Log4J – Resources

Log4J – Resources

Mark December 17, 2021

Python Pre Req

Most of the tools are created in Python3 and you will need to have the following prereqs: –

  1. Update Kali – sudo apt update
  2. Install python3 – sudo apt install python3-pip

Fullhunt/log4j-scan

https://github.com/fullhunt/log4j-scan

Install

From a terminal –

  1. cd /opt/
  2. git clone https://github.com/fullhunt/log4j-scan.git
  3. cd ./log4j-scan
  4. pip3 install -r requirements.txt

Usage

Note – You need to be in the “/opt/log4j-scan

Single URL Scan – python3 log4j-scan.py -u https://log4j.lab.secbot.local

WAF Bypass – python3 log4j-scan.py -u https://log4j.lab.secbot.local –waf-bypass

Scan a list of URL – python3 log4j-scan.py -l urls.txt