search

Diverto / nse-log4shell

Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
MIT License
347 stars 48 forks source link

nmap log4jshell.nse execution #14

Closed juanterio closed 2 years ago

juanterio commented 2 years ago

Hi,

First of all, thank you very much for this code. We are able to upload the NSE file in our NMAP.

Now the challenge we are facing right now is how to execute the scan. Based on the README.md, we just need to upload the nse file to our NMAP and do an update. However I am confused on the syntax:

nmap --script log4shell.nse [--script-args log4shell.callback-server=127.0.0.1:1389] [-p ]

  1. Is the callback server the NMAP server we are using?
  2. What is -p port for if we want to scan a server to see what ports are open and if vulnerable with log4j?
  3. Do I also need to download JNDIExploit.zip to our NMAP server so that the command will take effect?
  4. Do you have any sample result using this nse file?