{"id":13841886,"url":"https://github.com/alexbakker/log4shell-tools","last_synced_at":"2025-04-04T20:30:32.731Z","repository":{"id":47732167,"uuid":"438034703","full_name":"alexbakker/log4shell-tools","owner":"alexbakker","description":"Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046","archived":false,"fork":false,"pushed_at":"2024-04-07T22:45:53.000Z","size":94,"stargazers_count":86,"open_issues_count":2,"forks_count":17,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-20T18:04:40.640Z","etag":null,"topics":["cve-2021-44228","cve-2021-45046","dns","jndi","ldap","log4j","log4shell"],"latest_commit_sha":null,"homepage":"https://log4shell.alexbakker.me","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alexbakker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-13T21:47:41.000Z","updated_at":"2024-10-28T07:04:55.000Z","dependencies_parsed_at":"2023-12-07T23:34:10.853Z","dependency_job_id":"985ce959-97f1-42c3-a35e-17eb258a0c1a","html_url":"https://github.com/alexbakker/log4shell-tools","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexbakker%2Flog4shell-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexbakker%2Flog4shell-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexbakker%2Flog4shell-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexbakker%2Flog4shell-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alexbakker","download_url":"https://codeload.github.com/alexbakker/log4shell-tools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247246017,"owners_count":20907723,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2021-44228","cve-2021-45046","dns","jndi","ldap","log4j","log4shell"],"created_at":"2024-08-04T17:01:23.493Z","updated_at":"2025-04-04T20:30:32.211Z","avatar_url":"https://github.com/alexbakker.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# log4shell.tools [![build](https://github.com/alexbakker/log4shell-tools/actions/workflows/build.yml/badge.svg)](https://github.com/alexbakker/log4shell-tools/actions/workflows/build.yml)\n\n__log4shell.tools__ is a tool that allows you to run a test to check whether one\nof your applications is affected by the recent vulnerabilities in log4j:\n__CVE-2021-44228__ and __CVE-2021-45046__.\n\nThis is the code that runs https://log4shell.alexbakker.me. If you'd like to inspect the\ncode or run an instance in your own environment, you've come to the right\nplace.\n\n## How does this work?\n\nThe tool generates a unique ID for you to test with. After you click start,\nwe'll generate a piece of text for you that looks similar to this:\n__${jndi:ldap://\\*.dns.log4shell.tools:12345/\\*}__. Copy it and paste it anywhere\nyou suspect it might end up getting passed through log4j. For example: search\nboxes, form fields or HTTP headers.\n\nOnce an outdated version of log4j sees this string, it will perform a DNS lookup\nto get the IP address of __\\*.dns.log4shell.tools__. If this happens, it is\nconsidered the first sign of vulnerability to information leakage. Next, it will\nattempt and LDAP search request to __log4shell.tools:12345__. The tool responds\nwith a Java class description, along with a URL for where to obtain it. Log4j\nmay even attempt to fetch the class file. The tool will return a 404 and\nconclude the test.\n\n## Screenshot\n\n\u003cimg width=\"750\" src=\"https://alexbakker.me/u/iq8qmxclfb.png\"/\u003e\n\n## Installation\n\nThe tool was tested with Go 1.16. Make sure it (or a more recent version of Go) is\ninstalled and run the following command:\n\n```\ngo install github.com/alexbakker/log4shell-tools/cmd/log4shell-tools-server\n```\n\nThe binary will be available in ``$GOPATH/bin``\n\n### Usage\n\nSince this tool compiles to a single binary, all you have to do is run it to\nstart self hosting an instance of log4shell.tools. To make it accessible by\nother machines in your network, you'll want to pass a couple of flags to stop\nthe tool from only listening on the loopback interface. If you're exposing this\nto the internet, you'll probably also want to put a reverse proxy in front of\nthe HTTP server. Ignore the DNS options for now, they're not needed for simple\ninternal deployments.\n\nFor the full list of available flags, run `log4shell-tools-server -h`:\n\n```\nUsage of ./log4shell-tools-server:\n\nThis tool only listens on 127.0.0.1 by default. Pass the flags below to customize for your environment.\n\n  -dns-a string\n    \tthe IPv4 address to respond with to any A record queries for 'dns-zone' (default \"127.0.0.1\")\n  -dns-aaaa string\n    \tthe IPv6 address to respond with to any AAAA record queries for 'dns-zone' (default \"::1\")\n  -dns-addr string\n    \tlistening address for the DNS server (default \"127.0.0.1:12346\")\n  -dns-enable\n    \tenable the DNS server\n  -dns-zone string\n    \tDNS zone that is forwarded to the tool's DNS server (example: \"dns.log4shell.tools\")\n  -http-addr string\n    \tlistening address for the HTTP server (default \"127.0.0.1:8001\")\n  -http-addr-external string\n    \taddress where the HTTP server can be reached externally (default \"127.0.0.1:8001\")\n  -ldap-addr string\n    \tlistening address for the LDAP server (default \"127.0.0.1:12345\")\n  -ldap-addr-external string\n    \taddress where the LDAP server can be reached externally (default \"127.0.0.1:12345\")\n  -ldap-http-proto string\n    \tthe HTTP protocol to use in the payload URL that the LDAP server responds with (default \"http\")\n  -storage string\n    \tstorage connection URI (either memory:// or a postgres:// URI (default \"memory://\")\n  -test-timeout int\n    \ttest timeout in minutes (default 30)\n```\n\n#### Storage\n\nThe tool uses its in-memory storage backend by default. If you need test\nresults to persist across restarts, you may want to use the Postgres backend instead.\n\n#### DNS\n\nThe DNS server is disabled by default, because its configuration options are\ncurrently very specific to the setup over at https://log4shell.alexbakker.me. Let me\nknow if you'd like to help make these more generic.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexbakker%2Flog4shell-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexbakker%2Flog4shell-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexbakker%2Flog4shell-tools/lists"}