Thứ Ba, Tháng Tám 9, 2022
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
No Result
View All Result
Home Tech

Tool scan to find websites with error log4j

18 Tháng Mười Hai, 2021
in Tech
0
Tool scan to find websites with error log4j
591
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Các bài viết liên quan:

Download 3DVista Virtual Tour 2019

Download 3DVista Virtual Tour 2019

8 Tháng Tám, 2022
Nha Trang Stone Bridge Port

Nha Trang Stone Bridge Port

8 Tháng Tám, 2022
Taiwan is about to rehearse the anti-occupation of the island

Taiwan is about to rehearse the anti-occupation of the island

8 Tháng Tám, 2022
Instructions for using SMS OTP V3 spam tool

Instructions for using SMS OTP V3 spam tool

8 Tháng Tám, 2022
How to Do Venmo Identity Verification [2022 Guide]

How to Do Venmo Identity Verification [2022 Guide]

8 Tháng Tám, 2022
Meta disrupts cyber espionage in South Asia Facebook abuse

Meta disrupts cyber espionage in South Asia Facebook abuse

8 Tháng Tám, 2022

In this article, I will guide you to use the Log4j-scan tool, the most automatic and accurate scanning tool to find vulnerable servers. log4j.

Log4j-scan: Tool scan to find websites with error log4j

Feature

  • Supports list of URLs.
  • Fuzzing for more than 60 HTTP request headers (not just 3-4 headers like the tools have seen before).
  • Fuzzing for HTTP parameters POST Data.
  • Fuzzing for JSON parameters.
  • Support DNS callback to detect and validate security holes.
  • WAF bypass payloads.

Describe

The author has been researching Log4J RCE (CVE-2021-44228) since it was discovered and has been working to stop this vulnerability. The team has developed an open source scanning tool to detect and help developers patch the Log4J RCE CVE-2021-44228 vulnerability. This tool will be used by security teams to scan their infrastructure for Log4J RCE and also check for WAF bypasses that may lead to code execution on the project environment.
It supports instant OOB DNS callback, no need to set up DNS callback server.

Using

$ python3 log4j-scan.py -h
[•] CVE-2021-44228 - Apache Log4j RCE Scanner
[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing]
                     [--wait-time WAIT_TIME] [--waf-bypass] [--dns-callback-provider DNS_CALLBACK_PROVIDER] [--custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Check a single URL.
  -p PROXY, --proxy PROXY
                        Send requests through proxy. proxy should be specified in the format supported by requests
                        (http[s]://<proxy-ip>:<proxy-port>)
  -l USEDLIST, --list USEDLIST
                        Check a list of URLs.
  --request-type REQUEST_TYPE
                        Request Type: (get, post) - [Default: get].
  --headers-file HEADERS_FILE
                        Headers fuzzing list - [default: headers.txt].
  --run-all-tests       Run all available tests on each URL.
  --exclude-user-agent-fuzzing
                        Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
  --wait-time WAIT_TIME
                        Wait time after all URLs are processed (in seconds) - [Default: 5].
  --waf-bypass          Extend scans with WAF bypass payloads.
  --test-CVE-2021-45046
                        Test using payloads for CVE-2021-45046 (detection payloads).
  --dns-callback-provider DNS_CALLBACK_PROVIDER
                        DNS Callback provider (Options: dnslog.cn, interact.sh) - [Default: interact.sh].
  --custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST
                        Custom DNS Callback Host.
  --disable-http-redirects
                        Disable HTTP redirects. Note: HTTP redirects are useful as it allows the payloads to have higher chance of reaching vulnerable systems.

Scan Website

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a single URL using all Request methods: GET, POST (url-encoded form), POST (body JSON)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Find bypass WAF.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan list of URLs

$ python3 log4j-scan.py -l urls.txt

How to install

$ pip3 install -r requirements.txt

Docker support

git clone https://github.com/fullhunt/log4j-scan.git
cd log4j-scan
sudo docker build -t log4j-scan .
sudo docker run -it --rm log4j-scan

# With URL list "urls.txt" in current directory
docker run -it --rm -v $PWD:/data log4j-scan -l /data/urls.txt

Disclaimer

This project is made for educational and pentest purposes only. It is illegal to use log4j-scan to attack targets without the prior consent of both parties. It is your responsibility to comply with all applicable laws of the country in which you live. The developers and Anonyviet will not bear any liability or damage caused by the article or the tool.

