Scanner for the log4j < 2.17.0 RCE vulnerability.
- CVE-2021-44228
- CVE-2021-45056
The scanner can interact with servers over various protocols to test for the vulnerability.
The tool runs with python 3.9<
usage: A scanner to check for the log4j vulnerability [-h] (-t TARGET | --target-list TARGET_LIST)
[-p {http,ssh,imap,smtp,socket,ftp,postgres}] [-o]
[--certificate-path CERTIFICATE_PATH] [--no-payload-domain]
[--request-path REQUEST_PATH] [-l {debug,info,error}]
[--use-localhost-bypass] [--proxy PROXY] [--generate-clientcert]
[--all-in-one] [--local-hostname LOCAL_HOSTNAME]
[--dns-callback {interact.sh,dnslog.cn} | --custom-callback CUSTOM_CALLBACK]
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
The target to check
--target-list TARGET_LIST
The target to check
-p {http,ssh,imap,smtp,socket,ftp,postgres}, --protocol {http,ssh,imap,smtp,socket,ftp,postgres}
which protocol to test
-o, --obfuscate Whether payloads should be obfuscated or not
--certificate-path CERTIFICATE_PATH
Path to a client certificate for mTLS or SSH.
--no-payload-domain Whether the original domain should be removed from the payload
--request-path REQUEST_PATH
A custom path to add to the requests
-l {debug,info,error}, --log-level {debug,info,error}
How detailed logging should be.
--use-localhost-bypass
Will use the bypass of CVE-2021-45046 in the payloads.
--dns-callback {interact.sh,dnslog.cn}
Which built-in DNS callback to use
--custom-callback CUSTOM_CALLBACK
A different callback to use. Won't be checked by the application.
HTTP Options:
--proxy PROXY A proxy URL
--generate-clientcert
Generates a client certificate.
--all-in-one Test all headers in one iteration
SMTP Options:
--local-hostname LOCAL_HOSTNAME
The localhost name to use, defaults to the hostname of the computer
Checking a HTTP endpoint
python -m log4j_scanner -t example.com
SMTP example with a check for CVE-2021-45046
python -m log4j_scanner -t example.com -p smtp --use-localhost-bypass
The following references were integrated or served as inspiration for the scanner
[1] https://github.com/fullhunt/log4j-scan
[2] https://github.com/woodpecker-appstore/log4j-payload-generator