giterlizzi / nmap-log4shell Goto Github PK
View Code? Open in Web Editor NEWNmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
License: MIT License
nmap-log4shell's Introduction
nmap-log4shell's People
Contributors
Stargazers
Watchers
Forkers
rbcrack joabra wayc0des-land gugas1nwork ytdark j1v37u2k3y jonz-secops renezander030 wildshake elnur0000 emadshanab calfcrusher 0xsojalsec mav1814 fostane argonauta666 gitezri a1k-ghaz1nmap-log4shell's Issues
Module stringaux not found for Centos 7 nmap default installation version
Module stringaux not found error in Centos 7.
Steps to reproduce
Install nmap:
yum -y install nmap
Then install and run script:
nmap --script log4shell.nse --script-args log4shell.callback-server=10.111.11.150:1389 -p 8080 10.111.11.149 [vagrant@attack
NSE: Failed to load /usr/bin/../share/nmap/scripts/log4shell.nse:
/usr/bin/../share/nmap/scripts/log4shell.nse:129: module 'stringaux' not found:
NSE failed to find nselib/stringaux.lua in search paths.
no field package.preload['stringaux']
no file '/usr/local/share/lua/5.2/stringaux.lua'
no file '/usr/local/share/lua/5.2/stringaux/init.lua'
no file '/usr/local/lib/lua/5.2/stringaux.lua'
no file '/usr/local/lib/lua/5.2/stringaux/init.lua'
no file './stringaux.lua'
no file '/usr/local/lib/lua/5.2/stringaux.so'
no file '/usr/local/lib/lua/5.2/loadall.so'
no file './stringaux.so'
stack traceback:
[C]: in function 'require'
/usr/bin/../share/nmap/scripts/log4shell.nse:129: in function </usr/bin/../share/nmap/scripts/log4shell.nse:1>
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:547: could not load script
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:547: in function 'new'
/usr/bin/../share/nmap/nse_main.lua:783: in function 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1271: in main chunk
[C]: in ?
QUITTING!
Centos version
[vagrant@attacker ~]$ cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
Newbie
Thank you for your time and effort to make cyber world safe. How do I tell in the scan results that the host is vulnerable? Thank you
nmap log4jshell.nse execution
Hi,
First of all, thank you very much for this code. We are able to upload the NSE file in our NMAP.
Now the challenge we are facing right now is how to execute the scan. Based on the README.md, we just need to upload the nse file to our NMAP and do an update. However I am confused on the syntax:
nmap --script log4shell.nse [--script-args log4shell.callback-server=127.0.0.1:1389] [-p ]
- Is the callback server the NMAP server we are using?
- What is -p port for if we want to scan a server to see what ports are open and if vulnerable with log4j?
- Do I also need to download JNDIExploit.zip to our NMAP server so that the command will take effect?
- Do you have any sample result using this nse file?
Missing JNDIExploit link
Link
https://github.com/feihong-cs/JNDIExploit
seems to be removed.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.