• log4j批量检测(CVE-2021-44228)

实现思路：

1、python读取urls.txt所有应用资产

2、调用rad对urls页面进行爬虫

3、爬取到的数据包转发到burp

4、使用burp的log4j插件对数据包所有字段进行POC探测

需要工具：

batch_rad.py

rad【https://github.com/chaitin/rad】

burp插件(log4jShell Scanner)【burp插件仓库自带】

batch_rad.py代码如下：

 1 import os
 2 import time
 3 import sys
 4 import datetime
 5 
 6 def globalPath():#文件路径
 7     global radPath #rad
 8     global urlPath #url资产
 9     radPath = r"C:\Users\jues\Desktop\rad\rad.exe"
10     urlPath = r"C:\Users\jues\Desktop\rad\urls.txt"
11 
12 def getUrl(path):#获取urls
13     file = open(path)  
14     urls = []
15     for line in file:
16         urls.append(line.strip('\n'))  # 移除换行符将url添加到数组
17     file.close()
18     return urls
19 
20 def addFiles(pathName):#创建扫描报告文件夹
21     try:
22         filePath = sys.path[0] + "\\" + datetime.datetime.now().strftime('%Y.%m.%d-') + pathName  #D:\xxxx\xxxx\batch_scan\2020.11.11-scan_domains\
23         os.mkdir(filePath)
24     except:
25         pass
26     return filePath
27 
28 
29 def scan():#rad_burp联动扫描
30     urls = getUrl(urlPath)
31     filePath = addFiles("scan_rad_burp\\")
32     sum = 0
33     for url in urls:
34         sum += 1
35         name = str(sum) + ',' + url.replace('https://', '').replace('http://','').replace('/','').replace('\n','').replace(':','-').rstrip() + '.txt' #创建的爬虫文件名
36         radcmd = r'{0} -t {1} --http-proxy 127.0.0.1:8080 -text-output {2}'.format(radPath, url.replace('\n', ''), filePath + name)  # cmd
37         os.system(radcmd.replace('\n', ''))
38         time.sleep(1)
39 
40 if __name__ == "__main__":
41     globalPath()
42     scan()