CVE-2021-44228-log4jVulnScanner-metasploit

open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

preparation POC

git clone https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit
cd CVE-2021-44228-log4jVulnScanner-metasploit
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp log4j2.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/log4j2.py
msfconsole

POC usage

use auxiliary/scanner/http/log4j2
set url <vuln url>
set dns <the self dns address or leave blank for dnslog.cn>
set request_type <GET, POST, ALL>
set headers_file <the path of http header param dictionary>

result

Reference

https://github.com/fullhunt/log4j-scan

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md
headers-large.txt		headers-large.txt
headers.txt		headers.txt
log4j2.py		log4j2.py
poc1.png		poc1.png
poc2.png		poc2.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

headers-large.txt

headers-large.txt

headers.txt

headers.txt

log4j2.py

log4j2.py

poc1.png

poc1.png

poc2.png

poc2.png

Repository files navigation

CVE-2021-44228-log4jVulnScanner-metasploit

preparation POC

POC usage

result

Reference

About

Releases

Packages

Languages

TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-44228-log4jVulnScanner-metasploit

preparation POC

POC usage

result

Reference

About

Resources

Stars

Watchers

Forks

Languages