A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Related tags

Networkinglog4j-scan
Overview

log4j-scan

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

Features

  • Support for lists of URLs.
  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
  • Fuzzing for HTTP POST Data parameters.
  • Fuzzing for JSON data parameters.
  • Supports DNS callback for vulnerability discovery and validation.
  • WAF Bypass payloads.

Description

We have been researching the Log4J RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability. This shall be used by security teams to scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achiving code execution on the organization's environment.

It supports DNS OOB callbacks out of the box, there is no need to setup a DNS callback server.

Usage

$ python3 log4j-scan.py -h                                                   
[•] CVE-2021-44228 - Apache Log4j RCE Scanner
[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing] [--wait-time WAIT_TIME] [--waf-bypass]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Check a single URL.
  -l USEDLIST, --list USEDLIST
                        Check a list of URLs.
  --request-type REQUEST_TYPE
                        Request Type: (get, post) - [Default: get].
  --headers-file HEADERS_FILE
                        Headers fuzzing list - [default: headers.txt].
  --run-all-tests       Run all available tests on each URL.
  --exclude-user-agent-fuzzing
                        Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
  --wait-time WAIT_TIME
                        Wait time after all URLs are processed (in seconds) - [Default: 5].
  --waf-bypass          Extend scans with WAF bypass payloads.

Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Installation

$ pip3 install -r requirements.txt

About FullHunt

FullHunt is the next-generation attack surface management platform. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities. All, in a single platform, and more.

FullHunt provides an enterprise platform for organizations. The FullHunt Enterprise Platform provides extended scanning and capabilities for customers. FullHunt Enterprise platform allows organizations to closely monitor their external attack surface, and get detailed alerts about every single change that happens. Organizations around the world use the FullHunt Enterprise Platform to solve their continuous security and external attack surface security challenges.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of log4j-scan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

License

The project is licensed under MIT License.

Author

Mazin Ahmed

Comments
  • Error when trying to scan hosts

    Error when trying to scan hosts

    Greetings,

    I'm receiving this output when I tried to scan an specific host with log4j. This is the command that I used.

    python3 log4j-scan.py -u http://ip-address

    My python version: Python 3.8.10

    I also installed the requirements

    The error output: [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 662, in urlopen self._prepare_proxy(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 950, in _prepare_proxy conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 322, in connect self._tunnel() File "/usr/lib/python3.8/http/client.py", line 901, in _tunnel raise OSError("Tunnel connection failed: %d %s" % (code, OSError: Tunnel connection failed: 403 Forbidden

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 386, in main() File "log4j-scan.py", line 356, in main dns_callback = Interactsh() File "log4j-scan.py", line 215, in init self.register() File "log4j-scan.py", line 223, in register res = self.session.post( File "/usr/lib/python3/dist-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 510, in send raise ProxyError(e, request=request) requests.exceptions.ProxyError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    opened by alessandronva 11
  • EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). [%] Checking for Log4j RCE CVE-2021-44228. [•] URL: http://URLTOBESCANNED [•] URL: http://URLTOBESCANNED | PAYLOAD: ${jndi:ldap://[snip].interact.sh/chef93i} EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4) [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks. [•] Waiting... [•] Targets does not seem to be vulnerable.

    I try to scan an get the message in the title. it says the prxy does not respond. then it goes on to say that it scanned. so did the scan work or did it fail?

    opened by mansam-ger 10
  • Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Hi!

    I'm using the Dockerfile - as it is - from this repo.

    i tired the startparameter "-h" first: WORKS. after that, for testing i tried the startparameter "-u https://google.de" (or any other url)

    now my output looks like this:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    
    [•] Secure your External Attack Surface with FullHunt.io.
    
