Log4j RCE Scanner Save

Remote command execution vulnerability scanner for Log4j.

Project README

Feature • Requirements • Installation • Usage • Contact

RCE scanner for Log4j

Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.

Affected versions < 2.15.0

Features

It can scan according to the url list you provide.
It can scan all of them by finding the subdomains of the domain name you give.
It adds the source domain as a prefix to determine from which source the incoming dns queries are coming from.

Requirements

httpx
curl

If you want to scan with a domain name, you must additionally install subfinder, assetfinder and amass.

Installation

git clone https://github.com/adilsoybali/Log4j-RCE-Scanner.git
cd Log4j-RCE-Scanner
chmod +x log4j-rce-scanner.sh

Usage

./log4j-rce-scanner.sh -h

This will display help for the tool. Here are all the switches it supports.

-h, --help - Display help
-l, --url-list - List of domain/subdomain/ip to be used for scanning.
-d, --domain - The domain name to which all subdomains and itself will be checked.
-b, --burpcollabid - Burp collabrator client id address or interactsh domain address.

Example uses:
./log4j-rce-scanner.sh -l httpxsubdomains.txt -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net
./log4j-rce-scanner.sh -d adilsoybali.com -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net

Click here to go to Burp collaborator documentation page.

Click here to go to Interactsh.

If the domain is vulnerable, dns callbacks with the vulnerable domain name is sent to the burp collaborator or interactsh address you provided.

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

Fork the Project
Create your Feature Branch (git checkout -b feature/AmazingFeature)
Commit your Changes (git commit -m 'Add some AmazingFeature')
Push to the Branch (git push origin feature/AmazingFeature)
Open a Pull Request

Contact

Acknowledgments

Stargazers over time

Open Source Agenda is not affiliated with "Log4j RCE Scanner" Project. README Source: adilsoybali/Log4j-RCE-Scanner

Stars

256

Open Issues

Last Commit

9 months ago

Repository

adilsoybali/Log4j-RCE-Scanner

License

GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/log4j-rce-scanner"><img src="https://www.opensourceagenda.com/projects/log4j-rce-scanner/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022