Blog
Tool Development

text4shell-scan: A fully automated scanner for finding CVE-2022-42889

By
Redline Cyber Security
Oct 19, 2022
β€’
2
min read
text4shell-scan written by securekomodo

Hey there, Redline Team here! πŸš€

Given the rapidly evolving threat landscape, our founder, Bryan, we recently pushed a tool that could be a boon to security teams across the globe. It's called text4shell-scan. Let's get straight into what it does and how you can benefit from it.

What is text4shell-scan?

text4shell-scan is an automated scanner tailored to detect hosts vulnerable to the Text4Shell RCE CVE-2022-42889. This tool's primary objective? Help security teams identify this vulnerability within their infrastructure and test for potential WAF bypasses that could lead to code execution.

This tool took inspiration from Fullhunts's old Log4j scanner from 2021 – a big shoutout to them for their groundbreaking work. If you're interested, the nitty-gritty details of the vulnerability can be found here.

Features to Watch Out For

  • URL Lists: You can input multiple URLs simultaneously for efficient scanning.
  • Extensive Fuzzing: Whether it's over 60 HTTP request headers or HTTP POST Data parameters, the tool's got you covered.
  • DNS Callbacks: A built-in support system so you don’t have to set up a separate DNS callback server.
  • WAF Bypass Payloads: Perfect for testing the resilience of your infrastructure against evasive tactics.
  • Integration with Burpsuite Collaborator: You can make use of custom DNS OOB callbacks for enhanced flexibility.

Installation & Usage

Installation is a breeze:


$ pip3 install -r requirements.txt


And if you're a Docker enthusiast:


git clone https://github.com/securekomodo/text4shell-scan.gitcd text4shell-scansudo docker build -t text4shell-scan .sudo docker run -it --rm text4shell-scan

‍

The tool's usage is pretty straightforward. Whether you want to scan a single URL, check for WAF bypasses, or even use the Burpsuite Collaborator, just refer to the README for precise commands.

A Few Caveats

  1. The project is intended strictly for ethical and educational purposes. Ensure you have the necessary permissions before scanning any infrastructure.
  2. While the tool does an excellent job, it's still a work in progress. Expect more functionalities to be added soon, like advanced payload injection techniques.

Final Words

As the digital domain grows ever complex, tools like text4shell-scan provide us with an essential layer of protection. A huge thanks to Bryan (or @securekomodo on Twitter) for his efforts in bringing this to the community.

Stay safe out there, and always keep scanning! πŸ”πŸ›‘οΈ

‍

Share this post: