Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44228 PoC — Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Source
https://github.com/Gyrfalc0n/scanlist-log4j
Associated Vulnerability
Title:Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints (CVE-2021-44228)
Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Description
Simple bash script to scan multiples url for log4j vulnerability (CVE-2021-44228)
Readme
# scanlist-log4j
Simple bash script to scan multiples url for log4j vulnerability (CVE-2021-44228). This script uses the log4j scanner from **Fullhunt** : [https://github.com/fullhunt/log4j-scan](https://github.com/fullhunt/log4j-scan), and allow a better reading of results when testing multiples urls from a file.

![Image](https://github.com/Gyrfalc0n/scanlist-log4j/blob/main/Capture.PNG)

## Installation

First, install the Fullhunt `scan-log4j` repository with : 

```
git clone https://github.com/fullhunt/log4j-scan.git
cd log4j-scan
pip3 install -r requirements.txt
cd ..
```

Then install this script with : 

```
git clone https://github.com/Gyrfalc0n/scanlist-log4j.git
cd scanlist-log4j
mv *.sh ../log4j-scan
cd ../log4j-scan
```
Now you are ready to execute the script, but before that you need a file containing the urls you want to scan for log4j vulnerability. Make sure the file is readable and in the same directory of the scripts.

## Execution

Execute the script with : 

```
./scanlist-log4j.sh <url_list_file>
```
Each url to scan will be scanned simultaneously in a thread, resulting of a much faster execution time when scanning for multiples urls. Results are printed in terminal as the screen above. You always can check details in the `output.log` file.

## Check if host are up and running http/https

```
./check-domains.sh <url_list_file>
```

This script may be a bit slow, it uses `curl` to get response code from web page of urls and return if page is up.


## Modifications

`scanlist-log4j.sh` starts `scan.sh` with `scan-log4j` command for each line of file passed in first argument.

If you want to customize your command with `scan-log4j`, feel free to check the usage from the [repository](https://github.com/fullhunt/log4j-scan/blob/master/README.md#usage) and modify the `scan.sh` script which contains the command.
File Snapshot

 [4.0K]  /data/pocs/ea41360faef2ad349486106d8dd053207ceb1e0f
├── [ 67K]  Capture.PNG
├── [ 365]  check-domains.sh
├── [ 34K]  LICENSE
├── [1.8K]  README.md
├── [ 700]  scanlist-log4j.sh
└── [ 190]  scan.sh

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →