Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kitploitKitPloitKITPLOIT:1680589374755422772
HistoryJan 06, 2022 - 11:30 a.m.

Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

2022-01-0611:30:00
www.kitploit.com
547

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON

Simple Python 3 script to detect the “Log4j” Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

The script “log4j-detect.py” developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.

To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator / interactsh. This payload is sent in a test parameter and in the “User-Agent” / “Referer” / “X-Forwarded-For” / “Authentication” headers. Finally, if a host is vulnerable, an identification number will appear in the subdomain prefix of the Burp Collaborator / interactsh payload and in the output of the script, allowing to know which host has responded via DNS.

It should be noted that this script only handles DNS detection of the vulnerability and does not test remote command execution.

Downloading log4j-detect.py

wget https://github.com/takito1812/log4j-detect/raw/main/log4j-detect.py

Running log4j-detect.py

python3 log4j-detect.py <urlFile> <collaboratorPayload>

Download Log4J-Detect

Related

ibm 46
nessus 12
threatpost 33
mageia 1
f5 1
redhat 3
githubexploit 51
wallarmlab 1
metasploit 3
suse 2
ics 2
kaspersky 2
impervablog 4
rapid7blog 6
nuclei 1
openvas 6
freebsd 2
malwarebytes 2
zdt 3
packetstorm 2
thn 5
akamaiblog 1
hackerone 2
msrc 1
qualysblog 3
mscve 1
cisa 2
vmware 1
ubuntu 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in Apache log4j versions 2.0 beta 9 - 2.14 (CVE-2021-44228) in IBM Maximo Scheduler Optimization
2022-07-01 22:33:25
Security Bulletin: IBM Informix Dynamic Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
2022-01-06 21:22:41
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Archive Enterprise Edition (CVE-2021-44228)
2022-01-12 23:43:00
nessus
nessus
Debian DLA-2842-1 : apache-log4j2 - LTS security update
2021-12-13 00:00:00
openSUSE 15 Security Update : logback (openSUSE-SU-2021:1613-1)
2021-12-25 00:00:00
Cisco Unified Intelligence Center Log4j RCE
2022-05-16 00:00:00
threatpost
threatpost
NFT Investors Lose $1.7M in OpenSea Phishing Attack
2022-02-22 03:12:30
Most ServiceNow Instances Misconfigured, Exposed
2022-03-09 16:00:32
Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
2022-03-24 19:23:12
mageia
mageia
Updated log4j packages fix security vulnerability
2021-12-11 04:02:37
f5
f5
K19026212 : Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228
2021-12-10 00:00:00
redhat
redhat
(RHSA-2021:5133) Critical: Red Hat AMQ Streams 1.6.5 release and security update
2021-12-14 21:09:18
(RHSA-2022:0082) Critical: Red Hat Process Automation Manager 7.11.1 security update
2022-01-11 10:28:38
(RHSA-2021:5132) Critical: Red Hat Data Grid 8.2.2 security update
2021-12-14 20:00:47
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-18 12:42:04
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-16 20:02:09
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-11 11:18:46
wallarmlab
wallarmlab
5 things you must know about Log4Shell
2021-12-11 01:22:39
metasploit
metasploit
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
2022-07-29 17:31:15
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
2022-01-12 20:34:45
Log4Shell HTTP Scanner
2021-12-15 13:45:24
suse
suse
Security update for log4j (important)
2021-12-13 00:00:00
Security update for logback (important)
2021-12-24 00:00:00
ics
ics
Johnson Controls exacq Enterprise Manager
2021-12-23 12:00:00
Karakurt Data Extortion Group
2023-12-12 12:00:00
kaspersky
kaspersky
KLA12396 RCE vulnerability in Microsoft Developer Tools
2021-12-16 00:00:00
KLA12442 RCE vulnerability in LibreOffice
2021-12-16 00:00:00
impervablog
impervablog
2021 in Review, Part 3: 5 Things Security Professionals Were Discussing this Year
2021-12-30 13:26:47
5 Things We’ve Learned About CVE-2021-44228
2021-12-17 06:44:55
2021 in Review, Part 1: 5 Cybersecurity Topics that Made News
2021-12-28 14:08:23
rapid7blog
rapid7blog
Sharing the Gifts of Cybersecurity – Or, a Lesson From My First Year Without Santa
2022-01-03 15:00:00
Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale
2022-01-07 18:20:22
The 2021 Naughty and Nice Lists: Cybersecurity Edition
2022-01-10 14:57:53
nuclei
nuclei
Apache Log4j2 Remote Code Injection
2021-12-11 19:26:50
openvas
openvas
Fedora: Security Advisory for jansi (FEDORA-2021-66d6c484f3)
2021-12-23 00:00:00
Apache Tika Server 2.x < 2.2.0 Log4j RCE Vulnerability (Log4Shell)
2021-12-23 00:00:00
openSUSE: Security Advisory for log4j (openSUSE-SU-2021:3999-1)
2022-02-01 00:00:00
freebsd
freebsd
bastillion -- log4j vulnerability
2021-12-10 00:00:00
serviio -- affected by log4j vulnerability
2021-12-13 00:00:00
malwarebytes
malwarebytes
What SMBs can do to protect against Log4Shell attacks
2021-12-15 20:59:31
CISA Log4Shell warning: Patch VMware Horizon installations immediately
2022-06-27 09:54:58
zdt
zdt
Apache Log4j2 2.14.1 - Information Disclosure Exploit
2021-12-14 00:00:00
Intel Data Center Manager 5.1 Local Privilege Escalation Vulnerability
2022-12-10 00:00:00
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit
2022-01-20 00:00:00
packetstorm
packetstorm
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution
2022-01-20 00:00:00
AD Manager Plus 7122 Remote Code Execution
2023-04-03 00:00:00
thn
thn
Iranian Hackers Compromised a U.S. Federal Agency's Network Using Log4Shell Exploit
2022-11-17 06:22:00
China suspends deal with Alibaba for not sharing Log4j 0-day first with the government
2021-12-22 11:53:00
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
2021-12-14 11:09:00
akamaiblog
akamaiblog
CVE-2021-44228 - Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)
2021-12-10 21:00:00
hackerone
hackerone
Judge.me : Log4j RCE on https://judge.me/reviews
2021-12-15 10:30:12
Acronis: [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day
2021-12-13 23:42:16
msrc
msrc
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
2021-12-12 08:00:00
qualysblog
qualysblog
Qualys Study Reveals How Enterprises Responded to Log4Shell
2022-03-18 13:00:00
Put SecOps in the Driver’s Seat with Custom Assessment and Remediation
2022-05-20 13:00:00
Detect Exploitation Attempts With Qualys XDR (Beta)
2021-12-14 23:55:43
mscve
mscve
Apache Log4j Remote Code Execution Vulnerability
2021-12-16 08:00:00
cisa
cisa
CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities
2021-12-17 00:00:00
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
2021-12-13 00:00:00
vmware
vmware
VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
2021-12-10 00:00:00
ubuntu
ubuntu
Apache Log4j 2 vulnerability
2021-12-14 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON
Related for KITPLOIT:1680589374755422772
ibm46nessus12threatpost33mageia1f51redhat3githubexploit51wallarmlab1metasploit3suse2ics2kaspersky2impervablog4rapid7blog6nuclei1openvas6freebsd2malwarebytes2zdt3packetstorm2thn5akamaiblog1hackerone2msrc1qualysblog3mscve1cisa2vmware1ubuntu1