漏洞平台

POC详情： e243f6b075c6fe60f064f90f37a0ebc449cad151

来源

https://github.com/manishkanyal/log4j-scanner

关联漏洞

标题： Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述：Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

描述

A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046

介绍

# log4j-scanner
A Log4j vulnerability scanner is automated scanner to find log4j (CVE-2021-44228 and CVE_2021_45046) vulnerabilities in web applications.


# Features
1- It supports multiple URL to perform scan

2- It has payload that can bypass some WAF

3- It supports GET and POST request

4- It supports user payload and headers file

5- It fuzzes POST data parameter as well as JSON parameter

# Installing 

git clone https://github.com/manishkanyal/log4j-scanner.git

cd log4j-scanner

./log4jscan.py -h

# USAGE

Usage : ./log4jscan.py [options- URL/list_of_URL] [target_specification ] [options-custom_dns_callback_host] [id_of_custom_dns_callback_host]

optional arguments:
  -h, --help                      --->       show this help message and exit
  
  -u URL, --url URL               --->      Scan a single URL
  
  -l LIST, --list LIST            --->  Scan multiple URL from file
  
  -id CALLBACK_HOST,              --->  custom_dns_callback_host CALLBACK_HOST ---> Custom dns callback provider ID
                        
                         
  --test_cve_2021_45046            --->  Test with CVE 2021 45046 Payloads only. Using this option will not test with custom Payload  [Deafult: False]
                        
  -hf HEADER_FILE, --header_file  --->  HEADER_FILE  Path for Header file to fuzz [ Default : header.txt]
                        
  --request_type                  --->  REQUEST GET or POST type request [Default: GET]
                        
  --run_all_test                  --->    Run all possible test for LOG4j(all payloads , all requests) [Default: False]
  
  --include_wafbypass_payload     --->  To include firewall bypass payloads [Default: False]
                        
  --custom_payload_list           --->  CUSTOM_PAYLOAD Path for custom payload file.
                        

Example : ./log4jscan.py -u http://127.0.0.1:8080/ -id c9d9k5c2vtc00002me60grsw31ayyyyyb.interact.sh

# Scanning single url

./log4jscan.py -u http://127.0.0.1:8080 -id c9d9k5c2vtc00002me60grsw31ayyyyyb.interact.sh

# Scanning mulitple URL

./log4jscan.py -l URLS.txt -id c9d9k5c2vtc00002me60grsw31ayyyyyb.interact.sh

# Installing Requirements

pip3 install -r requirement.txt

文件快照


 [4.0K]  /data/pocs/e243f6b075c6fe60f064f90f37a0ebc449cad151
├── [ 943]  header
├── [ 17K]  headers-large
├── [ 11K]  log4jscan.py
├── [2.2K]  README.md
└── [  42]  requirement.txt

0 directories, 5 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。