## https://sploitus.com/exploit?id=21B5671D-2A35-52FF-9702-380A32B96260
<h1 align="center">PY-Log4ShellScanner</h1>
<h4 align="center">A simple, one-file DNSLog server with HTTP endpoint for log retrieval</h4>
# Credit
Based on the Log4jScanner by fullhunt.io, modified with multithreading and custom DNS Callback server
# Features
- Support for lists of URLs
- Fuzzing for more than 60 HTTP request headers, with ability to add custom ones
- Fuzzing for HTTP POST Data parameters
- Fuzzing for JSON data parameters
- Multithreaded searches
- DNS Callback via self-hosted [scheibling/py-dnslogserver](https://github.com/scheibling/py-dnslogserver)
- WAF Bypass payloads
# Usage
## Preparations
```shell
pip3 install -r requirements.txt
```
## CLI
```shell
$ python3 py-log4shellscanner.py -h
[â˘] CVE-2021-44228 - Apache Log4j RCE Scanner
[â˘] Provided by https://github.com/scheibling
[â˘] Originally developed by FullHunt.io
[â˘] Version 1.0
usage: py-log4shellscanner.py [-h] -d DNSLOG_DOMAIN [-t TARGETS_FILE] [-i HEADERS_FILE] [-c CONCURRENT_REQUESTS] [--skip-waf-bypass] [-p PROXY_SERVER]
options:
-h, --help show this help message and exit
-d DNSLOG_DOMAIN, --dnslog-domain DNSLOG_DOMAIN
The DNSLog domain to use for the requests
-t TARGETS_FILE, --targets-file TARGETS_FILE
The hosts file to use for the requests (default: targets.txt)
-i HEADERS_FILE, --headers HEADERS_FILE
The file containing the headers for the requests (Default: headers.txt)
-c CONCURRENT_REQUESTS, --concurrent-requests CONCURRENT_REQUESTS
The number of concurrent requests to use (Default: 10)
-p PROXY_SERVER, --proxy-server PROXY_SERVER
Proxy server to use for the scans
--skip-waf-bypass Skip the WAF bypass payloads
```
## Examples
```shell
# Run a scan against the hosts in targets.txt with default headers and waf bypass payloads (10 concurrent requests)
python3 py-log4shellscanner.py -d dnslog.example.com -t targets.txt -c 10
# Run a scan against the hosts in targets.txt with custom headers and without waf bypass payloads (10 concurrent requests)
python3 py-log4shellscanner.py -d dnslog.example.com -t targets.txt -i custom-headers.txt -c 10 --skip-waf-bypass
# Run a scan through a proxy server with custom headers, 20 concurrent requests and with waf bypass payloads
python3 py-log4shellscanner.py -d dnslog.example.com -t targets.txt -i headers-large.txt -c 20 -p proxy.example.com
```
# Legal Disclaimer
This project is made for testing purposes only. Usage of py-dnslogserver for attacking targets without prior mutual consent could be illegal.
# License
The project is licensed under MIT License.