en:scans:log4shell

Log4shell

On December the 9th, 2021, Apache published a severe vulnerability called Log4shell (and other Log4j-related vulnerabilities).

Download

How to scan your services quickly, basically with log4j-scan from fullhunt, but using cisagov: 

git clone https://github.com/cisagov/log4j-scanner.git
cd log4-scanner/

Requirements

  • python
  • python-requests
  • python-termcolor
  • python-pycryptodome

Create a url list

The easiest way is to create a list of all URLs you want to check: 

nano urls.txt
https://digitalprivacy.diy
https://meet.digitalprivacy.diy
https://searx.digitalprivacy.diy

Check your urls

python log4j-scan.py -l urls.txt --waf-bypass --run-all-tests

or just a url 

python log4j-scan.py -u https://digitalprivacy.diy --waf-bypass --run-all-tests
  • en/scans/log4shell.txt
  • Last modified: 2024/06/05 02:40
  • by 127.0.0.1