log4shell-detector
log4shell-detector copied to clipboard
Modified script for including more payloads
Thanks for the wonderful code for detecting the payloads! I tested this script against variety of known payloads available and found it is failing to detect some payloads containing invalid unicode character, you can find the example here https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words So I created another function to decode these invalid unicodes to ASCII using a package called "anyascii"(so one need to install this package using pip, hoping it is not an inconvenience), decoded these strings and added a conditional statements for dealing with non-ASCII charecters.
Also I added the encoded example of these invalid unicodes in the testing script with a heading invalid unicodes in the plain positive text category. I tested my script and I found some false positive cases so as you can notice I modified these detection strings with an extra "/" , so that it can bypass the false positive cases.
Please review my code and kindly let me know any questions and suggestions you have! Thank you!