en:scans:log4shell

Log4shell

On December the 9th, 2021, Apache published a severe vulnerability called Log4shell (and other Log4j-related vulnerabilities).

How to scan your services quickly, basically with log4j-scan from fullhunt, but using cisagov:

git clone https://github.com/cisagov/log4j-scanner.git
cd log4-scanner/
  • python
  • python-requests
  • python-termcolor
  • python-pycryptodome

The easiest way is to create a list of all URLs you want to check:

nano urls.txt
https://techsaviours.org
https://meet.techsaviours.org
https://searx.techsaviours.org
python log4j-scan.py -l urls.txt --waf-bypass --run-all-tests

or just a url

python log4j-scan.py -u https://techsaviours.org --waf-bypass --run-all-tests
  • en/scans/log4shell.txt
  • Last modified: 2022/08/25 22:02
  • by wcak7bhb7h