基于解析RMI和LDAP协议实现扫描工具

菜鸟学安全 2023-09-04 386

电子说

1.2w人已加入

描述

工具介绍

一款无须借助dnslog且完全无害的JNDI反连检测工具,解析RMI和LDAP协议实现,可用于内网渗透、甲方内网自查

RMI

  工具使用

$ python3 log4j2-intranet-scan.py -h
usage: log4j2-intranet-scan.py [-h] [-u URL] [-c CRAW] [-p PROXY] [-l USEDLIST] [--request-type REQUEST_TYPE]
                               [--headers-file HEADERS_FILE] [--run-all-tests] [--exclude-user-agent-fuzzing]
                               [--wait-time WAIT_TIME] [--waf-bypass] [--test-CVE-2021-45046] [--server SERVER]
                               [--disable-http-redirects]


optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Check a single URL. example('http://vultest.com/test.jsp')
  -c CRAW, --crawler CRAW
                        use crawler,any values,like 1
  -p PROXY, --proxy PROXY
                        send requests through proxy
  -l USEDLIST, --list USEDLIST
                        Check a list of URLs.
  --request-type REQUEST_TYPE
                        Request Type: (get, post) - [Default: get].
  --headers-file HEADERS_FILE
                        Headers fuzzing list - [default: headers.txt].
  --run-all-tests       Run all available tests on each URL.
  --exclude-user-agent-fuzzing
                        Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.
  --wait-time WAIT_TIME
                        Wait time after all URLs are processed (in seconds) - [Default: 5].
  --waf-bypass          Extend scans with WAF bypass payloads.
  --test-CVE-2021-45046
                        Test using payloads for CVE-2021-45046 (detection payloads).
  --server SERVER       ldap_server
  --disable-http-redirects
                        Disable HTTP redirects. Note: HTTP redirects are useful as it allows the payloads to have
                        higher chance of reaching vulnerable systems.
  
log4j2 靶场:
docker pull registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln
docker run -it -d -p 8080:8080 --name log4j_vuln_container registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln
docker exec -it log4j_vuln_container /bin/bash
/bin/bash /home/apache-tomcat-8.5.45/bin/startup.sh

 

        审核编辑:彭菁

 

打开APP阅读更多精彩内容
声明:本文内容及配图由入驻作者撰写或者入驻合作网站授权转载。文章观点仅代表作者本人,不代表电子发烧友网立场。文章及其配图仅供工程师学习之用,如有内容侵权或者其他违规问题,请联系本站处理。 举报投诉

全部0条评论

快来发表一下你的评论吧 !

下载APP
|投诉反馈|电子发烧友网
© 2021 elecfans.com
湘ICP备2023018690号
×
20
完善资料,
赚取积分