Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability

CVE-2021-44228 is a remote code execution (RCE) vulnerability in Apache Log4j 2. An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to a server running a vulnerable version of log4j. The crafted request uses a Java Naming and Directory Interface (JNDI) injection via a variety of services including:

  • Lightweight Directory Access Protocol (LDAP)
  • Secure LDAP (LDAPS)
  • Remote Method Invocation (RMI)
  • Domain Name Service (DNS)

⚠️ The scanner is still in an early phase.

Usage

Usage of scan4log4shell:
  -caddr string
    	address to catch the callbacks (eg. ip:port)
  -cidr string
    	subnet to scan (default "192.168.1.0/28")
  -listen
    	start a listener to catch callbacks (default false)
  -ports string
    	ports (comma separated) to scan (default "8080")

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

License

MIT

Owner
Frank Hübner
There is no compression algorithm for experience.
Frank Hübner
https://github.com/hupe1980/scan4log4shell
Comments
  • Question

    Question

    Hi,

    Please tell me if this tool scans only the main index or there is a option to crawl and test the entire site? I'm sorry to ask, but I haven't seen anything about this. Thank you

    scan4log4shell remote url http://testphp.vulnweb.com -a
[i] Log4Shell Remote Vulnerability Scan
[i] Listening on c832bfasahsi8gnc8r20cednmxoyyyyyr.interact.sh
[i] Start scanning CIDR http://testphp.vulnweb.com
---------
[i] All request to http://testphp.vulnweb.com have been sent
[i] Completed scanning
[i] Waiting for incoming callbacks!
[i] Use ctrl+c to stop the program.
  • Detect patched log4j-core-2*.jar ?

    Detect patched log4j-core-2*.jar ?

    Hi

    Can this program adding ability to check the .class are taken out of older log4j-core-.jar ?

    Patched *.jar = jndiLookup.class removal and set log4j2.formatMsgNoLookups=true

  • run,run-local and run-remote not showing up from

    run,run-local and run-remote not showing up from "make help"

    Is this intentional ?

    • run,run-local and run-remote not showing up from "make help"
    .PHONY: run
run:
	@go run *.go remote url -h

.PHONY: run-local
run-local:
	@docker-compose -f docker-compose.local.yml up --build

.PhONY: run-remote
run-remote:
	@docker-compose -f docker-compose.remote.yml up --build
  • go mod tidy: go.mod file indicates go 1.17, but maximum supported version is 1.15

    go mod tidy: go.mod file indicates go 1.17, but maximum supported version is 1.15

    Look like this project only work with go-1.17 while default go rpm on centos 7 is only 1.15.

    • Still don't know how to fix this compilation error after reading R1.
    [pi@centos7t01 scan4log4shell]$rpm -qa |grep golang
golang-1.15.14-1.el7.x86_64
golang-bin-1.15.14-1.el7.x86_64
golang-src-1.15.14-1.el7.noarch
[pi@va32centos7t01 scan4log4shell]$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[pi@centos7t01 scan4log4shell]$ make setup
go mod tidy: go.mod file indicates go 1.17, but maximum supported version is 1.15
make: *** [setup] Error 1
[pi@centos7t01 scan4log4shell]$

    R1: https://github.com/asim/go-micro/issues/2367

  • Adding makefile target to build the tool only

    Adding makefile target to build the tool only

    Hi @hupe1980

    I am hoping to use docker container as an isolated golang compiling environment, not doing the scan tests inside container. Can you add a target to automate this goal using following example I found on internet ? like "make docker-compile"

    docker create -ti --name dummy IMAGE_NAME bash
docker cp dummy:/path/to/file /dest/to/file  # copy scan4log4shell out to local partition like /tmp.
docker rm -f dummy
Related tags
Security log4j scanner rce vulnerability cve-2021-44228 log4shell
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Sep 22, 2022
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir

Oct 29, 2022
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
 Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

Dec 13, 2021
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228
 Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Nov 2, 2022
Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in

Dec 15, 2022
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)
 vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality

Nov 9, 2022
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)
 Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote

Dec 25, 2022
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

Dec 28, 2021
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Oct 3, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Nov 2, 2022
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Nov 9, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Feb 3, 2022
A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

Nov 9, 2022
Yet another log4j vulnerability scanner

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

Oct 12, 2022
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
 A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

Dec 26, 2022
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

Apr 13, 2022
Divd 2021 00038 log4j scanner

divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/

Nov 9, 2022
A tool for checking log4shell vulnerability mitigations

log4shell-ldap A tool for checking log4shell vulnerability mitigations. Usage: Build a container image: docker build . -t log4shell Run it: docker run

Jul 15, 2022
WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions

Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn

Nov 20, 2022