This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

Last update: Mar 31, 2022

Overview

f5-waf-enforce-sigs-CVE-2021-44228

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

Overview

This script enforces all signatures present in the list below related to CVE-2021-44228 across all policies in blocking mode in the Adv. WAF/ASM.

sigs = ['200104768', '200104769', '200004450', '200004451','200004474','200104770','200104771']

https://support.f5.com/csp/article/K19026212

This was tested on BIG-IP ASM/Adv.WAF v15.x but I expect this to work in v13/v14/v16 as well.

Prerequisites

Python 3.7+

The host machine needs to have connection to the BIG-IP management interface.

How to Use

usage: f5-waf-enforce-sig-CVE-2021-44228 device

positional arguments:
  device      File with IP adrresses of the target BIG-IP devices separated by line

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

60 Dec 10, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

1 Dec 15, 2021

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

431 Dec 22, 2022

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

8 Feb 27, 2022

Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be

144 Nov 19, 2022

Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

91 Dec 29, 2022

Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

16 Mar 24, 2022

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

13 Jan 4, 2022

Log4j command generator: Generate commands for CVE-2021-44228

Log4j command generator Generate commands for CVE-2021-44228. Description The vulnerability exists due to the Log4j processor's handling of log messag

1 Jan 3, 2022

Comments

One request to update matching signatures

Hi,

To improve this code, you can add required signatures in filter instead of loop on each signatures

This URL matches all staging signatures matching IDs

https:///mgmt/tm/asm/policies//signatures?$expand=signatureReference&$filter=inPolicy+eq+true+and+performStaging+eq+true+and+signature/signatureId+in('200104768','200104769','200004450','200004451','200004474','200104770','200104771')

You can replace following lines

    # enforce each signature
    for s in sigs:
        url_cve_sigs  = 'https://%s/mgmt/tm/asm/policies/%s/signatures?$expand=signatureReference&$filter=inPolicy+eq+true+and+signature/signatureId+eq+\'%s\'' % (device,policy_id,s)
        r = bigip.patch(url_cve_sigs,payload_enfor)
        print("Status code for enforcement: " + str(r.status_code))

    # enforce each signature
    url_cve_sigs  = 'https://%s/mgmt/tm/asm/policies/%s/signatures?$expand=signatureReference&$filter=inPolicy+eq+true+and+signature/signatureId+in+(\'%s\')' % (device,policy_id, "','".join(sigs))
    r = bigip.patch(url_cve_sigs,payload_enfor)
    print("Status code for enforcement: " + str(r.status_code))

opened by stanislaspiron 2

error when executing script

Hello, when i run the script, the following error message appears :

[ijjo5560@rcxxxxx1:Active:Standalone] f5-waf-enforce-sig-CVE-2021-44228-main # python f5-waf-enforce-sig-CVE-2021-44228.py device Enter your username: root Traceback (most recent call last): File "f5-waf-enforce-sig-CVE-2021-44228.py", line 123, in username = input('Enter your username: ') File "", line 1, in NameError: name 'root' is not defined

Thank you for your help

opened by endymion93 1