search

guardicode / log4shell-exploiter

GNU General Public License v3.0
0 stars 0 forks source link

readme

Log4Shell Exploiter - Agent Plugin for Infection Monkey

Introduction

Log4Shell Exploiter is an Agent Plugin for Infection Monkey that exploits CVE-2021-44228. It affects the Apache Log4j,a Java logging framework.

The plugin will attempt to exploit the vulnerability in three service:

  1. Apache Solr
  2. Apache Tomcat
  3. Logstash

For more information, see the Log4Shell Exploiter Plugin documentation.

Development

Setting up the development environment

To create the resulting Log4Shell archive, follow these steps:

  1. Clone the Repository

    $ git clone https://github.com/guardicode/log4shell-exploiter.git
$ cd log4shell-exploiter

  2. Install development dependencies

    This project uses Poetry for managing dependencies and virtual environments, and pre-commit for managing pre-commit hooks.

    $ pip install pre-commit poetry
$ pre-commit install -t pre-commit
$ poetry install

Running the test suite

The test suite can be run with the following command:

poetry run pytest

Building the plugin

To build the plugin, run the Agent Plugin Builder.

poetry run build_agent_plugin .

The build tool will create Log4Shell-exploiter.tar, which can be installed in the Monkey Island.