en:scans:log4shell

Log4shell

On December the 9th, 2021, Apache published a severe vulnerability called Log4shell (and other Log4j-related vulnerabilities).

Download

How to scan your services quickly, basically with log4j-scan from fullhunt, but using cisagov: 

git clone https://github.com/cisagov/log4j-scanner.git
cd log4-scanner/

Requirements

  • python
  • python-requests
  • python-termcolor
  • python-pycryptodome

Create a url list

The easiest way is to create a list of all URLs you want to check: 

nano urls.txt
https://techsaviours.org
https://meet.techsaviours.org
https://searx.techsaviours.org

Check your urls

python log4j-scan.py -l urls.txt --waf-bypass --run-all-tests

or just a url 

python log4j-scan.py -u https://techsaviours.org --waf-bypass --run-all-tests
  • en/scans/log4shell.txt
  • Last modified: 2022/10/24 08:24
  • by 127.0.0.1