log4j-detect
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading
The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.
To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator / interactsh. This payload is sent in a test parameter and in the "User-Agent" / "Referer" / "X-Forwarded-For" / "Authentication" headers. Finally, if a host is vulnerable, an identification number will appear in the subdomain prefix of the Burp Collaborator / interactsh payload and in the output of the script, allowing to know which host has responded via DNS.
It should be noted that this script only handles DNS detection of the vulnerability and does not test remote command execution.
Downloading log4j-detect.py
wget https://raw.githubusercontent.com/Woahd/log4j-urlscanner/main/log4j-scanner.py
Running log4j-detect.py
python3 log4j-detect.py <urlFile> <collaboratorPayload>
1 Nov 04, 2021
11 Dec 17, 2022
1 Nov 03, 2021
11 Sep 10, 2022
3 Feb 10, 2022
34 May 13, 2022
25 Dec 08, 2022
5 Nov 25, 2022
1 Dec 14, 2021
1 Apr 18, 2022
1 Nov 02, 2022
16 Nov 09, 2022
2 Dec 16, 2021
157 Nov 24, 2022
22 Dec 04, 2022
8.3k Jan 08, 2023
633 Dec 30, 2022
9 Nov 23, 2022
36 Dec 20, 2022
14 Jul 08, 2022