Apache Log4j is a Java-based logging utility. The Log4j vulnerability also know as Log4Shell is tracked as CVE-2021-44228. It was disclosed last week by LunaSec researchers. It allows attackers to execute arbitrary code remotely on a target computer. Afterward an attacker can steal data, install malware or take control silently. In order to detect if your application is vulnerable to or might have silently be compromised by an attacker. To prevent any incoming attack deploy Snort or YARA rules for Log4Shell Log4j Vulnerability
log4j-scan is an a fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228. It is provided by FullHunt.io. log4j-scan can scan lists of URLs with more than 60 HTTPS request header types. It has the ability to scan in any textual type of HTTP request methods GET, POST or JSON. It supports DNS callback for vulnerability discovery and validation and WAF Bypass payloads. Download the following log4j-scan.
pip3 install -r requirements.txt #Installation
python3 log4j-scan.py -l urls.txt #Scan list of Urls
python3 log4j-scan.py -u https://log4j.instance.com --waf-bypass #WAF bypass scanning
python3 log4j-scan.py -u https://log4j.instance.com --run-all-tests #Check or everything
Log4j-scan is testing from a URL i.e. via web, if you have access to the Linux command shell you can use the following.
log4jscan by Intezer
Log4jscan is a free script file by Intezar that can scan Linux hosts for active usage of log4j (log4j-core) for the purpose of identifying potentially vulnerable versions. This scanner is designed to be lightweight, fast, require no dependencies and support containerized/K8s environments.