An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

Overview

Log4JHunt

An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability.

Video demo:

video

Usage

Here the help usage:

$ python3 log4jhunt.py

          +--------------+
              Log4JHunt
          +--------------+

[+] Log4jHunt by RedHunt Labs - A Modern Attack Surface (ASM) Management Company
[+] Author: Pinaki Mondal (RHL Research Team)
[+] Continuously Track Your Attack Surface using https://redhuntlabs.com/nvadr.

[-] You have to supply at least a single host to scan!

usage: log4jhunt.py [-h] [-u URL] [-f FILE] [-d DELAY] [-t TIMEOUT] [-T TOKEN] [-E EMAIL] [-W WEBHOOK] [-S SERVER] [-ua USERAGENT] [-m METHOD] [-H HEADERS] [-p PROXY]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL to probe for the vulnerability.
  -f FILE, --file FILE  Specify a file containing list of hosts to scan.
  -d DELAY, --delay DELAY
                        Delay in-between two concurrent requests.
  -t TIMEOUT, --timeout TIMEOUT
                        Scan timeout for a single host.
  -T TOKEN, --token TOKEN
                        Canary token to use in payloads for scanning.
  -E EMAIL, --email EMAIL
                        Email to receive notifications.
  -W WEBHOOK, --webhook WEBHOOK
                        Webhook URL to receive notifications.
  -S SERVER, --server SERVER
                        Custom DNS callback server for receiving notifications.
  -ua USERAGENT, --user-agent USERAGENT
                        Custom user agent string to use for requests.
  -m METHOD, --methods METHOD
                        Comma separated list of HTTP Method to use
  -H HEADERS, --headers HEADERS
                        Comma separated list of custom HTTP headers to use.
  -p PROXY, --proxy PROXY
                        HTTP proxy to use (if any).

Getting a token

The tool makes use of Log4Shell tokens from Canary Tokens. The tool has capability to automatically generate tokens, if the values of the token (--token) and server (--server) are empty.

Once the token is generated, the token and the auth value are written to a file called canary-token.json.

Targets specification

You can specify the targets in two modes:

  • Scan a single URL:
    ./log4jhunt.py -u 1.2.3.4:8080 ...
    
  • Use a file to specify a list of targets:
    ./log4jhunt.py -f targets.txt ...
    

Specifying notification channels

There are two ways in which you can receive notification channels:

  • email (--email) -- service provided by Canarytokens.
  • webhook (--webhook) -- service provided by Canarytokens.
  • custom server (--server) -- you own custom DNS callback server.

Once the tool finds a vulnerable server, notifications would be relayed back to your preferred communication channel.

Sending requests

  • You can customize the HTTP methods using --methods.
  • A custom set of HTTP headers can be specified via --headers respectively.
  • A custom user agent can be specified using --user-agent header.
  • You can specfy a custom timeout value using --timeout.
  • You can specify custom proxies to use in HTTP requests via --proxy.

Specifying delay

Since a lot of HTTP requests are involved, it might be a cumbersome job for the remote host to handle the requests. The --delay parameter is here to help you with those cases. You can specify a delay value in seconds -- which will be used be used in between two subsequent requests to the same port on a server.

More details around the Log4J

We have covered more details around Log4j Vulnerability in our Blog.

License & Version

The tool is licensed under the MIT license. See LICENSE.

Currently the tool is at v0.1.

Credits

The Research Team at RedHunt Labs would like to thank Thinkst Canary for the awesome Canary Token Project.

To know more about our Attack Surface Management platform, check out NVADR.

You might also like...
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

IP Denial of Service Vulnerability
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536

CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22

A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

log4shell-poc-py POC for detecting the Log4Shell (Log4J RCE) vulnerability. Run on a system with python3 python3 log4shell-poc.py pathToTargetFile

POC for detecting the Log4Shell (Log4J RCE) vulnerability
POC for detecting the Log4Shell (Log4J RCE) vulnerability

Interactsh An OOB interaction gathering server and client library Features • Usage • Interactsh Client • Interactsh Server • Interactsh Integration •

A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

Releases(v0.1)
  • v0.1(Dec 16, 2021)

    Initial release of Log4JHunt is out!

    Features include:

    • automatic canarytoken generation with just email / webhook.
    • custom DNS server support.
    • multiple HTTP methods and HTTP body fuzzing.

    For more details, check out the README!

    Source code(tar.gz)
    Source code(zip)
Owner
RedHunt Labs
Discover and Assess your Attack Surface. To know more about our asset discovery and perimeter security offering, check out https://redhuntlabs.com/nvadr
RedHunt Labs
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

Herwono W. Wijaya 130 Dec 15, 2022
An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

null 2 Dec 16, 2021
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

null 60 Dec 10, 2022
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022
Log4Shell Proof of Concept (CVE-2021-44228)

CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She

Kr0ff 3 Jul 23, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 187 Jan 3, 2023
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Mitiga 13 Jan 4, 2022
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin

koz 1.5k Jan 4, 2023