One Stop Hub for LOG4J
Information hub for log4j vulnerability
Here is a git hub repo that I will add all valuable information for
– log4j vulnerability scanning to understand your server is Vulnerable or not
– how to patch it
– how to replicate the attack (education purpose) – how to patch it
*Read on git for latest updates
What is log4j ?
LOG4J is a open-source Java-based Apache Software used for logging services.
What is log4j Vulnerability CVE-2021-44228 ?
The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox , works on every program using the Log4j library.
wget https://raw.githubusercontent.com/anuvindhs/how-to-check-patch-secure-logj4-CVE-2021-44228/main/assets/scan.sh -q -O -| bash
Attack Surfaces / Related Softwares
|List of affected||Related Links|
|Brands||YfryTchsGD github link gives us a list of impacted services or components or manufacturers ( Apple, Tencent, Twitter, Cloudflare, Amazon, Tesla …etc)|
|Softwares||Publised by Nationaal Cyber Security Centrum , github link. (Adobe,EC2, AWS API gateway,DocumentDB, DynamoDB, Kafka, Kinesis, S3, SNS, SQS, AWS SSO, Apache Cisco, CYber ARk, Dell, FOrtinet,Fujitsu, IBM, JuniperNetworks, …….etc)|
|i have written a simple bash script to do a basic quick scan.|
|Check your Server for the Java Log4j Vulnerability ,|
Blog link , Youtube Tutorial , github link
Website Link, It comes with a web based tool to identify the affected servers CVE-2021-44228
|Performs two specific checks: HTTP headers and HTTP GET request, github link|
|log4j PowerShell Checker github Link|
|A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts, github link|
|ADIL SOYBALI||Log4j-RCE-Scanner,scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.github link|
|Bytecode Detector,scans all running java processes for vulnerable log4j files. It is NOT invasive and DOES NOT require you to stop your application. It also check, if the program includes artifacts that re-bundled or re-compiled the vulnerable log4j JARs github link|
|Created by||Lab Environment|
|& JohnHammond||Solar, exploiting log4j|
|Log4j RCE,This challenge covers the latest RCE in Log4j|