log4j-scan

The Log4j vulnerability (CVE-2021-44228) has taken over the Internet in December 2021, as a massive, widespread security flaw had cybersecurity experts racing to find a solution. The high-risk vulnerability affects the open-source logging software provided by the Apache Software Foundation and used by some of the most popular services, games and software tools, hence the madness it generated.

As patches have already been released, financial institutions, government entities and companies worldwide are struggling to upgrade their systems to avoid potential cyber-attacks, especially since Log4j is a remote code execution (RCE) vulnerability that can be exploited to take over the control of computers or entire networks. But before addressing the issue, you have to find the workstations that are affected and that is where log4j-scan comes in.

log4j-scan is an open-source scanner and detection tool written in Python that can analyze your entire infrastructure to find hosts that are affected by the Log4j vulnerability. Designed for security experts, this Python script that can find Log4j remote code execution and discover WAF bypass payloads on the environment as well.

The scanner can scan individual URLs or lists of multiple URLs, allowing TXT files as parameters. log4j-scan facilitates fuzzing for more than 60 HTTP request headers, HTTP POST and JSON data parameters. It can scan single URLs using all the requests methods.

It provides support for DNS OOB callbacks. In other words, you don’t have to set up a DNS callback server to use it.

log4j-scan is designed for vulnerability discovery and validation, providing a quick way for security experts to find hosts affected by the Log4j vulnerability.