Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools

log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228.

This is the code that runs https://log4shell.tools. If you'd like to inspect the code or run an instance in your own environment, you've come to the right place.

Installation

The tool was tested on Go 1.16. Make sure it (or a more recent version) is installed and run the following command:

go install github.com/alexbakker/log4shell-tools/cmd/log4shell-tools-server

The binary will be available in $GOPATH/bin

Usage

The tool uses its in-memory storage backend by default. If you need test results to persist across restarts, you may want to use the Postgres backend instead.

Usage of log4shell-tools-server:

This tool only listens on 127.0.0.1 by default. Set the addr-* options to customize for your environment.

  -addr-http string
    	listening address for the HTTP server (default "127.0.0.1:8001")
  -addr-http-external string
    	address where the HTTP server can be reached externally (default "127.0.0.1:8001")
  -addr-ldap string
    	listening address for the LDAP server (default "127.0.0.1:12345")
  -addr-ldap-external string
    	address where the LDAP server can be reached externally (default "127.0.0.1:12345")
  -http-proto string
    	the HTTP protocol to use for URL's (default "https")
  -storage string
    	storage connection URI (either memory:// or a postgres:// URI (default "memory://")
  -test-timeout int
    	test timeout in minutes (default 30)
Owner
Alexander Bakker
Alexander Bakker
https://github.com/alexbakker/log4shell-tools https://log4shell.tools
Similar Resources

Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in

Dec 15, 2022

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

Dec 26, 2022

Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

Apr 13, 2022

Discover and remediate Log4Shell vulnerability [CVE-2021-45105]

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

Dec 28, 2021

WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions

Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn

Nov 20, 2022

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!

Jun 17, 2022

Yet another log4j vulnerability scanner

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

Oct 12, 2022

Divd 2021 00038 log4j scanner

divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/

Nov 9, 2022

CVE-2021-21978 exp

CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。

Nov 9, 2022
Comments
  • How to run this with minimal Java

    How to run this with minimal Java

    Compile and run a simple Java program Log4jCaller.java, with your ID:

    import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/**
  See https://log4shell.tools, check permission box, note the ID, click Start ...
  Run below, using your ID instead of c24099b7-f925-445b-b0e4-a656b277088f (likely expired)

  <pre>
  wget https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.10.0/log4j-api-2.10.0.jar
  wget https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar

  export CLASSPATH=.:log4j-api-2.10.0.jar:log4j-core-2.10.0.jar
  echo "log4j.rootLogger=DEBUG" > log4j2.properties    

  javac Log4jCaller.java
  java  Log4jCaller c24099b7-f925-445b-b0e4-a656b277088f
  </pre>
 */
public class Log4jCaller {
    public static void main(String[] args) {
        String id = args[0];
        String d = "${jndi:dns://" + id + ".dns.log4shell.tools}";
        String j = "${jndi:ldap://" + id + ".dns.log4shell.tools:12345/" + id + "}";
        Logger log = LogManager.getLogger(Log4jCaller.class);
        log.error(d);
        log.error(j);
        System.out.println("Done");
    }
}

    On vulnerable systems, this produces output as follows:

    $ java Log4jCaller c24099b7-f925-445b-b0e4-a656b277088f
14:01:06.655 [main] ERROR Log4jCaller - ${jndi:dns://c24099b7-f925-445b-b0e4-a656b277088f.dns.log4shell.tools}
14:01:06.731 [main] ERROR Log4jCaller - Reference Class Name: Log4Shell

    Thanks for this service!

  • 【中文版部署教程】如何运行这个项目(Chinese Tutorial: How to run this project)

    【中文版部署教程】如何运行这个项目(Chinese Tutorial: How to run this project)

    Golang的安装

    这里需要安装Golang1.16版本

    下载并解压安装包

    如果你的Linux支持科学上网,可以使用下面的方式下载Golang环境包

    wget https://dl.google.com/go/go1.16.4.linux-amd64.tar.gz

    因此需要手动下载并编译哦,相关包可以在我的私人网盘里下载

    • 相关Golang环境包 下载链接https://pan.iculture.cc/s/oGwFg
    • 提取码:ojdz79

    下载完成后,传到Linux里,解压缩

    sudo tar -xvf go1.16.4.linux-amd64.tar.gz

    将文件移动到**/usr/local**路径下

    sudo mv go /usr/local

    配置Go环境

    • 配置GOROOT变量
    export GOROOT=/usr/local/go
    • 配置GOPATH变量
    export GOPATH=$HOME/Projects/FancyPig
    • 配置PATH变量
    export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

    配置Golang镜像源

    # 启用 Go Modules 功能

go env -w GO111MODULE=on



# 配置 GOPROXY 环境变量,以下三选一



# 1. 七牛 CDN

go env -w  GOPROXY=https://goproxy.cn,direct



# 2. 阿里云

go env -w GOPROXY=https://mirrors.aliyun.com/goproxy/,direct



# 3. 官方

go env -w  GOPROXY=https://goproxy.io,direct



#检验是否已启用相关镜像源

go env | grep GOPROXY

    下载并安装Log4j工具

    输入下面命令下载相关工具

    go install github.com/alexbakker/log4shell-tools/cmd/log4shell-tools-server

    下载完成之后,我们需要到**$GOPATH/bin**路径下去找,可以输入下面命令去看环境变量具体的设置

    go env

    然后进入到**$GOPATH/bin**路径下,启动应用即可

    ./log4shell-tools-server

    如果,你还想增加更多的参数可以参考下面的步骤,我这里比方说内网部署的IP地址是192.168.10.217

    则可以输入下面的命令

    ./log4shell-tools-server -http-addr 192.168.10.217:8001 -ldap-addr 192.168.10.217:12345 -ldap-addr-external 192.168.10.217:12345 -http-addr-external 192.168.10.217:8001

    都调试好了之后,便可以通过192.168.10.217:8001访问了

    如何使用

    访问我们设置好的192.168.10.217:8001,点击start

    图片1-如何部署一个在线检测Log4j漏洞的工具?-FancyPig's blog

    获取相应的LDAP链接,然后就可以通过该链接进行log4j的测试了!

    图片2-如何部署一个在线检测Log4j漏洞的工具?-FancyPig's blog

    常见问题

    端口被占用

    如果,你发现启动的时候提示端口被占用,可以使用以下命令

    ps aux | grep log4

    找到log4的相应进程ID,然后把他干掉

    kill -9 进程ID

    如何后台运行该项目

    nohup ./log4shell-tools-server

    如果你后面还有相应的字段,需要自行添加

    More Information

    Refer FancyPig's blog

Related tags
Security log4j cve-2021-44228 log4shell
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Sep 17, 2022
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Sep 22, 2022
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)
 vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality

Nov 9, 2022
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)
 Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote

Dec 25, 2022
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir

Oct 29, 2022
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Oct 3, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Nov 2, 2022
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Nov 9, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Feb 3, 2022
A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

Nov 9, 2022