This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.
It allows you to generate a request that you can run in your environment and test if the server is vulnerable.
There are three options for using this tool:
- Use the generated JNDI snapshot and add that entry to any of the form fields on the site or add this to the HTTP Header for User-Agent.
- Your unique JNDI snapshot is ${jndi:ldap://log4j-tester.trendmicro.com:1389/b64c656f-ffcb-4fda-a06b-a4b8753e03cb}
- For Internal Server: Generate a quick curl command to test your servers.
- For Public Facing Server: Just provide the address of the server and we will try to create a simulated query. Make sure you are hitting some API endpoint/form which eventually does an action in the backend. If the unique ID provided here shows up in the results section below, the server may be vulnerable and should be investigated further. If it does not show up, it does not guarantee that the server is not vulnerable.
To learn more on how to use this tool, please visit https://www.youtube.com/watch?v=7uix6nDoLBs. The use of this tool is subject to the Trend Micro Free Tools Terms and Conditions.
Testing
Use the following tool to test your application endpoints. GET POST with User-Agent HTTP Headerwith X-Api-Version Headerwith URL Parameterswith Form Datawith custom HTTP HeaderObfuscate data
- System environment variables
- System properties
- Lower/Upper
- Lower special
Send request
You can use the generated cURL command below for testing:URL
curl...
Windows Mac/Linux
Results
If you submit and see results here, that means the server may be vulnerable and should be investigated further. If there are no results, it does not guarantee that the server is not vulnerable. This table will be refreshed every 10 seconds.
Next refresh in 4 seconds.
Unique ID | Timestamp |
---|
Information
CVE-2021-44228
“Log4Shell” and “Logjam.” Apache Log4j2 <=2.14.1 is vulnerable to remote code execution by downloading code from LDAP server using JNDI.Read more
CVE-2021-45046
Apache Log4j 2.15.0 is vulnerable to a denial of service (DOS) attack when using ThreadContext values and context lookups.Read more
Protection and Investigation
Analysis and Advisory – From Trend Micro Threat ResearchRead more
Credits
Trend Micro’s vulnerability scanner is based on the following projects:
- https://github.com/huntresslabs/log4shell-tester
- https://github.com/Neo23x0/log4shell-detector
- https://github.com/Cybereason/Logout4Shell
- https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
- https://getbootstrap.com/docs/5.0/examples/jumbotron
- https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
Source :
https://log4j-tester.trendmicro.com/