-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nmap log4jshell.nse execution #4
Comments
Hi @juanterio,
Not necessarily. The "callback server" is the IP address (and port) that is sent by the NSE script in the payload. You can use another server and listening port that are reachable by the target.
You can specify one or more ports using
You can use another service (LDAP server,
In README.md you have a sample of NSE output. NOTE This script is useful to detect the vulnerability of Log4Shell across the network, but requires a post-analisys. For example, if the target is protected by a firewall, by an IDS/IPS or a WAF i suggest to inspect these logs to see if your application is vulnerable or if it's necessary to update or activate rules to protect the application. Joseph |
Thanks @giterlizzi for the details! We tested the script from one of our server with sample result below. How do we know if the server is vulnerable with log4j? Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-06 10:24 China Standard Time Nmap done: 1 IP address (1 host up) scanned in 239.47 secondsp |
Inspect the application logs. If the application is vulnerable you can see a JNDI lookup in log:
|
Hi,
First of all, thank you very much for this code. We are able to upload the NSE file in our NMAP.
Now the challenge we are facing right now is how to execute the scan. Based on the README.md, we just need to upload the nse file to our NMAP and do an update. However I am confused on the syntax:
nmap --script log4shell.nse [--script-args log4shell.callback-server=127.0.0.1:1389] [-p ]
The text was updated successfully, but these errors were encountered: