{"id":13846026,"url":"https://github.com/adilsoybali/Log4j-RCE-Scanner","last_synced_at":"2025-07-12T03:33:34.947Z","repository":{"id":37743970,"uuid":"437320867","full_name":"adilsoybali/Log4j-RCE-Scanner","owner":"adilsoybali","description":"Remote command execution vulnerability scanner for Log4j.","archived":false,"fork":false,"pushed_at":"2023-08-01T22:05:20.000Z","size":42,"stargazers_count":254,"open_issues_count":0,"forks_count":55,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-08-05T17:45:32.433Z","etag":null,"topics":["checker","cve-2021-44228","log4j","log4j2","log4shell","rce","scanner","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adilsoybali.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-12-11T15:38:31.000Z","updated_at":"2024-07-24T10:28:17.000Z","dependencies_parsed_at":"2024-02-21T10:58:40.673Z","dependency_job_id":null,"html_url":"https://github.com/adilsoybali/Log4j-RCE-Scanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adilsoybali%2FLog4j-RCE-Scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adilsoybali%2FLog4j-RCE-Scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adilsoybali%2FLog4j-RCE-Scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adilsoybali%2FLog4j-RCE-Scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adilsoybali","download_url":"https://codeload.github.com/adilsoybali/Log4j-RCE-Scanner/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791514,"owners_count":17524799,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checker","cve-2021-44228","log4j","log4j2","log4shell","rce","scanner","vulnerability-scanners"],"created_at":"2024-08-04T17:04:17.833Z","updated_at":"2024-11-21T19:31:03.908Z","avatar_url":"https://github.com/adilsoybali.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"https://i.ibb.co/d628X2Z/logo.png\" alt=\"Log4j-RCE-Scanner\" width=\"50%\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner/\"\u003e\u003cimg src=\"https://img.shields.io/badge/release-v2-brightgreen?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/adilsoybali/Log4j-RCE-Scanner.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner/network/members\"\u003e\u003cimg src=\"https://img.shields.io/github/forks/adilsoybali/Log4j-RCE-Scanner?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/adilsoybali/Log4j-RCE-Scanner.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner/\"\u003e\u003cimg src=\"https://img.shields.io/github/repo-size/adilsoybali/Log4j-RCE-Scanner.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/adilsoybali/Log4j-RCE-Scanner.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner/commits/main\"\u003e\u003cimg alt=\"GitHub last commit\" src=\"https://img.shields.io/github/last-commit/adilsoybali/Log4j-RCE-Scanner\"\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner#Features\"\u003eFeature\u003c/a\u003e •\n  \u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner#Requirements\"\u003eRequirements\u003c/a\u003e •\n  \u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner#Installation\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner#Usage\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner#Contact\"\u003eContact\u003c/a\u003e\n\u003c/p\u003e\n\n---\n      \n# RCE scanner for Log4j\nUsing this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.\n\u003e [Affected versions \u003c 2.15.0](https://logging.apache.org/log4j/2.x/security.html)\n## Features\n- It can scan according to the url list you provide.\n- It can scan all of them by finding the subdomains of the domain name you give.\n- It adds the source domain as a prefix to determine from which source the incoming dns queries are coming from.\n## Requirements\n1. [httpx](https://github.com/projectdiscovery/httpx)\n2. [curl](https://curl.se/download.html)\n\u003e If you want to scan with a domain name, you must additionally install [subfinder](https://github.com/projectdiscovery/subfinder), [assetfinder](https://github.com/tomnomnom/assetfinder) and [amass](https://github.com/OWASP/Amass).\n## Installation\n 1. `git clone https://github.com/adilsoybali/Log4j-RCE-Scanner.git`\n 2. `cd Log4j-RCE-Scanner`\n 3. `chmod +x log4j-rce-scanner.sh`\n \n \n\u003ca href=\"https://github.com/adilsoybali/Log4j-RCE-Scanner#Installation\"\u003e\u003cimg src=\"https://i.ibb.co/dkxsydt/Log4j-RCEScanner.png\"\u003e\u003c/a\u003e\n## Usage\n\n    ./log4j-rce-scanner.sh -h\n\nThis will display help for the tool. Here are all the switches it supports.\n\n\n    -h, --help - Display help\n    -l, --url-list - List of domain/subdomain/ip to be used for scanning.\n    -d, --domain - The domain name to which all subdomains and itself will be checked.\n    -b, --burpcollabid - Burp collabrator client id address or interactsh domain address.\n    \n    Example uses:\n    ./log4j-rce-scanner.sh -l httpxsubdomains.txt -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net\n    ./log4j-rce-scanner.sh -d adilsoybali.com -b yrt45r4sjyoj19617jem5briio3cs.burpcollaborator.net\n\n[Click here to go to Burp collaborator documentation page.](https://portswigger.net/burp/documentation/collaborator)\n\n[Click here to go to Interactsh.](https://app.interactsh.com/#/)\n\n\u003e If the domain is vulnerable, dns callbacks with the vulnerable domain name is sent to the burp collaborator or interactsh address you provided.\n\n## Contributing\n\nContributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are  **greatly appreciated**.\n\nIf you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag \"enhancement\". Don't forget to give the project a star! Thanks again!\n\n1.  Fork the Project\n2.  Create your Feature Branch (`git checkout -b feature/AmazingFeature`)\n3.  Commit your Changes (`git commit -m 'Add some AmazingFeature'`)\n4.  Push to the Branch (`git push origin feature/AmazingFeature`)\n5.  Open a Pull Request\n\n## Contact\n\n\u003cp\u003e\n\u003ca href=\"mailto:info@adilsoybali.com\" target=\"_blank\"\u003e\u003cimg align=\"center\" src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026message=Email\u0026color=EA4335\u0026logo=Gmail\u0026logoColor=FFFFFF\u0026label=\" alt=\"Email\" /\u003e\u003c/a\u003e\n\u003ca href=\"https://linkedin.com/in/adilsoybali\" target=\"_blank\"\u003e\u003cimg align=\"center\" src=\"https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge\u0026logo=linkedin\u0026logoColor=white\" alt=\"Linkedin\" /\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.com/channels/@AdilSoybali#0044\" target=\"_blank\"\u003e\u003cimg align=\"center\" src=\"https://img.shields.io/badge/Discord-7289DA?style=for-the-badge\u0026logo=discord\u0026logoColor=white\" alt=\"Discord\" /\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/adilsoybali\" target=\"_blank\"\u003e\u003cimg align=\"center\" src=\"https://img.shields.io/badge/Twitter-1DA1F2?style=for-the-badge\u0026logo=twitter\u0026logoColor=white\" alt=\"Twitter\" /\u003e\u003c/a\u003e\n\u003ca href=\"https://adilsoybali.com/#contact\" target=\"_blank\"\u003e\u003cimg align=\"center\" src=\"https://img.shields.io/badge/adilsoybali.com-448cec?style=for-the-badge\u0026logo=koding\u0026logoColor=white\" alt=\"Personal Web Site\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Acknowledgments\n\n-   [LunaSec](https://www.lunasec.io/docs/blog/log4j-zero-day/)\n-   [Zsolt Háló](https://github.com/zsolt-halo)\n\n## Stargazers over time\n\n[![Stargazers over time](https://starchart.cc/adilsoybali/Log4j-RCE-Scanner.svg?)](https://starchart.cc/adilsoybali/Log4j-RCE-Scanner)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadilsoybali%2FLog4j-RCE-Scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadilsoybali%2FLog4j-RCE-Scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadilsoybali%2FLog4j-RCE-Scanner/lists"}