log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Details
Category: Vulnerabilities
Publisher: trickest-mhmdiaa
Created Date: 2/5/2022
Container: quay.io/trickest/log4j-scan:ceae24f
Source URL: https://github.com/fullhunt/log4j-scan
Parameters
Command:
-u
- Check a single URL.Command:
-l
- Check a list of URLs.Command:
--wait-time
- Wait time after all URLs are processed (in seconds) - [Default: 5].Command:
--waf-bypass
- Extend scans with WAF bypass payloads.Command:
--headers-file
- Headers fuzzing listCommand:
--run-all-tests
- Run all available tests on each URL.Command:
--request-type
- Request Type: (get, post) - [Default: get].Command:
--dns-callback-provider
- DNS Callback provider (Options: dnslog.cn, interact.sh) - [Default: interact.sh].Command:
--custom-dns-callback-host
- Custom DNS Callback Host.Command:
--exclude-user-agent-fuzzing
- Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.