    [•] Initiating DNS callback server (interact.sh).
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    ConnectionResetError: [Errno 104] Connection reset by peer
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
    
        resp = conn.urlopen(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    
        retries = retries.increment(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 532, in increment
    
        raise six.reraise(type(error), error, _stacktrace)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/packages/six.py", line 769, in reraise
    
        raise value.with_traceback(tb)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/app/log4j-scan.py", line 349, in <module>
    
        main()
    
      File "/app/log4j-scan.py", line 319, in main
    
        dns_callback = Interactsh()
    
      File "/app/log4j-scan.py", line 185, in __init__
    
        self.register()
    
      File "/app/log4j-scan.py", line 193, in register
    
        res = self.session.post(
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
    
        return self.request('POST', url, data=data, json=json, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
    
        resp = self.send(prep, **send_kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
    
        r = adapter.send(request, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 498, in send
    
        raise ConnectionError(err, request=request)
    
    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    opened by NopeNix 7
  • Error DNS callback server

    Error DNS callback server

    [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/home/kali/log4j-scan/log4j-scan.py", line 335, in main() File "/home/kali/log4j-scan/log4j-scan.py", line 305, in main dns_callback = Interactsh() File "/home/kali/log4j-scan/log4j-scan.py", line 156, in init rsa = RSA.generate(2048) File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/RSA.py", line 508, in generate obj = _RSA.generate_py(bits, rf, progress_func, e) # TODO: Don't use legacy _RSA module File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc) File "/usr/local/lib/python3.9/dist-packages/Crypto/Util/number.py", line 264, in getStrongPrime return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob, File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read return _UserFriendlyRNG.read(self, bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read self._ec.collect() File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect t = time.clock() AttributeError: module 'time' has no attribute 'clock'

    opened by jagadeeshjs8895 7
  • Error initializing DNS callback server

    Error initializing DNS callback server

    [•] Initiating DNS callback server.
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    socket.timeout: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 394, in _make_request
        conn.request(method, url, **httplib_request_kw)
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 239, in request
        super(HTTPConnection, self).request(method, url, body=body, headers=headers)
      File "/usr/lib/python3.9/http/client.py", line 1285, in request
        self._send_request(method, url, body, headers, encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1331, in _send_request
        self.endheaders(body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1280, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1040, in _send_output
        self.send(msg)
      File "/usr/lib/python3.9/http/client.py", line 980, in send
        self.connect()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 205, in connect
        conn = self._new_conn()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 238, in <module>
        main()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 217, in main
        dns_callback = Dnslog()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 127, in __init__
        req = self.s.get("http://www.dnslog.cn/getdomain.php", timeout=30)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 555, in get
        return self.request('GET', url, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    
    opened by pdelteil 7
  • [EXCEPTIONS] ConnectionError

    [EXCEPTIONS] ConnectionError

    Hello, I'm facing this issue can anybody help me with this?

    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7faa56dd0c18>: Failed to establish a new connection: [Errno 111] Connection refused',))

    opened by sokobban 6
  • [•] Initiating DNS callback server (interact.sh). Error

    [•] Initiating DNS callback server (interact.sh). Error

    I've tried running the script and docker container today and I've been getting:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    TimeoutError: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
        self._validate_conn(conn)
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
        conn.connect()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 358, in connect
        conn = self._new_conn()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/app/log4j-scan.py", line 412, in <module>
        main()
      File "/app/log4j-scan.py", line 382, in main
        dns_callback = Interactsh()
      File "/app/log4j-scan.py", line 239, in __init__
        self.register()
      File "/app/log4j-scan.py", line 247, in register
        res = self.session.post(
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
        return self.request('POST', url, data=data, json=json, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    

    Is there something I'm doing wrong?

    Thank you, Pete

    opened by mirtec001 5
  • DNS callback error:

    DNS callback error: "Connection reset by peer"

    Hi, I cannot get this to work, and I don't see my issue posted. Any help would be appreciated, thank you.

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 368, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 365, in main() File "log4j-scan.py", line 335, in main dns_callback = Interactsh() File "log4j-scan.py", line 195, in init self.register() File "log4j-scan.py", line 204, in register f"https://{self.server}/register", headers=self.headers, json=data, timeout=30) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by lgaalswyk 5
  • Crypto.Cipher import AES, PKCS1_OAEP

    Crypto.Cipher import AES, PKCS1_OAEP

    File "/home/parallels/Log4j-RCE-Scanner/log4j-scan/log4j-scan.py", line 22, in from Crypto.Cipher import AES, PKCS1_OAEP ModuleNotFoundError: No module named 'Crypto'

    opened by ehsan235 5
  • AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    I'm getting this stack trace when launching with

