log4j-detect
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading
The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.
To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator / interactsh. This payload is sent in a test parameter and in the "User-Agent" / "Referer" / "X-Forwarded-For" / "Authentication" headers. Finally, if a host is vulnerable, an identification number will appear in the subdomain prefix of the Burp Collaborator / interactsh payload and in the output of the script, allowing to know which host has responded via DNS.
It should be noted that this script only handles DNS detection of the vulnerability and does not test remote command execution.
Downloading log4j-detect.py
wget https://raw.githubusercontent.com/Woahd/log4j-urlscanner/main/log4j-scanner.py
Running log4j-detect.py
python3 log4j-detect.py <urlFile> <collaboratorPayload>
4 Dec 07, 2021
5 Nov 22, 2022
17 Aug 14, 2022
10 Dec 07, 2022
93 Jan 05, 2023
9 Dec 27, 2022
9 Jun 05, 2022
3 Aug 10, 2022
25 Oct 14, 2022
6 Jul 14, 2022
39 Nov 21, 2022
150 Jan 03, 2023
1 Jan 10, 2022
2 Oct 31, 2022
2 Aug 31, 2022
1 Nov 04, 2021
5 Dec 10, 2021
28 Dec 29, 2022
12 Nov 09, 2022
9 Sep 21, 2022