The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Log4J scanner, which will help identify web services affected by two Log4j flaws (CVE-2021-44228 and CVE-2021-45046).
The tool, based on an automated scanning framework developed by cybersecurity firm FullHunt, allows security teams to scan network hosts for two main actions, including Log4j RCE exposure and detection of web application firewall (WAF) bypasses that can allow attackers to execute code within an organization’s network.
Notable features of the Log4j scanner include support for lists of URLs, fuzzing for more than 60 HTTP request headers, fuzzing for HTTP Post Data parameters, fuzzing for JSON data parameters, DNS callback support for vulnerability discovery and validation, and WAF Bypass payloads.
These and many more are some of the efforts of CISA to mitigate attacks resulting from the successful exploitation of the Log4j flaw.