Burp Suite User Forum

Login to post

Log4jShell scanner removed? Does Active scan++ supports Log4jshell?

Shreyas | Last updated: Sep 18, 2023 05:55PM UTC

Hi, Any reason why Log4jShell scanner extension is removed from BApp Store? Also, since Log4jShell scanner removed, does for all the below variants are supported by Active scan++ Feature Log4Shell scanner (this one) ActiveScan++ (b485a07) Synchronous detection ✔️ ✔️ Asynchronous detection ✔️ ❌ Hostname detection ✔️ ❌ Username detection ✔️ ❌ Ability for single-issue scan (see below) ✔️ ❌ Thank you, Shreyas

Dominyque, PortSwigger Agent | Last updated: Sep 19, 2023 09:47AM UTC

Hi We removed the Log4jShell scanner extension from the BApp Store as it was triggering the anti-virus check. We did contact the author about this, but they haven't gotten back to us. You can still use the Log4jShell extension from GitHub if you would like: https://github.com/silentsignal/burp-log4shell. The functionality of the Active Scan++ is listed in the description: https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976.

You need to Log in to post a reply. Or register here, for free.