RCE scanner for Log4j
Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.
- It can scan according to the url list you provide.
- It can scan all of them by finding the subdomains of the domain name you give.
git clone https://github.com/adilsoybali/Log4j-RCE-Scanner.git
chmod +x log4j-rce-scanner.sh
This will display help for the tool. Here are all the switches it supports.
-h, --help - Display help -l, --url-list - List of domain/subdomain/ip to be used for scanning. -d, --domain - The domain name to which all subdomains and itself will be checked. -b, --burpcollabid - Burp collabrator client id address or interactsh domain address. Example uses: ./log4j-rce-scanner.sh -l httpxsubdomains.txt -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net ./log4j-rce-scanner.sh -d adilsoybali.com -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature)
- Commit your Changes (
git commit -m 'Add some AmazingFeature')
- Push to the Branch (
git push origin feature/AmazingFeature)
- Open a Pull Request