Log4j is an automated scanner designed to find the Apache Log4j RCE CVE-2021-44228 vulnerability.

The Apache Log4J RCE CVE-2021-4428 is a critical vulnerability that has been heavily exploited by threat actors. This Open Source detection and scanning tool can be used to scan your infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achieving code execution within the environment.

It supports DNS OOB callbacks out of the box, there is no need to set up a DNS callback server.

Log4j Features:

Support for lists of URLs.

Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).

Fuzzing for HTTP POST Data parameters.

Fuzzing for JSON data parameters.

Supports DNS callback for vulnerability discovery and validation.

WAF Bypass payloads.

Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Installation

$ pip3 install -r requirements.txt

Docker Support

git clone https://github.com/fullhunt/log4j-scan.git

cd log4j-scan

sudo docker build -t log4j-scan .

sudo docker run -it --rm log4j-scan

# With URL list "urls.txt" in current directory

docker run -it --rm -v $PWD:/data log4j-scan -l /data/urls.txt

More details can be found at the Log4j Github repository.

Similar:

What's the Best Antivirus and Is Windows Defender Good Enough?

Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus