Log4j2 intranet scan

Related tags

Security related resourceslog4j2-intranet-scan
Overview

Log4j2-intranet-scan

image-20211224164059264

⚠️ 免责声明

本项目仅面向合法授权的企业安全建设行为,在使用本项目进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权

如您在使用本项目的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任

在使用本项目前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意

除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要使用本项目

您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束

1.Features(特性)

  • 该项目是一款无须借助dnslog且完全无害的JNDI反连检测工具,解析RMILDAP协议实现,可用于甲方内网自查

  • Support for lists of URLs.

  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).

  • Fuzzing for HTTP POST Data parameters.

  • Fuzzing for JSON data parameters.

  • WAF Bypass payloads.

2.Installation(安装)

$ pip3 install -r requirements.txt

3.Usage(Jndi监听和记录)

win

JNDIScan-Windows.exe -p 8888

Linux

./JNDIScan-Linux -p 8888

Mac

./JNDIScan-Darwin -p 8888

image-20211224170134585

4.Usage(扫描)

需要配合jndi监听和记录工具使用,--server参数为 jndi监听的内网ip及端口

$ python3 log4j2-intranet-scan.py -h
usage: log4j2-intranet-scan.py [-h] [-u URL] [-p PROXY] [-l USEDLIST] [--request-type REQUEST_TYPE]
                               [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing]
                               [--wait-time WAIT_TIME] [--waf-bypass] [--test-CVE-2021-45046] [--server SERVER]
                               [--disable-http-redirects]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Check a single URL. example('http://vultest.com/test.jsp')
  -p PROXY, --proxy PROXY
                        send requests through proxy
  -l USEDLIST, --list USEDLIST
                        Check a list of URLs.
  --request-type REQUEST_TYPE
                        Request Type: (get, post) - [Default: get].
  --headers-file HEADERS_FILE
                        Headers fuzzing list - [default: headers.txt].
  --run-all-tests       Run all available tests on each URL.
  --exclude-user-agent-fuzzing
                        Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
  --wait-time WAIT_TIME
                        Wait time after all URLs are processed (in seconds) - [Default: 5].
  --waf-bypass          Extend scans with WAF bypass payloads.
  --test-CVE-2021-45046
                        Test using payloads for CVE-2021-45046 (detection payloads).
  --server SERVER       ldap_server
  --disable-http-redirects
                        Disable HTTP redirects. Note: HTTP redirects are useful as it allows the payloads to have
                        higher chance of reaching vulnerable systems.

Scan a Single URL(GET)

$ python3 log4j2-intranet-scan.py --server "192.168.130.1:8888" -u https://vultest.com/login.jsp

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j2-intranet-scan.py --server "192.168.130.1:8888" -u https://vultest.com/login.jsp --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j2-intranet-scan.py --server "192.168.130.1:8888" -u https://vultest.com/login.jsp --waf-bypass

Scan a list of URLs

$ python3  log4j2-intranet-scan.py --server "192.168.130.1:8888" -l urls.txt

5.Example(演示)

监听结果存储在当前文件夹下的result.html文件中,查看路径参数在批量扫描中可以定位到存在漏洞的uri,需要配合扫描生成的scanfile.txt中的随机路径参数使用

Single URL

image-20211224171847693

Urllist

image-20211224171753055

6.reference(参考/致谢)

站在巨人的肩膀上coding,该项目部分工具和代码来自以下两个项目

log4j-scan

JNDIScan

7.docker(靶场)

靶场环境来自雷石安全实验室

docker pull registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln
docker run -it -d -p 8080:8080 --name log4j_vuln_container registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln
docker exec -it log4j_vuln_container /bin/bash
/bin/bash /home/apache-tomcat-8.5.45/bin/startup.sh
You might also like...
Scan Site - Tools For Scanning Any Site and Get Site Information
Scan Site - Tools For Scanning Any Site and Get Site Information

Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

NumeX 5 Mar 19, 2022
Mass scan for .git repository and .env file exposure

Mass .Git repository and .Env file Scan by Scarmandef Scanner to find .env file and .git repository exposure on multiple hosts Because of the response

null 8 Jun 23, 2022
Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

null 116 Jan 8, 2023
A Tool for subdomain scan with other tools

ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. Obs: In a close future recontrac

null 15 Dec 18, 2021
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

Anontemitayo 9 Dec 30, 2022
NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains
NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel

null 8 Sep 3, 2022
This is tools hacking for scan vuln in port web, happy using
This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

XnuxersXploitXen 6 Dec 24, 2022
Um script simples de Port Scan + DNS by Hostname
Um script simples de Port Scan + DNS by Hostname

🖥 PortScan-DNS Esta é uma ferramenta simples de Port Scan + DNS by Hostname... 💻 | DNS Resolver / by Hostname: HOST IP EXTERNO IP INTERNO 💻 | Port

AlbâniaSecurity-RT 7 Dec 8, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
Owner
k3rwin
k3rwin
GitHub Repository
IPscan - This Script is Framework To automate IP process large scope For Bug Hunting

IPscan This Script is Framework To automate IP process large scope For Bug Hunti

0xd2rdir 8 Mar 12, 2022
Script Crack Facebook Premium 🚶‍♂

prem Script Crack Facebook Premium 🚶‍♂ Install Script $ pkg update && pkg update $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Dec 03, 2021
Web Scraping com Python - Raspando Vagas para Programadores

Web Scraping com Python - Raspando Vagas para Programadores Sobre o Projeto Web

Kayo Libarino 3 Dec 30, 2021
Dahua IPC/VTH/VTO devices auth bypass exploit

CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit About: The identity authentication bypass vulnerability found in some Dahua products duri

Ashish Kunwar 23 Dec 02, 2022
♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

STgazing 2 Jul 23, 2022
A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

Al Sweigart 26 Sep 04, 2022
Password Manager is a simple Python project which helps users in managing their passwords in a easier way

Password Manager is a simple Python project which helps users in managing their passwords in a easier way

Manish Jalui 4 Sep 29, 2021
web指纹识别工具

前言 一直苦于没有用的顺手的web指纹识别工具,学习前辈s7ckTeam的Glass和broken5的WebAliveScan优秀开源程序开发的轻量型web指纹工具。

EASY 966 Dec 26, 2022
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
Brute smb share - Brute force a SMB share

brute_smb_share I wrote this small PoC after bumping into SMB servers where Hydr

devloop 3 Feb 21, 2022
PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe

PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, dis

Rdimo 56 Jul 31, 2022
We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. 🕵️

Pardus Lookout We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. The application i

Ahmet Furkan DEMIR 19 Nov 18, 2022
This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

ASL IT Security 168 Nov 09, 2022
Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

Truffle Security 10.1k Jan 09, 2023
A knockoff social-engineer toolkit

The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s

48 Nov 26, 2022
使用golang重写开源工具wafw00f

GO-WAFW00F 介绍 WAFW00F是一款优秀的web应用防火墙识别开源工具:https://github.com/EnableSecurity/wafw00f 使用Golang重写的原因:Python环境配置不便利,Golang打包生成可执行文件直接运行 目前还在开发阶段,规则解析存在小问题

80 Dec 30, 2021
orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools

Urminder Singh 34 Nov 21, 2022
Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

CorrelAid Machine Learning Spring School Welcome to the CorrelAid ML Spring School! In this repository you can find the slides and other files for the

CorrelAid 12 Nov 23, 2022
DCSync - DCSync Attack from Outside using Impacket

Adding DCSync Permissions Mostly copypasta from https://github.com/tothi/rbcd-at

n00py 77 Dec 16, 2022
Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

116 Jan 08, 2023