log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Installation:
sudo git clone https://github.com/fullhunt/log4j-scan.git && cd log4j-scan && sudo chmod +x * && sudo pip3 install -r requirements.txtScan:
Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)
python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-testsDiscover WAF bypasses against the environment.
python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypassScan a list of URLs
python3 log4j-scan.py -l urls.txt