Kali Linux

Log4J-Detect : Script To Detect The “Log4j” Java Library Vulnerability For A List Of URLs With Multithreading

Log4J-Detect : Script To Detect The “Log4j” Java Library Vulnerability For A List Of URLs With MultithreadingLog4J-Detect : Script To Detect The “Log4j” Java Library Vulnerability For A List Of URLs With Multithreading

Log4J-Detect is a script “log4j-detect.py” developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.

To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator / interactsh. This payload is sent in a test parameter and in the “User-Agent” / “Referer” / “X-Forwarded-For” / “Authentication” headers. Finally, if a host is vulnerable, an identification number will appear in the subdomain prefix of the Burp Collaborator / interactsh payload and in the output of the script, allowing to know which host has responded via DNS.

It should be noted that this script only handles DNS detection of the vulnerability and does not test remote command execution.

Downloading log4j-detect.py

wget https://github.com/takito1812/log4j-detect/raw/main/log4j-detect.py

Running log4j-detect.py

python3 log4j-detect.py

Download
R K

Leave a Comment
Share
Published by
R K
Tags: Java LibraryList Of URLsLog4J-DetectMultithreadingvulnerability
3 years ago

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

3 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

5 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

5 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

5 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

1 day ago