Log4Shell Exploiter is an Agent Plugin for Infection Monkey that exploits CVE-2021-44228. It affects the Apache Log4j,a Java logging framework.
The plugin will attempt to exploit the vulnerability in three service:
- Apache Solr
- Apache Tomcat
- Logstash
For more information, see the Log4Shell Exploiter Plugin documentation.
To create the resulting Log4Shell archive, follow these steps:
-
Clone the Repository
$ git clone https://github.com/guardicode/log4shell-exploiter.git $ cd log4shell-exploiter -
Install development dependencies
This project uses Poetry for managing dependencies and virtual environments, and pre-commit for managing pre-commit hooks.
$ pip install pre-commit poetry $ pre-commit install -t pre-commit $ poetry install
The test suite can be run with the following command:
poetry run pytestTo build the plugin, run the Agent Plugin Builder.
poetry run build_agent_plugin .The build tool will create Log4Shell-exploiter.tar, which can be installed in
the Monkey Island.