Details

Category: Vulnerabilities

Publisher: trickest-mhmdiaa

Created Date: 2/5/2022

Container: quay.io/trickest/log4j-scan:ceae24f

Source URL: https://github.com/fullhunt/log4j-scan

Parameters

url
string
required
Command: -u - Check a single URL.
url-list
file
required
Command: -l - Check a list of URLs.
wait-time
string
Command: --wait-time - Wait time after all URLs are processed (in seconds) - [Default: 5].
waf-bypass
boolean
Command: --waf-bypass - Extend scans with WAF bypass payloads.
headers-file
file
Command: --headers-file - Headers fuzzing list
run-all-tests
boolean
Command: --run-all-tests - Run all available tests on each URL.
request-method
string
Command: --request-type - Request Type: (get, post) - [Default: get].
dns-callback-provider
string
Command: --dns-callback-provider - DNS Callback provider (Options: dnslog.cn, interact.sh) - [Default: interact.sh].
custom-dns-callback-host
string
Command: --custom-dns-callback-host - Custom DNS Callback Host.
exclude-user-agent-fuzzing
boolean
Command: --exclude-user-agent-fuzzing - Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.