-
Notifications
You must be signed in to change notification settings - Fork 53
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' of github.com:0xinfection/logmepwn
- Loading branch information
Showing
1 changed file
with
13 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,8 @@ | ||
| # Logs2Pwn | ||
| # LogMePwn | ||
| A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. With enough amount of hardware and threads, it is capable of scanning the entire internet within a day. | ||
|
|
||
|  | ||
|
|
||
| ## How it works? | ||
| LogMePwn works by making use of [Canary Tokens](https://canarytokens.org), which in-turn provides email and webhook notifications to your preferred communication channel. If you have a custom callback server, you can definitely use it too! | ||
|
|
||
|
|
@@ -104,19 +106,27 @@ To demo the scanner, I make use of a vulnerable setup from [@christophetd](https | |
| ```groovy | ||
| docker run -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app | ||
| ``` | ||
| Then I run the tool: | ||
|  | ||
|
|
||
| Then I run the tool against the setup: | ||
| ```groovy | ||
| ./lmp -email [email protected] 127.0.0.1:8080 | ||
| ``` | ||
|  | ||
|
|
||
| Which immediately triggered a few DNS lookups visible on the token history page as well as my email: | ||
|
|
||
| <img src="https://user-images.githubusercontent.com/39941993/146039240-0d34e4d8-284f-4377-bde3-ea13f9f7f5eb.png" width=49% /> <img src="https://user-images.githubusercontent.com/39941993/146039600-ab2a71b1-ec92-4cef-bae4-f3f46dc2ffd6.png" width=49% /> | ||
|
|
||
| ## Ideas & future roadmap | ||
| - [ ] Built-in capability to spin up a custom DNS callback server. | ||
| - [ ] Ability to identify all probable input fields by observing a basic HTTP response. | ||
| - [ ] Obfuscation payload generation. | ||
|
|
||
| ## License & Version | ||
| The tool is licensed under the GNU GPLv3. LogMePwn is currently at v1.0. | ||
|
|
||
| ## Credits | ||
| Shoutout to the team at [Thinkst Canary](https://canary.tools/) for their amazing Canary Tokens project. | ||
|
|
||
| > Crafted with ♡ by [Pinaki (@0xInfection)](https://twitter.com/0xinfection). | ||
| > Crafted with ♡ by [Pinaki (@0xInfection)](https://twitter.com/0xinfection). | ||