## https://sploitus.com/exploit?id=D02E385B-76D7-5BDB-A49C-CE858BEB0009
<h1 align="center">
<br>
log4j-detect
</h1>
<h4 align="center">Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading</h4>
---
It should be noted that this script only handles DNS detection of the vulnerability and does not test remote command execution.
The script "Py3-detect-log4j-12.2021.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.
To do so, it sends a GET request using threads (higher performance) to each of the URLs in the specified list. The GET request contains a payload that on success returns a DNS request to Burp Collaborator / interactsh. This payload is sent in a test parameter and in the "User-Agent" / "Referer" / "X-Forwarded-For" / "Authentication" headers.
Finally, if a host is vulnerable, an identification number will appear in the subdomain prefix of the Burp Collaborator / interactsh payload and in the output of the script, allowing to know which host has responded via DNS.
### Downloading Py3-detect-log4j-12.2021.py
```sh
wget https://github.com/nx6110a5100/Py3-detect-log4j-12.2021.py
```
### Running Py3-detect-log4j-12.2021.py
```sh
python3 Py3-detect-log4j-12.2021.py <urlFile> <collaboratorPayload>
```