log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Details
Category: Vulnerabilities
Publisher: trickest-mhmdiaa
Created Date: 2/5/2022
Container: quay.io/trickest/log4j-scan:ceae24f
Source URL: https://github.com/fullhunt/log4j-scan
Parameters
url
string
requiredCommand:
-u - Check a single URL.url-list
file
requiredCommand:
-l - Check a list of URLs.wait-time
string
Command:
--wait-time - Wait time after all URLs are processed (in seconds) - [Default: 5].waf-bypass
boolean
Command:
--waf-bypass - Extend scans with WAF bypass payloads.headers-file
file
Command:
--headers-file - Headers fuzzing listrun-all-tests
boolean
Command:
--run-all-tests - Run all available tests on each URL.request-method
string
Command:
--request-type - Request Type: (get, post) - [Default: get].dns-callback-provider
string
Command:
--dns-callback-provider - DNS Callback provider (Options: dnslog.cn, interact.sh) - [Default: interact.sh].custom-dns-callback-host
string
Command:
--custom-dns-callback-host - Custom DNS Callback Host.exclude-user-agent-fuzzing
boolean
Command:
--exclude-user-agent-fuzzing - Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.