    > python3 --version
    Python 3.9.9
    > uname -v 
    Darwin Kernel Version 19.6.0: Tue Jun 22 19:49:55 PDT 2021; root:xnu-6153.141.35~1/RELEASE_X86_64
    
    > python3 log4j-scan.py -u https://myservice.com --run-all-tests
    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 336, in <module>
        main()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 306, in main
        dns_callback = Interactsh()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 156, in __init__
        rsa = RSA.generate(2048)
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/RSA.py", line 508, in generate
        obj = _RSA.generate_py(bits, rf, progress_func, e)    # TODO: Don't use legacy _RSA module
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py
        p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Util/number.py", line 264, in getStrongPrime
        return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob,
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read
        return _UserFriendlyRNG.read(self, bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read
        self._ec.collect()
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect
        t = time.clock()
    AttributeError: module 'time' has no attribute 'clock'
    

    Seems to be due to this:

    The function time.clock() has been removed, after having been deprecated since Python 3.3: use time.perf_counter() or time.process_time() instead, depending on your requirements, to have well-defined behavior.
    
    opened by chroche 5
  • Error on a first run

    Error on a first run

    When you run command: python3 log4j-scan.py -h

    you get the error message: File "log4j-scan.py", line 132 fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}'

    opened by YanDatsiuk 4
  • Addressed issue

    Addressed issue "interact.sh server unavailable #131"

    Added '--disable-tls-to-register-dns' arg to fix communication issue with interact.sh. Also added a validation when pulling the logs in case data_list is None

    opened by hackercat3211 0
  • interact.sh server unavailable

    interact.sh server unavailable

    HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f284db3a350>: Failed to establish a new connection: [Errno 111] Connection refused'))

    opened by ademighty24 8
  • Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Add a null check before iterating in pull_logs to avoid this error:

    [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks.
    [•] Waiting...
        main()
      File "/app/log4j-scan.py", line 401, in main
        records = dns_callback.pull_logs()
      File "/app/log4j-scan.py", line 257, in pull_logs
        for i in data_list:
    TypeError: 'NoneType' object is not iterable
    
    opened by pierre42100 0
  • Syntax error in code. Please advise

    Syntax error in code. Please advise

    if "Referer" in fuzzing_headers: fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}' return fuzzing_headers

    This section of code produces a syntax error which is annoying, can you please help me fix this.

    Peter fuzzingerror

    opened by Morpheyous 1
  • requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    python3 log4j-scan.py -u https://vcenter7.******.***.**/ui/login #Local server

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 400, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3/dist-packages/six.py", line 702, in reraise raise value.with_traceback(tb) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 412, in main() File "log4j-scan.py", line 382, in main dns_callback = Interactsh() File "log4j-scan.py", line 239, in init self.register() File "log4j-scan.py", line 247, in register res = self.session.post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by GiuBravo 1
Releases(v.1.1.0)
  • v.1.1.0(Oct 20, 2022)

  • v1.0.1(Dec 25, 2021)

    • [x] Added additional 15 community-provided WAF bypass payloads (Total payloads: 23 payloads).
    • [x] Added additional common default POST parameters.
    • [x] Added --custom-waf-bypass-payload to add user-defined custom WAF bypass payload.
    • [x] Fixed a minor exception when "Referer" is not set on the headers-file list.
    • [x] Typo and PEP8 related clean-ups.
    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(Dec 25, 2021)

Owner
FullHunt
Expose Your Attack Surface
FullHunt
EchoDNS - Analyze your DNS traffic super easy, shows all requested DNS traffic

EchoDNS - Analyze your DNS traffic super easy, shows all requested DNS traffic

Oli Zimmermann 1 Jan 11, 2022
A python shell / chat bot for XMPP and cloud services

XMPP_Shell_Bot A python shell / chat bot for XMPP and cloud services, designed for penetration testers to bypass network filters. To better understand

Abdulkareem Aldeek 1 Jan 09, 2022
API Server for VoIP analysis (CDR + Audio CODECs)

Swagger generated server Overview This server was generated by the swagger-codegen project. By using the OpenAPI-Spec from a remote server, you can ea

Noor Muhammad Malik 1 Jan 11, 2022
BaseSpec is a system that performs a comparative analysis of baseband implementation and the specifications of cellular networks.

