Скачать или смотреть Web-Based Log4J Vulnerability Tester - identify Web Apps affected by the Log4Shell (CVE-2021-44228)

This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.

Link: https://log4j-tester.trendmicro.com/

It allows you to generate a request that you can run in your environment and test if the server is vulnerable.

There are three options for using this tool:

Use the generated JNDI snapshot and add that entry to any of the form fields on the site or add this to the HTTP Header for User-Agent.
Your unique JNDI snapshot is ${jndi:ldap://log4j-tester.trendmicro.com:1389/c4b60743-2556-4d76-aafe-651db9aae5c9}

For Internal Server: Generate a quick curl command to test your servers.

For Public-Facing Server: Just provide the address of the server and we will try to create a simulated query. Make sure you are hitting some API endpoint/form which eventually does an action in the backend. If the unique ID provided here shows up in the results section below, the server may be vulnerable and should be investigated further. If it does not show up, it does not guarantee that the server is not vulnerable.

Credits:
The Trend Micro's vulnerability scanner is based on the following projects:
https://github.com/huntresslabs/log4s...
https://github.com/Neo23x0/log4shell-...
https://github.com/Cybereason/Logout4...
https://github.com/tangxiaofeng7/CVE-...
https://getbootstrap.com/docs/5.0/exa...
https://github.com/Puliczek/CVE-2021-...