Your download link is at the very bottom of the page... always.



Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

Buy our over-priced crap to help keep things running.



Join our Facebook groupFollow us on TwitterFollow us on InstagramOur RSS Feed




 Home » OlderGeeks.com Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Pentesting and Vulnerability Tools » log4j-scan v1.0   
File - Download log4j-scan v1.0
Description

Always scroll to the bottom of the page for the download link.
We don't believe in fake/misleading download buttons and tricks. The link is always in the same place.



log4j-scan v1.0

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 on hosts.







Features

Support for lists of URLs.
Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
Fuzzing for HTTP POST Data parameters.
Fuzzing for JSON data parameters.
Supports DNS callback for vulnerability discovery and validation.
WAF Bypass payloads.

Description

From the authors:
We have been researching the Log4J RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability. This shall be used by security teams to scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achiving code execution on the organization's environment.

It supports DNS OOB callbacks out of the box, there is no need to setup a DNS callback server.

Usage

$ python3 log4j-scan.py -h
[•] CVE-2021-44228 - Apache Log4j RCE Scanner
[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing]
[--wait-time WAIT_TIME] [--waf-bypass] [--dns-callback-provider DNS_CALLBACK_PROVIDER] [--custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST]

optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Check a single URL.
-p PROXY, --proxy PROXY
Send requests through proxy.
-l USEDLIST, --list USEDLIST
Check a list of URLs.
--request-type REQUEST_TYPE
Request Type: (get, post) - [Default: get].
--headers-file HEADERS_FILE
Headers fuzzing list - [default: headers.txt].
--run-all-tests Run all available tests on each URL.
--exclude-user-agent-fuzzing
Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
--wait-time WAIT_TIME
Wait time after all URLs are processed (in seconds) - [Default: 5].
--waf-bypass Extend scans with WAF bypass payloads.
--dns-callback-provider DNS_CALLBACK_PROVIDER
DNS Callback provider (Options: dnslog.cn, interact.sh) - [Default: interact.sh].
--custom-dns-callback-host CUSTOM_DNS_CALLBACK_HOST
Custom DNS Callback Host.
--disable-http-redirects
Disable HTTP redirects. Note: HTTP redirects are useful as it allows the payloads to have higher chance of reaching vulnerable systems.


Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Installation

$ pip3 install -r requirements.txt

Docker Support

git clone https://github.com/fullhunt/log4j-scan.git
cd log4j-scan
sudo docker build -t log4j-scan .
sudo docker run -it --rm log4j-scan

# With URL list "urls.txt" in current directory
docker run -it --rm -v $PWD:/data log4j-scan -l /data/urls.txt

About FullHunt

FullHunt is the next-generation attack surface management platform. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities. All, in a single platform, and more.

FullHunt provides an enterprise platform for organizations. The FullHunt Enterprise Platform provides extended scanning and capabilities for customers. FullHunt Enterprise platform allows organizations to closely monitor their external attack surface, and get detailed alerts about every single change that happens. Organizations around the world use the FullHunt Enterprise Platform to solve their continuous security and external attack surface security challenges.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of log4j-scan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

License

The project is licensed under MIT License.







This download is for the log4j-scan.py (log4j-scan.zip). All other download assets are below:



Dockerfile
LICENSE.txt
headers-large.txt
headers.txt
requirements.txt






Click here to visit the author's website.
Continue below to download this file.


Downloads Views Developer Last Update Version Size Type Rank
482 1,195 Mazin Ahmed <img src="https://www.oldergeeks.com/downloads/gallery/thumbs/log4j-scan1_th.png"border="0"> Dec 15, 2021 - 12:58 1.0 42.9KB ZIP 5/5, out of 10 Votes.
File Tags
log4j-scan  v1.0  
      
Whoa! Slow down there, Speedy.
Read this and then continue to the download.

Like seeing no ads? No misleading/fake download buttons?
We like it too! This site has been kept alive for 14 years
because of people just like you who download and donate.
No one is stopping you from downloading without donating
but the site runs on the "Honor System". If your momma
raised you to be honorable, make a donation and download
'til ya turn blue. Make your momma proud!

Thank you! -Randy & Deanna (The Older Geeks)

Monthly operating costs = $725
Donations for June = $2,970
Donations over our monthly goal
are set aside for future upgrades and
handed-over to Deanna for new shoes.

Processed securely through Paypal.
No PayPal account required.
Your bank statement will read: "Home Computer Repair LLC".
This is our computer store.
Or...

Or...

Or...
Just send a check to our computer store payable to Home Computer Repair LLC.
Our address: Home Computer Repair LLC, 208 E. Water St. Mount Vernon, MO 65712

Recent Super Donors ($50+)
Thanks, Warren
Thanks, Michael
Thanks, Sherwin
Thanks, Jim

Recent Donors
Thanks, Phillip
Thanks, Stan
Thanks, John
Thanks, Steven
Thanks, Marsha
Thanks, Liz
Thanks, Graham
Thanks, Larry
Thanks, Randall
Thanks, John
Thanks, Ronald

   →→ Download Now ←← - Click to Rate File -
Like this download? Share it on Twitter →


OlderGeeks.com Copyright (c) 2022