Previous Post

Theme JNews v10.0.6 latest update

Next Post

Download progeCAD 2022 – Detailed installation instructions

Admin Natuts

Admin Natuts

Related Posts

Instructions for using SMS OTP V3 spam tool

Instructions for using SMS OTP V3 spam tool

8 Tháng Tám, 2022
How to Do Venmo Identity Verification [2022 Guide]

How to Do Venmo Identity Verification [2022 Guide]

8 Tháng Tám, 2022
Meta disrupts cyber espionage in South Asia Facebook abuse

Meta disrupts cyber espionage in South Asia Facebook abuse

8 Tháng Tám, 2022
Instructions to install Outline VPN on Ubuntu

Instructions to install Outline VPN on Ubuntu

7 Tháng Tám, 2022
What is Conhost.exe and why is it running on my computer

What is Conhost.exe and why is it running on my computer

7 Tháng Tám, 2022
How to make the background transparent in Canva

How to make the background transparent in Canva

7 Tháng Tám, 2022
Load More
Next Post
Download progeCAD 2022 – Detailed installation instructions

Download progeCAD 2022 - Detailed installation instructions

Trả lời Hủy

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Bài viết mới

Download 3DVista Virtual Tour 2019
Software

Download 3DVista Virtual Tour 2019

8 Tháng Tám, 2022
Nha Trang Stone Bridge Port
Travel

Nha Trang Stone Bridge Port

8 Tháng Tám, 2022
Taiwan is about to rehearse the anti-occupation of the island
News

Taiwan is about to rehearse the anti-occupation of the island

8 Tháng Tám, 2022
Instructions for using SMS OTP V3 spam tool
Tech

Instructions for using SMS OTP V3 spam tool

8 Tháng Tám, 2022
How to Do Venmo Identity Verification [2022 Guide]
Tech

How to Do Venmo Identity Verification [2022 Guide]

8 Tháng Tám, 2022
Meta disrupts cyber espionage in South Asia Facebook abuse
Tech

Meta disrupts cyber espionage in South Asia Facebook abuse

8 Tháng Tám, 2022
W3Schools

Ads

Contact: [email protected]

DMCA.com Protection Status

Categories

  • Android
  • Cạm bẫy tâm lí
  • Chưa được phân loại
  • Đồ họa
  • Đời sống
  • Gen Z
  • Health
  • iOS
  • Kĩ năng mềm
  • News
  • Nhà mạng
  • Phần mềm
  • Phần mềm đồ họa
  • Review sách
  • Software
  • Tech
  • Thiết kế ảnh
  • Thiết kế video
  • Thủ thuật
  • Travel
  • Văn hóa Nam Bộ
  • Văn học
  • Window

Browse by Tag

ai là triệu phú android Apple browser Bullet Journal bản thân Chỉnh ảnh data domain download du lịch fshare game game show hosting HÌNH XĂM IKEA ios khuyến mãi kinh doanh kiến thức kiểm tra pin lừa đảo messenger miễn phí mua sắm Máy ảnh mạng mồi tiềm thức network nghệ thuật nhà Trần quảng cáo review tháp phân tầng xã hội tiếng anh tiện ích Trần Thủ Độ tên miền từ vựng viettel word xã hội Đơn giản đánh bạc

Recent News

Download 3DVista Virtual Tour 2019

Download 3DVista Virtual Tour 2019

8 Tháng Tám, 2022
Nha Trang Stone Bridge Port

Nha Trang Stone Bridge Port

8 Tháng Tám, 2022

Trang tin nóng hổi - vừa thổi vừa xem

No Result
View All Result
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z

Trang tin nóng hổi - vừa thổi vừa xem