My First Big Bounty

بسم الله الرحمن الرحيم

TL;DR Found a critical log4j hit on a host discovered via Shodan; validated with httpx and nuclei, reported it, and received a P1.

Context I used certificate-based Shodan searches to enumerate IPs for a target, probed additional ports with httpx, and scanned with nuclei templates until I found a log4j detection.

Process

1. Enumerate IPs from Shodan (certificate search).

2. Combine Shodan results and probe likely ports with httpx to find live services.

3. Feed the validated hosts into nuclei with appropriate templates and review findings.

Commands

Get IP:port pairs from Shodan, format for httpx

shodan search ssl:target --fields ip_str,port --separator " " | awk '{print $1":"$2}'

Probe additional ports using httpx

httpx -l target-shodan -p 80,88,81,8888,8080,8081,8443,443 -o target-shodan-live

Run nuclei against live hosts (assume templates installed)

nuclei -l target-shodan-live -t ~/nuclei-templates/ -o nuclei-results

after I got them all I passed the file to nuclei, waited forever and Booom! when I saw the results there was log4j hit in an IP address

nuclei -l target-shodan -t ~/nuclei-templates/ -o results

Result

• nuclei produced a log4j template hit on one IP.

• I followed the program’s reporting process and received a P1 (priority 1) reward.