Softpedia >Windows >Security >Security Related >  log4j-scan
log4j-scan icon

log4j-scan

  n/a
MIT License   

A Python-based infrastructure scanner that enables you to find hosts that could be affected by the Apache Log4j RCE CVE-2021-44228 vulnerability. #Log4j scanner  #Find log4j  #Scan for log4j  #Log4j  #Scanner  #Scan  

Description

changelog

Free Download

log4j-scan screenshot

The Log4j vulnerability (CVE-2021-44228) has taken over the Internet in December 2021, as a massive, widespread security flaw had cybersecurity experts racing to find a solution. The high-risk vulnerability affects the open-source logging software provided by the Apache Software Foundation and used by some of the most popular services, games and software tools, hence the madness it generated.

As patches have already been released, financial institutions, government entities and companies worldwide are struggling to upgrade their systems to avoid potential cyber-attacks, especially since Log4j is a remote code execution (RCE) vulnerability that can be exploited to take over the control of computers or entire networks. But before addressing the issue, you have to find the workstations that are affected and that is where log4j-scan comes in.

log4j-scan is an open-source scanner and detection tool written in Python that can analyze your entire infrastructure to find hosts that are affected by the Log4j vulnerability. Designed for security experts, this Python script that can find Log4j remote code execution and discover WAF bypass payloads on the environment as well.

The scanner can scan individual URLs or lists of multiple URLs, allowing TXT files as parameters. log4j-scan facilitates fuzzing for more than 60 HTTP request headers, HTTP POST and JSON data parameters. It can scan single URLs using all the requests methods.

It provides support for DNS OOB callbacks. In other words, you don’t have to set up a DNS callback server to use it.

log4j-scan is designed for vulnerability discovery and validation, providing a quick way for security experts to find hosts affected by the Log4j vulnerability.

System requirements

What's new in log4j-scan 1.0.1:

  • Added additional 15 community-provided WAF bypass payloads (Total payloads: 23 payloads).
  • Added additional common default POST parameters.
  • Added --custom-waf-bypass-payload to add user-defined custom WAF bypass payload.
  • Fixed a minor exception when "Referer" is not set on the headers-file list.
Read the full changelog

log4j-scan 1.0.1

 add to watchlist add to download basket send us an update REPORT
PRICE: Free
  runs on:
Windows 11
Windows 10 32/64 bit
Windows 8 32/64 bit
Windows 7 32/64 bit
  file size:
5 KB
  filename:
log4j_scan.zip
  1 screenshot:
log4j-scan - log4j-scan allows you to find the Apache Log4j RCE CVE-2021-44228 vulnerability.
  main category:
Security
  developer:
  visit homepage

Microsoft Teams

Effortlessly chat, collaborate on projects, and transfer files within a business-like environment by employing this Microsoft-vetted application
Microsoft Teams

IrfanView

With support for a long list of plugins, this minimalistic utility helps you view images, as well as edit and convert them using a built-in batch mode
IrfanView

4k Video Downloader

Export your favorite YouTube videos and playlists with this intuitive, lightweight program, built to facilitate downloading clips from the popular website
4k Video Downloader

7-Zip

An intuitive application with a very good compression ratio that can help you not only create and extract archives, but also test them for errors
7-Zip

Context Menu Manager

Customize Windows’ original right-click context menu using this free, portable and open-source utility meant to enhance your workflow
Context Menu Manager

Windows Sandbox Launcher

Set up the Windows Sandbox parameters to your specific requirements, with this dedicated launcher that features advanced parametrization
Windows Sandbox Launcher

Bitdefender Antivirus Free

Feather-light and free antivirus solution from renowned developer that keeps the PC protected at all times from malware without requiring user configuration
Bitdefender Antivirus Free

Zoom Client

The official desktop client for Zoom, the popular video conferencing and collaboration tool used by millions of people worldwide
Zoom Client

ShareX

Capture your screen, create GIFs, and record videos through this versatile solution that includes various other amenities: an OCR scanner, image uploader, URL shortener, and much more
ShareX

calibre

Effortlessly keep your e-book library thoroughly organized with the help of the numerous features offered by this efficient and capable manager
calibre

% discount
Zoom Client
  • Zoom Client
  • ShareX
  • calibre
  • Microsoft Teams
  • IrfanView
  • 4k Video Downloader
  • 7-Zip
  • Context Menu Manager
  • Windows Sandbox Launcher
  • Bitdefender Antivirus Free
TRY
essentials
Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy