An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

Related tags

Security related resourcesLog4JHunt
Overview

Log4JHunt

An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability.

Video demo:

video

Usage

Here the help usage:

$ python3 log4jhunt.py

          +--------------+
              Log4JHunt
          +--------------+

[+] Log4jHunt by RedHunt Labs - A Modern Attack Surface (ASM) Management Company
[+] Author: Pinaki Mondal (RHL Research Team)
[+] Continuously Track Your Attack Surface using https://redhuntlabs.com/nvadr.

[-] You have to supply at least a single host to scan!

usage: log4jhunt.py [-h] [-u URL] [-f FILE] [-d DELAY] [-t TIMEOUT] [-T TOKEN] [-E EMAIL] [-W WEBHOOK] [-S SERVER] [-ua USERAGENT] [-m METHOD] [-H HEADERS] [-p PROXY]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL to probe for the vulnerability.
  -f FILE, --file FILE  Specify a file containing list of hosts to scan.
  -d DELAY, --delay DELAY
                        Delay in-between two concurrent requests.
  -t TIMEOUT, --timeout TIMEOUT
                        Scan timeout for a single host.
  -T TOKEN, --token TOKEN
                        Canary token to use in payloads for scanning.
  -E EMAIL, --email EMAIL
                        Email to receive notifications.
  -W WEBHOOK, --webhook WEBHOOK
                        Webhook URL to receive notifications.
  -S SERVER, --server SERVER
                        Custom DNS callback server for receiving notifications.
  -ua USERAGENT, --user-agent USERAGENT
                        Custom user agent string to use for requests.
  -m METHOD, --methods METHOD
                        Comma separated list of HTTP Method to use
  -H HEADERS, --headers HEADERS
                        Comma separated list of custom HTTP headers to use.
  -p PROXY, --proxy PROXY
                        HTTP proxy to use (if any).

Getting a token

The tool makes use of Log4Shell tokens from Canary Tokens. The tool has capability to automatically generate tokens, if the values of the token (--token) and server (--server) are empty.

Once the token is generated, the token and the auth value are written to a file called canary-token.json.

Targets specification

You can specify the targets in two modes:

  • Scan a single URL: 
    ./log4jhunt.py -u 1.2.3.4:8080 ...
  • Use a file to specify a list of targets: 
    ./log4jhunt.py -f targets.txt ...

Specifying notification channels

There are two ways in which you can receive notification channels:

  • email (--email) -- service provided by Canarytokens.
  • webhook (--webhook) -- service provided by Canarytokens.
  • custom server (--server) -- you own custom DNS callback server.

Once the tool finds a vulnerable server, notifications would be relayed back to your preferred communication channel.

Sending requests

  • You can customize the HTTP methods using --methods.
  • A custom set of HTTP headers can be specified via --headers respectively.
  • A custom user agent can be specified using --user-agent header.
  • You can specfy a custom timeout value using --timeout.
  • You can specify custom proxies to use in HTTP requests via --proxy.

Specifying delay

Since a lot of HTTP requests are involved, it might be a cumbersome job for the remote host to handle the requests. The --delay parameter is here to help you with those cases. You can specify a delay value in seconds -- which will be used be used in between two subsequent requests to the same port on a server.

More details around the Log4J

We have covered more details around Log4j Vulnerability in our Blog.

License & Version

The tool is licensed under the MIT license. See LICENSE.

Currently the tool is at v0.1.

Credits

The Research Team at RedHunt Labs would like to thank Thinkst Canary for the awesome Canary Token Project.

To know more about our Attack Surface Management platform, check out NVADR.

You might also like...
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

Taroballz 7 Nov 9, 2022
A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

Isuru Umayanga 7 Aug 6, 2022
IP Denial of Service Vulnerability
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Carry 1 Nov 25, 2021
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Nano 108 Dec 4, 2021
CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536

CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22

antx 49 Nov 9, 2022
A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a

Evan J. Markowitz 4 Dec 23, 2021
POC for detecting the Log4Shell (Log4J RCE) vulnerability.

log4shell-poc-py POC for detecting the Log4Shell (Log4J RCE) vulnerability. Run on a system with python3 python3 log4shell-poc.py pathToTargetFile

BCC Risk Advisory 2 Dec 22, 2021
POC for detecting the Log4Shell (Log4J RCE) vulnerability
POC for detecting the Log4Shell (Log4J RCE) vulnerability

Interactsh An OOB interaction gathering server and client library Features • Usage • Interactsh Client • Interactsh Server • Interactsh Integration •

ProjectDiscovery 2.1k Jan 8, 2023
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

X-Force Red 26 Mar 15, 2022
Releases(v0.1)

  • v0.1(Dec 16, 2021)

    Initial release of Log4JHunt is out!

    Features include:

    • automatic canarytoken generation with just email / webhook.
    • custom DNS server support.
    • multiple HTTP methods and HTTP body fuzzing.

    For more details, check out the README!

    Source code(tar.gz)
    Source code(zip)
Owner
RedHunt Labs
Discover and Assess your Attack Surface. To know more about our asset discovery and perimeter security offering, check out https://redhuntlabs.com/nvadr
RedHunt Labs
GitHub Repository
An open-source post-exploitation framework for students, researchers and developers.

Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope

dvm 8.1k Dec 31, 2022
labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface

labsecurity labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface. Warning

Dylan Meca 16 Dec 08, 2022
宝塔面板Windows版提权方法

宝塔面板Windows提权方法 本项目整理一些宝塔特性,可以在无漏洞的情况下利用这些特性来增加提权的机会。

298 Dec 14, 2022
A set of blender assets created for the $yb NFT project.

fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on

Pedro Arroyo 1 May 06, 2022
Salesforce Recon and Exploitation Toolkit

Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/

81 Dec 23, 2022
Simplify getting and using cookies from the browser to use in Python.

CookieCache Simplify getting and using cookies from the browser to use in Python. NOTE: All the logic to interface with the browsers is done by the Br

pat_h/to/file 2 May 06, 2022
Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

Liam 3 Jan 28, 2022
Phishing-Crack tools to punish friends

Phishing-Crack Phishing Tool Version 1.0.0 Created By temirovazat A Phishing Tool With PHP and Python3 Features Fake Instagram Phishing Page Fake Face

3 Oct 04, 2022
This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

XnuxersXploitXen 6 Dec 24, 2022
OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238. It generates and validates OTPs based

1 Nov 15, 2021
A Telegram Bot to force users to join a specific channel before sending messages in a group.

Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo

Mr. Dynamic 1 Jan 27, 2022
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
MongoDB-Injection - This challenge-script is custom-made for web-server running MongoDB which is vulnerable to No-SQL injection

MongoDB-Injection Cheesy Multi-threaded script for NoSQL Injection This challeng

Caretaker 2 Jun 06, 2022
A security system to warn you when people enter your room 🎥

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
Script Crack Facebook Elite 🚶‍♂

elite Script Crack Facebook Elite 🚶‍♂ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Jan 02, 2022
Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.

Midas ELF64 Injector Description Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary. All you n

midas 20 Dec 24, 2022
Dark-Fb No Login 100% safe

Dark-Fb No Login 100% safe TERMUX • pkg install python2 && git -y • pip2 install requests mechanize tqdm • git clone https://github.com/BOT-033/Sensei

Bukan Hamkel 1 Dec 04, 2021
A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl

2 Nov 20, 2021
Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

SecurityJon 25 May 10, 2022
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Pupy Installation Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to u

7.4k Jan 04, 2023