en:vulnerability_scans:log4shell

Log4shell

On December the 9th, 2021, Apache published a severe vulnerability called Log4shell (and other Log4j-related vulnerabilities).

How to scan your services quickly, basically with log4j-scan from fullhunt, but using cisagov:

git clone https://github.com/cisagov/log4j-scanner.git
cd log4-scanner/
  • python
  • python-requests
  • python-termcolor
  • python-pycryptodome

The easiest way is to create a list of all URLs you want to check:

nano urls.txt
https://techsaviours.org
https://meet.techsaviours.org
https://searx.techsaviours.org
python log4j-scan.py -l urls.txt --waf-bypass --run-all-tests

or just a url

python log4j-scan.py -u https://techsaviours.org --waf-bypass --run-all-tests
  • en/vulnerability_scans/log4shell.txt
  • Last modified: 2022/01/08 09:43
  • (external edit)