Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Remote command execution vulnerability scanner for Log4j.

License

NotificationsYou must be signed in to change notification settings

adilsoybali/Log4j-RCE-Scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Log4j-RCE-Scanner

GitHub last commit

FeatureRequirementsInstallationUsageContact

RCE scanner for Log4j

Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.

Affected versions < 2.15.0

Features

  • It can scan according to the url list you provide.
  • It can scan all of them by finding the subdomains of the domain name you give.
  • It adds the source domain as a prefix to determine from which source the incoming dns queries are coming from.

Requirements

  1. httpx
  2. curl

If you want to scan with a domain name, you must additionally installsubfinder,assetfinder andamass.

Installation

  1. git clone https://github.com/adilsoybali/Log4j-RCE-Scanner.git
  2. cd Log4j-RCE-Scanner
  3. chmod +x log4j-rce-scanner.sh

Usage

./log4j-rce-scanner.sh -h

This will display help for the tool. Here are all the switches it supports.

-h, --help - Display help-l, --url-list - List of domain/subdomain/ip to be used for scanning.-d, --domain - The domain name to which all subdomains and itself will be checked.-b, --burpcollabid - Burp collabrator client id address or interactsh domain address.Example uses:./log4j-rce-scanner.sh -l httpxsubdomains.txt -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net./log4j-rce-scanner.sh -d adilsoybali.com -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net

Click here to go to Burp collaborator documentation page.

Click here to go to Interactsh.

If the domain is vulnerable, dns callbacks with the vulnerable domain name is sent to the burp collaborator or interactsh address you provided.

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make aregreatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

Contact

EmailLinkedinDiscordTwitterPersonal Web Site

Acknowledgments

Stargazers over time

Stargazers over time

About

Remote command execution vulnerability scanner for Log4j.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors3

  •  
  •  
  •  

Languages

[8]ページ先頭
©2009-2026 Movatter.jp