Skip to content

broadinstitute/bits-bt-scan-log4shell

BranchesTags

Repository files navigation

Broad log4shell Web Server Scan Tool

Note

This repository has been made public as the tool is no longer in use by the security team, and was primarily used as an intial assessment of our exposure in the immediate aftermath of the log4shell vulnerability disclosure.

Architecture

Lucidchart link to latest version

Usage

Requirements

Pre-requirements

  • Debian OR RHEL8
    • Tested on Debian 10 (buster), Debian 11 (bullseye), and RHEL 8.
    • May work on other Linux distros but may also break things. So for now the install script will refuse to install on a non-Debian/RHEL system.
  • Debian only: sudo privileges
  • Python3
    • Tested on 3.8, 3.9, and 3.10. Will not be automatically installed and will terminate the install process if it is not present.
    • Be sure to adjust the pythonpath in install.rhel.conf if needed.

Other Requirements

  • masscan
    • Will install it if it is not present.

Get

$ wget --header "Authorization: token ${GITHUB_ACCESS_TOKEN}" 'https://github.com/broadinstitute/bits-bt-scan-log4shell/archive/refs/tags/{RELEASE_TAG}.tar.gz' -O /tmp/log4shell.tar.gz
$ tar -xvf /tmp/log4shell.tar.gz -C /local/src

Setup

  • Installation sets up three main tasks:
    • masscan:
      • Installs if it is not present.
      • Adds cronjob to executing user's crontab.
    • Scanner:
      • Installs Python requirements.
      • Adds cronjob to executing user's crontab.
    • Listener:
      • Installs Python requirements.
      • Restarts the service.
$ cd /local/src/bits-bt-scan-log4shell-{RELEASE_TAG}/log4shell-scan
# Make any necessary changes to install.conf and the two additional config files listed below.
$ vim install.rhel.conf
$ vim scanner/config.ini
$ vim listener/config.ini
$ chmod +x *.sh
$ ./install.rhel.sh

Configure

  • Configure the install in install.rhel.conf.
    • Must be done before running ./install.rhel.sh.
  • Configure the scan script in config.ini.
    • May be done after install, the scanner will grab the latest config the next time it runs.
  • Configure the listener in config.ini.
    • May be done after install, however requires a restart to the listener system service (sudo systemctl restart log4shell-listen.service).

Uninstall

$ cd /local/src/bits-bt-scan-log4shell-{RELEASE_TAG}/log4shell-scan
$ ./uninstall.sh

About

BITS Blue Team's Log4Shell scanning tool.

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

10 watching

Forks

1 fork
Report repository

Releases 1

v1.3.2 Latest
Feb 15, 2022

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages