Share
## https://sploitus.com/exploit?id=29C7BC08-E823-5F76-8938-1731CFB000C0
This repository contains Nmap NSE (Network Sniffer Engine) scripts designed to check for log4shell or LogJam vulnerabilities (CVE-2021-44228) in various services. The scripts are written in Lua and are intended to be used with the Nmap network scanning tool.

The scripts are categorized into different services, including FTP, HTTP, IMAP, SMTP, and SSH, each with its own specific implementation of the log4shell attack. The scripts use various techniques to inject the log4shell payload into the services, including using DNS log servers, HTTP requests, and other methods.

The scripts are designed to be flexible and can be customized to use different payloads and settings. The scripts also include error handling and logging mechanisms to help with debugging and troubleshooting.

Some of the notable scripts in this repository include:

ftp-log4shell.nse: Performs log4shell attack against FTP servers using either LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 or NTLM authentication.
http-log4shell.nse: Requests for specific Log4j vuln and follows up to 5 HTTP redirects.
http-spider-log4shell.nse: Spiders an HTTP server looking for URLs containing queries vulnerable to an log4j injection attack.
imap