BaseSpec is a system that performs a comparative analysis of baseband implementation and the specifications of cellular networks. The key intuition of BaseSpec is that a message decoder in baseband s

SysSec Lab 35 Dec 06, 2022
Easy to use gRPC-web client in python

pyease-grpc Easy to use gRPC-web client in python Tutorial This package provides a requests like interface to make calls to gRPC-Web servers.

Sudipto Chandra 4 Dec 03, 2022
Linux SBC featuring two wifi radios, masquerading as a USB charger.

The WiFiWart is an open source WiFi penetration device masquerading as a regular wall charger. It features a 1.2Ghz Cortex A7 MPU with two WiFi chips onboard.

Walker 151 Dec 26, 2022
Tool to transfer credential files from Firefox to your local machine to decrypt offline.

Firefox-Dumper Firefox Dumper identifies the current user's Firefox profile directory and exfiltrates the credential files to the attacker's FTP serve

Joe Helle 22 Sep 10, 2022
A simple electrical network analyzer, BASED ON computer-aided design.

Electrical Network Analyzer A simple electrical network analyzer. Given the oriented graph of the electrical network (circut), BASED ON computer-aided

Ahmad Abdulrahman 4 Oct 15, 2022
Script and library to wait for a DNS authority server to get its configuration.

DNSWait dnswait is a small script to wait for the "propagation" of a namserver configuration. Installing It's as easy as: python -m pip install dnswai

Julien Palard 14 Jan 17, 2022
Public HTTPS access to Home Assistant with Dataplicity service

Custom component for public HTTPS access to Home Assistant with Dataplicity service. Should work on any Linux PC or ARM, not only Raspberry as Dataplicity service said. Don't work on Windows.

Alex X 70 Oct 03, 2022
Passive TCP/IP Fingerprinting Tool. Run this on your server and find out what Operating Systems your clients are *really* using.

Passive TCP/IP Fingerprinting This is a passive TCP/IP fingerprinting tool. Run this on your server and find out what operating systems your clients a

Nikolai Tschacher 158 Dec 20, 2022
A Python3 discord trojan, utilizing discord webhooks for sending information.

Vape-Lite-RAT A Python3 discord trojan, utilizing discord webhooks for sending information. What you do with this code / project / idea is non of my b

NightTab 12 Oct 15, 2022
Use Fast Redirect to easily redirect your domains.

Fast Redirect Use Fast Redirect to easily redirect your domains. Fast Redirects expects a JSON 'database'. This JSON 'database' contains the domains t

Cyberfusion 1 Dec 20, 2021
Py script to aid in setting up the boot chime in OpenCore.

BootChime Py script to aid in setting up the boot chime in OpenCore. It does so by helping you locate your IOHDACodecDevices, IOHDACodecAddress values

CorpNewt 7 Sep 19, 2022
Tool for ROS 2 IP Discovery + System Monitoring

Monitor the status of computers on a network using the DDS function of ROS2.

Ar-Ray 33 Apr 03, 2022
A simple python script that parses the MSFT Teams log file for the users current Teams status and then outputs the status color to a MQTT connected light.

Description A simple python script that parses the MSFT Teams log file for the users current Teams status and then outputs the status color to a MQTT

Lorentz Factr 8 Dec 16, 2022
A network address manipulation library for Python

netaddr A system-independent network address manipulation library for Python 2.7 and 3.5+. (Python 2.7 and 3.5 support is deprecated). Provides suppor

711 Jan 05, 2023
sshuttle: where transparent proxy meets VPN meets ssh

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

9.4k Jan 09, 2023
A Project to resolve hostname and receive IP

hostname-resolver A Project to resolve hostname and receive IP Installation git clone https://github.com/ihapiw/hostname-resolver.git Head into the ho

iHapiW 5 Sep 12, 2022
PetrickScanner is a simple Python OOP TCP Port Scanner

PetrickScanner PetrickScanner is a simple Python OOP TCP Port Scanner Functions Python TCP Port Scanner DNS Resolver Random Scanner PLEASE ANY PROBLEM

11 Nov 30, 2021