Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
de:scans:log4shell [2022/09/03 00:19] – removed - external edit (Unknown date) 127.0.0.1 | de:scans:log4shell [2022/10/24 08:24] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Log4shell ====== | ||
+ | Am 9. Dezember 2021 veröffentlichte Apache eine schwerwiegende Sicherheitslücke namens [[https:// | ||
+ | |||
+ | ===== Download ===== | ||
+ | |||
+ | Wie man seine Dienste schnell scannt, grundsätzlich mit log4j-scan von fullhunt, aber unter Verwendung von cisagov: | ||
+ | < | ||
+ | git clone https:// | ||
+ | cd log4-scanner/ | ||
+ | </ | ||
+ | |||
+ | ==== Anforderungen ==== | ||
+ | |||
+ | * python | ||
+ | * python-requests | ||
+ | * python-termcolor | ||
+ | * python-pycryptodome | ||
+ | |||
+ | |||
+ | ===== URL-Liste erstellen ===== | ||
+ | |||
+ | Am einfachsten ist es, eine Liste aller URLs zu erstellen, die du überprüfen möchtest: | ||
+ | < | ||
+ | nano urls.txt | ||
+ | </ | ||
+ | < | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | </ | ||
+ | |||
+ | ===== Überprüfe deine Urls ===== | ||
+ | |||
+ | < | ||
+ | python log4j-scan.py -l urls.txt --waf-bypass --run-all-tests | ||
+ | </ | ||
+ | |||
+ | oder nur eine Url | ||
+ | |||
+ | < | ||
+ | python log4j-scan.py -u https:// | ||
+ | </ |