Note: This tool should be used only by parties that have authorization or permission to test the desired sites or IPs.

This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.

It allows you to generate a request that you can run in your environment and test if the server is vulnerable.

There are three options for using this tool:

  • Use the generated JNDI snapshot and add that entry to any of the form fields on the site or add this to the HTTP Header for User-Agent.
    • Your unique JNDI snapshot is
  • For Internal Server: Generate a quick curl command to test your servers.
  • For Public Facing Server: Just provide the address of the server and we will try to create a simulated query. Make sure you are hitting some API endpoint/form which eventually does an action in the backend. If the unique ID provided here shows up in the results section below, the server may be vulnerable and should be investigated further. If it does not show up, it does not guarantee that the server is not vulnerable.
To learn more on how to use this tool, please visit https://www.youtube.com/watch?v=7uix6nDoLBs.

Testing

Use the following tool to test your application endpoints.

You can use the generated cURL command below for testing:

URL
curl...

Results

If you submit and see results here, that means the server may be vulnerable and should be investigated further. If there are no results, it does not guarantee that the server is not vulnerable. This table will be refreshed every 10 seconds.

Next refresh in 10 seconds.

Unique ID Timestamp

Information

CVE-2021-44228

"Log4Shell" and "Logjam." Apache Log4j2 <=2.14.1 is vulnerable to remote code execution by downloading code from LDAP server using JNDI.

Read more
CVE-2021-45046

Apache Log4j 2.15.0 is vulnerable to a denial of service (DOS) attack when using ThreadContext values and context lookups.

Read more
Protection and Investigation

Analysis and Advisory - From Trend Micro Threat Research

Read more

Credits

Page last updated: , Version: