- Support Getshell.
- Fuzzing for more than 60 HTTP request headers
- Fuzzing for HTTP POST Data parameters.
- Fuzzing for JSON data parameters.
- WAF Bypass payloads.
We have been researching the Log4J RCE (CVE-2021-44228) since it was released, and we worked in preventing this vulnerability with our customers. We are open-sourcing an open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability. This shall be used by security teams to scan their infrastructure for Log4J RCE, and also test for WAF bypasses that can result in achiving code execution on the organization's environment.
It supports DNS OOB callbacks out of the box, there is no need to setup a DNS callback server.
log4j Getshell - log4j Getshell for golang
log4j -u www.test.com
help, h Shows a list of commands or help for one command
--url value, -u value url
--help, -h show help (default: false)
--version, -v print the version (default: false)
The project is licensed under MIT License.