GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → adilsoybali → Log4j-RCE-Scanner

adilsoybali / Log4j-RCE-Scanner

Licence: GPL-3.0 License
Remote command execution vulnerability scanner for Log4j.

Programming Languages

shell
77523 projects

Labels

log4jcheckerscannerrcevulnerability-scannerslog4j2cve-2021-44228log4shell

Projects that are alternatives of or similar to Log4j-RCE-Scanner

log4shelldetect
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
Stars: ✭ 40 (-80%)
Mutual labels:  log4j, scanner, vulnerability-scanners, log4j2, cve-2021-44228, log4shell
log4shell-finder
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Stars: ✭ 22 (-89%)
Mutual labels:  log4j, scanner, log4j2, cve-2021-44228, log4shell
log4jshield
Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
Stars: ✭ 13 (-93.5%)
Mutual labels:  log4j, log4j2, cve-2021-44228, log4shell
log4j-detector
Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Stars: ✭ 622 (+211%)
Mutual labels:  log4j, scanner, cve-2021-44228, log4shell
HackLog4j
《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库!Tribute to the most invincible Java logging library in the universe!
Stars: ✭ 161 (-19.5%)
Mutual labels:  log4j, log4j2, cve-2021-44228, log4shell
log4jpwn
log4j rce test environment and poc
Stars: ✭ 306 (+53%)
Mutual labels:  log4j, rce, cve-2021-44228, log4shell
Log4jPatcher
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
Stars: ✭ 43 (-78.5%)
Mutual labels:  log4j, log4j2, cve-2021-44228, log4shell
cloudrasp-log4j2
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
Stars: ✭ 105 (-47.5%)
Mutual labels:  log4j, rce, log4j2, cve-2021-44228
log4jscanwin
Log4j Vulnerability Scanner for Windows
Stars: ✭ 142 (-29%)
Mutual labels:  log4j, scanner, cve-2021-44228, log4shell
log4j-sniffer
A tool that scans archives to check for vulnerable log4j versions
Stars: ✭ 180 (-10%)
Mutual labels:  log4j, log4j2, cve-2021-44228
logmap
Log4j jndi injection fuzz tool
Stars: ✭ 60 (-70%)
Mutual labels:  log4j2, cve-2021-44228, log4shell
LogMePwn
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
Stars: ✭ 362 (+81%)
Mutual labels:  log4j, vulnerability-scanners, cve-2021-44228
nmap-log4shell
Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
Stars: ✭ 54 (-73%)
Mutual labels:  log4j, cve-2021-44228, log4shell
python-log4rce
An All-In-One Pure Python PoC for CVE-2021-44228
Stars: ✭ 179 (-10.5%)
Mutual labels:  log4j, rce, cve-2021-44228
log4j-cve-2021-44228
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
Stars: ✭ 58 (-71%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
Stars: ✭ 55 (-72.5%)
Mutual labels:  log4j, cve-2021-44228, log4shell
awesome-log4shell
An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒
Stars: ✭ 194 (-3%)
Mutual labels:  log4j, log4shell
sec-scannode
SEC分布式资产扫描系统
Stars: ✭ 8 (-96%)
Mutual labels:  scanner, vulnerability-scanners
TerminalConsoleAppender
JLine 3 appender for Log4j2, allows extending command line apps using colors and command completion
Stars: ✭ 49 (-75.5%)
Mutual labels:  log4j, log4j2
log4j-scanner
log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
Stars: ✭ 1,212 (+506%)
Mutual labels:  log4j, cve-2021-44228
View All Similar Projects ➔

Log4j-RCE-Scanner

GitHub last commit

FeatureRequirementsInstallationUsageContact

RCE scanner for Log4j

Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.

Affected versions < 2.15.0

Features

  • It can scan according to the url list you provide.
  • It can scan all of them by finding the subdomains of the domain name you give.
  • It adds the source domain as a prefix to determine from which source the incoming dns queries are coming from.

Requirements

  1. httpx
  2. curl

If you want to scan with a domain name, you must additionally install subfinder, assetfinder and amass.

Installation

  1. git clone https://github.com/adilsoybali/Log4j-RCE-Scanner.git
  2. cd Log4j-RCE-Scanner
  3. chmod +x log4j-rce-scanner.sh

Usage

./log4j-rce-scanner.sh -h

This will display help for the tool. Here are all the switches it supports.

-h, --help - Display help
-l, --url-list - List of domain/subdomain/ip to be used for scanning.
-d, --domain - The domain name to which all subdomains and itself will be checked.
-b, --burpcollabid - Burp collabrator client id address or interactsh domain address.

Example uses:
./log4j-rce-scanner.sh -l httpxsubdomains.txt -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net
./log4j-rce-scanner.sh -d adilsoybali.com -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net

Click here to go to Burp collaborator documentation page.

Click here to go to Interactsh.

If the domain is vulnerable, dns callbacks with the vulnerable domain name is sent to the burp collaborator or interactsh address you provided.

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

Contact

Email Linkedin Discord Twitter Personal Web Site

Acknowledgments

Stargazers over time

Stargazers over time

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].