log4j-scan - Trickest Platform Documentation

Name:log4j-scan

Category:Vulnerabilities

Publisher:trickest-mhmdiaa

Created:2/5/2022

Container:quay.io/trickest/log4j-scan:ceae24f

Output Type:

License:Unknown

url

string

required

-uCheck a single URL.

url-list

file

required

-lCheck a list of URLs.

wait-time

string

--wait-timeWait time after all URLs are processed (in seconds) - [Default: 5].

waf-bypass

boolean

--waf-bypassExtend scans with WAF bypass payloads.

headers-file

file

--headers-fileHeaders fuzzing list

run-all-tests

boolean

--run-all-testsRun all available tests on each URL.

request-method

string

--request-typeRequest Type: (get, post) - [Default: get].

dns-callback-provider

string

--dns-callback-providerDNS Callback provider (Options: dnslog.cn, interact.sh) - [Default: interact.sh].

custom-dns-callback-host

string

--custom-dns-callback-hostCustom DNS Callback Host.

exclude-user-agent-fuzzing

boolean

--exclude-user-agent-fuzzingExclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.