Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
en:scans:log4shell [2022/08/25 22:02] – removed - external edit (Unknown date) 127.0.0.1 | en:scans:log4shell [2022/10/24 08:24] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Log4shell ====== | ||
+ | On December the 9th, 2021, Apache published a severe vulnerability called [[https:// | ||
+ | |||
+ | ===== Download ===== | ||
+ | |||
+ | How to scan your services quickly, basically with log4j-scan from fullhunt, but using cisagov: | ||
+ | < | ||
+ | git clone https:// | ||
+ | cd log4-scanner/ | ||
+ | </ | ||
+ | |||
+ | ==== Requirements ==== | ||
+ | |||
+ | * python | ||
+ | * python-requests | ||
+ | * python-termcolor | ||
+ | * python-pycryptodome | ||
+ | |||
+ | |||
+ | ===== Create a url list ===== | ||
+ | |||
+ | The easiest way is to create a list of all URLs you want to check: | ||
+ | < | ||
+ | nano urls.txt | ||
+ | </ | ||
+ | < | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | </ | ||
+ | |||
+ | ===== Check your urls ===== | ||
+ | |||
+ | < | ||
+ | python log4j-scan.py -l urls.txt --waf-bypass --run-all-tests | ||
+ | </ | ||
+ | |||
+ | or just a url | ||
+ | |||
+ | < | ||
+ | python log4j-scan.py -u https:// | ||
+ | </ |