we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(log4shell) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

General Information


Installation / Requirements

  • cPython 3.6 and higher

  • install the required Python packages:
    pip3 install -r requirements.txt
  • AWS permissions to scans the resources:

    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Action": [
            "Resource": "*"

Before Execution The Script

You need a server which will wait for DNS requests from the vulnerable endpoints,
For this demo we are using: interactsh, which is an external tool You can use interactsh client or Interactsh web app


  1. Get the URL address for the DNS requests. Using ‘interactsh’ you can find it in the client app here:

    or using the web app:
  2. Execute the script with argument: ‘–dest-domain’ and (optional)’–proxies’. examples:

    python3 --dest-domain
    python3 --dest-domain --proxies

Finding Vulnerable Endpoints

the vulnerable endpoints should send DNS requests to your server with the format:

  • EC2 instances: ‘{instance id}.{destination domain}’. example:
  • Load Balancers: ‘{load balancer name}.{destination domain}’. example:

cli example:


web example:



This project should be used only for educational purposes. The project does not replace a mature remediation plan and does not provide full coverage on external-facing or vulnerable assets. Mitiga does not hold responsibility for any damage caused by using this project.


View Github