Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

log4shelldetect

Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the jar.

If you only want possibly vulnerable jars to be printed rather than all jars, run with -mode list.

License

Code here is released to the public domain under unlicense.

With the exception of velocity-1.1.9.jar which is an example vulnerable .jar file part of Velocity which is licensed under GPLv3.

Owner
Jason Chu
I'm an aussie who likes go.
Jason Chu
Similar Resources

Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

Dec 13, 2021

Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Nov 2, 2022

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Sep 20, 2022

Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

Dec 28, 2021

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!

Jun 17, 2022

WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions

Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn

Nov 20, 2022

Utility to safely fetch Java class files being served by LDAP servers. Includes deobfuscator for common Log4J URL obfuscation techniques

ldap-get Utility to safely fetch Java class files being served by LDAP servers,

Nov 9, 2022

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

Dec 26, 2022

CVE-2021-21978 exp

CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。

Nov 9, 2022
Comments
  • Get the command output

    Get the command output

    Hi @1lann and thanks for the work, I already used your tool to scan individually some of our servers.

    I wanted to scan the whole infrastructure by executing the tool with jobs on more computers, remotely. To get the vulnerable binaries/detections & grep the output, i need to save the output of your tool in a file.

    I tried everything with DOS & PowerShell without success : Out-File, RedirectStandardOutput, *>, PS Transcript... Every file i try to write keeps empty.

    How can i get the output of your tool in a file ? Thanks in advance

    Edit : it seems to work with -mode report, not with -mode list

  • Added additional file types and also exit code.

    Added additional file types and also exit code.

    Added .ear and .zip to types of file to test.

    Also added an exit code if a match is found. Exit codes:

    • 0: No match found
    • 1: Error
    • 2: Error parsing flags
    • 3: Match was found

    This enables integration with Ansible, e.g:

    ---
    - hosts: all
      become: true
      tasks:
      - name: Copy log4shelldetect to remote host
        copy:
          src: /home/XXX/log4shelldetect
          dest: /tmp/log4shelldetect
          mode: "0555"
    
      - name: Search for log4j
        shell:
          cmd: "/tmp/log4shelldetect -mode=list /"
        register: log4shelldetect
        changed_when: log4shelldetect.rc == 3
        failed_when: log4shelldetect.rc == 1 or log4shelldetect.rc == 2
    
      - name:
        copy:
          dest: "/home/XXX/log4shelldetect.out/{{ ansible_fqdn }}"
          content: "{{ log4shelldetect.stdout }}\n"
        when: log4shelldetect.rc == 3
        delegate_to: localhost
    
  • A lot of 'Access Denied' errors while running

    A lot of 'Access Denied' errors while running

    I get a lot of access denied errors on certain files on Windows (10) while running. Especially the Recycle bin and the WER files. While these are expected, it very much clutters the view.

    Please filter those out and/or create a parameter to do this. (I hope it will be off and possible a parameter to turn it on)

  • Add excluded or inclusive filesystems to scan

    Add excluded or inclusive filesystems to scan

    We have many servers with the same mounted NFS mounts and we don't want to scan this multiple times. This app should allow either multiple specified file system paths or allow you to specify an excluded filesystem path, or maybe a combination of the two.

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Sep 17, 2022
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Sep 22, 2022
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir

Oct 29, 2022
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality

Nov 9, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Nov 2, 2022
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Nov 9, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Feb 3, 2022
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

Dec 28, 2021
A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

Nov 9, 2022
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Oct 3, 2022