Log4j Vulnerability Scanning & Detection Tools

We should always think if we’re using software that has the Log4j component, it could be affected. We’re sharing some useful tools for you to help detect Log4j vulnerabilities. However, we want to clarify one thing: If these tools could not find anything at the moment, it does not mean that we’re safe. All tools and systems are still updating, new CVEs are being added. So, we need to follow updates, news, and details every day.



a. log4j-scan

You can use the Log4j scanning tool to check your system. This tool is a fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228. You can download from the Github repository and install the requirements easily.


Installation: You need to clone the Github repository and install the required dependencies.


$ git clone https://github.com/fullhunt/log4j-scan



$ pip3 install -r requirements.txt



Usage: You can run your log4j-scan script now if everything works fine.


If you want to scan a single URL:


$ python3 log4j-scan.py -u <your_url>

If you want scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body):


$ python3 log4j-scan.py -u <your_url> --run-all-tests

If you want to discover WAF bypasses on your environment:


$ python3 log4j-scan.py -u <your_url> --waf-bypass

If the target is not vulnerable, log4j-scan tool output is “Targets do not seem to be vulnerable".




If the target is vulnerable, log4j-scan tool output is “[!!!] Target Affected



b. Huntress Log4Shell Vulnerability Tester

Huntress Log4Shell Vulnerability Tester tool works by generating a random unique identifier which you can use when testing input fields. If an input field or application is vulnerable, it will reach out to this website over LDAP. Our LDAP server will immediately terminate the connection, and log it for a short time.



c. BurpSuite Log4Shell Scanner

You can find a Burp Extender Plugin for Enterprise and Professional related to Log4j vulnerability. The plugin is available in the BApp Store under the name Log4Shell Scanner.



d. Others

Many companies such as Qualys, Nessus, Datto, Cloudflare which provide cybersecurity and vulnerability management services, announced that they have added plugins and controls related to this critical vulnerability. You can check all details from their knowledge base libraries.



Conclusion

In this blog post, we’ve briefly explained what Log4Shell is, why the vulnerability is important, how it can be exploited, and some remediation advice to protect ourselves against this vulnerability. We also shared different and useful tools with you, all of which are capable of scanning and detecting the vulnerability.


We hope you enjoyed it! Check out our Vulnerability Management and Penetration Testing services to stay secure!.

Comments

Post a Comment

Popular posts from this blog

OSINT Tool in Termux

Image
The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile The information includes: [ profile ] : user id, followers / following, number of uploads, profile img URL, business enum, external URL, joined Recently, etc [ tags & mentions ] : most used hashtags and mentioned accounts [ email ] : if any email is used any where it'll be displayed [ posts ] : accessability caption, location, timestamp, caption, picture url, etc ( yet not working correctly with posts instagram marks as 'sensitive cotent' ) How To Install apt update && upgrade -y Pkg install git pkg install python3 git clone https://github.com/th3unkn0n/osi.ig.git && cd osi.ig python3 -m pip install -r requirements.txt Usage python3 main.py -u username
Read more

Active Directory Ransomware Attacks

Image
    Organizations worldwide use Active Directory (AD) as their primary identity service , which makes it a top target for ransomware attacks . This article explains how adversaries exploit Active Directory during ransomware attacks and provides strategies and tools for defending against this modern menace. The two phases of a ransomware attack A common misconception about ransomware attacks is that they are quick: Someone opens an infected email attachment or inserts an infected USB device , and within minutes data across the network is encrypted and a ransom demand is displayed on every screen . The reality is quite different. Ransomware attacks today tend to be quite sophisticated and methodical . To encrypt as much sensitive information as possible and therefore maximize the chances of receiving a high payout , attackers proceed in two phases: Find an entry point — The first step is to gain a foothold in the victim organization ’s network . One common strategy is to comp...
Read more

How to perform a Man-in-the-middle (MITM) attack with Kali Linux

Image
Learn how to perform a Man in the middle attack with arpspoof, driftnet and urlsnarf in Kali Linux In this article, you will learn how to perform a MITM attack to a device that's connected in the same Wi-Fi networks as yours. Requirements This article assumes that you know what is a network interface and you know to how to work with Kali Linux and the command line. Before starting, you will need to know the name of the Network interface (installed on your machine) and the IP of the router that provides Wi-Fi access. The Network Interface Name can be easily obtained as running the ifconfig command on a terminal, then from the list copy the name of the interface that you want to use. The IP of the router can be obtained executing ip route show on a terminal and a message like "default via [This is the router IP]". From the victim, you will only need the IP (the user needs to be connected to the network provided by the router). The process of obtaining the device IP of the v...
Read more