├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── ApacheLog4j_Mac.zip ├── ApacheLog4j_Win.zip ├── InBug.bmp └── README.md /1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/1.png -------------------------------------------------------------------------------- /2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/2.png -------------------------------------------------------------------------------- /3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/3.png -------------------------------------------------------------------------------- /4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/4.png -------------------------------------------------------------------------------- /5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/5.png -------------------------------------------------------------------------------- /6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/6.png -------------------------------------------------------------------------------- /7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/7.png -------------------------------------------------------------------------------- /ApacheLog4j_Mac.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/ApacheLog4j_Mac.zip -------------------------------------------------------------------------------- /ApacheLog4j_Win.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/ApacheLog4j_Win.zip -------------------------------------------------------------------------------- /InBug.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/inbug-team/Log4j_RCE_Tool/b97515e3029860e34eedfe310a6156640254d286/InBug.bmp -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Log4j 远程代码执行漏洞多线程批量检测利用工具 2 | Log4j 远程代码执行漏洞多线程漏洞批量检测与利用工具 3 | 4 | ## 简介 5 | 本工具只可用于安全测试,勿用于非法用途! 6 | ### 工具定位 7 | Log4j 远程代码执行漏洞多线程漏洞批量检测与利用工具 8 | 9 | ### 工具截图 10 | 11 | 12 | 13 | 工具包含漏洞验证功能与漏洞利用功能,在利用漏洞时候需要在公网IP上部署一个JNDI恶意服务 (https://github.com/feihong-cs/JNDIExploit) 14 | 参数如下图,填入LDAP地址框,然后再使用公网IP监听端口来反弹shell,可以自定义payload,比如搜索页面可以设置为search、keyword,登录界面可以设为username、password。 15 | 16 | ![2](2.png) 17 | 18 | 19 | 20 | ![3](7.png) 21 | 22 | 当然InScan专业版也集成了dnslog与自动化反弹shell功能,可全自动检测和利用 Log4j2远程代码执行漏洞,通过Log4j2自动内网横向移动。 23 | 24 | ![4](4.png) 25 | 26 | ![5](5.png) 27 | 28 | ![6](6.png) 29 | ### 提交反馈 30 | 如有好的建议,以及发现BUG。 31 | GitHub issue: https://github.com/inbug-team/Log4j_RCE_Tool/issues 32 | 33 | 34 | ## 版本更新 35 | * [+] 2021/12/11 第一版本。 36 | * [+] 2021/12/11 Apache_Log4j_RCE V0.2 修复了bug,加了超时时间,允许https,降低了并发,增加了自定义参数。 37 | * [+] 2021/12/14 V1.0正式版,修改默认内置参数为爬虫的方式爬取网站深度为2层的含参数的POST与GET连接进行验证,提高漏洞准确率。 38 | 39 | **官网(生成扫描器):** 40 | https://www.inbug.org 41 | 42 | 同时也可通过公众号联系: 43 | ![-w784](InBug.bmp) 44 | 45 | 46 | --------------------------------------------------------------------------------