log4j-detect
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading
The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.
To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator / interactsh. This payload is sent in a test parameter and in the "User-Agent" / "Referer" headers. Finally, if a host is vulnerable, an identification number will appear in the subdomain of the Burp Collaborator / interactsh payload and in the output of the script, allowing to know which host has responded via DNS.
It should be noted that this script only handles DNS detection of the vulnerability and does not test remote command execution.
Downloading log4j-detect.py
wget https://github.com/takito1812/log4j-detect/raw/main/log4j-detect.py
Running log4j-detect.py
python3 log4j-detect.py <urlFile> <collaboratorPayload>
0 Aug 28, 2022
3 Feb 21, 2022
14 Aug 17, 2022
2 Jul 20, 2022
53 Dec 31, 2022
0 Mar 30, 2022
82 Dec 28, 2022
39 Dec 16, 2022
224 Aug 05, 2022
10 Nov 17, 2022
13 Oct 24, 2022
329 Jan 01, 2023
5.8k Jan 07, 2023
25 Dec 06, 2022
13 Nov 09, 2022
1 Jun 30, 2022
4 Feb 22, 2022
1 Apr 07, 2022
16 Mar 24, 2022
253 Jan 05, 2023