanner designed to find the Apache Log4j RCE CVE-2021-44228 vulnerability.
The Apache Log4J RCE CVE-2021-4428 is a critical vulnerability that has been heavily exploited by threat actors. This Open Source detection and scanning tool can be used to scan your infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achieving code execution within the environment.
It supports DNS OOB callbacks out of the box, there is no need to set up a DNS callback server.
Log4j Features:
Support for lists of URLs.
Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
Fuzzing for HTTP POST Data parameters.
Fuzzing for JSON data parameters.
Supports DNS callback for vulnerability discovery and validation.
WAF Bypass payloads.
Scan a Single URL
$ python3 log4j-scan.py -u https://log4j.lab.secbot.local
Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)
$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests
Discover WAF bypasses on the environment.
$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass
Scan a list of URLs
$ python3 log4j-scan.py -l urls.txt
Installation
$ pip3 install -r requirements.txt
Docker Support
git clone https://github.com/fullhunt/log4j-scan.git
cd log4j-scan
sudo docker build -t log4j-scan .
sudo docker run -it --rm log4j-scan
# With URL list "urls.txt" in current directory
docker run -it --rm -v $PWD:/data log4j-scan -l /data/urls.txt
More details can be found at the Log4j Github repository.
Similar:
What's the Best Antivirus and Is Windows Defender Good Enough?
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
Download