Find vulnerable versions of Log4j on Linux

log4jtool

Find vulnerable versions of Log4j on Linux

This tool does not change anything, it will iterate through the filesystem looking for Java packages and when it finds them it will read the manifest looking for vulnerable versions of Log4J and will report the package that contains them.

To run the tool

sudo ./log4jtool

It doesn't need full root permissions but root will allow it to read anything it could find. It will search the filesystem for java packages, .Jar files, .War files and .Ear files. It will read the contents looking for instances of Log4j and if it finds them it will read the manifest and compare the versions against known vulnerable versions. It is safe to run and doesn't modify anything.

The output looks like:

File: /home/spyderbat/test/log4j/log4j-1.2.12.jar    contains version: 1.2.12  which is not-vulnerable
File: /home/spyderbat/testx/apache-tomcat-8.5.73/webapps/log4shell-demo.war    contains version: 2.14.1  which is vulnerable

Log4jTool X86_64 Log4jTool ARM64

Owner
null
https://github.com/spyderbat/log4jtool
Similar Resources

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!

Jun 17, 2022

Divd 2021 00038 log4j scanner

divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/

Nov 9, 2022

Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

Dec 13, 2021

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Sep 17, 2022

Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Nov 2, 2022

Just simple log4j scanner With Golang

Just simple log4j scanner With Golang

Summary Yesterdy which is Decemeber 12, 2021. One of my friend send me a message on twitter that he want me to write a script that brute force list of

Dec 26, 2022

Utility to safely fetch Java class files being served by LDAP servers. Includes deobfuscator for common Log4J URL obfuscation techniques

ldap-get Utility to safely fetch Java class files being served by LDAP servers,

Nov 9, 2022

Hotdog is a set of OCI hooks used to inject the Log4j Hot Patch into containers.

Hotdog Hotdog is a set of OCI hooks used to inject the Log4j Hot Patch into containers. How it works When runc sets up the container, it invokes hotdo

Nov 12, 2022

Webserver Log4j Honeypot With Golang

Webserver Log4j Honeypot This honeypots runs fake Webserver waiting to be exploited. Payload classes are saved to payloads directory. Forked from http

Dec 17, 2021
Related tags
Security log4jtool
Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

Dec 28, 2021
Simple local scanner for vulnerable log4j instances

Simple local log4j vulnerability scanner (Written in Go because, you know, "write once, run anywhere.") This is a simple tool that can be used to find

Dec 21, 2022
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)
 Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote

Dec 25, 2022
Application trying to detect processes vulnerable to log4j JNDI exploit

Log4j JNDI Jar Detector Purpose This application is able to detect jars used by

Jan 25, 2022
Log4j detector and reporting server for scalable detection of vulnerable running processes.

Log4j Detector A client and reporting server to identify systems vulnerable to Log4j at scale. This work is based on Stripe's Remediation Tools, but w

Apr 8, 2022
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.

proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in

Dec 6, 2022
A vulnerable graphQL application, for testing purposes

Vulnerable-GoQL Vulnerable-GoQL is an web API which implements main security breach.

Jul 31, 2021
Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in

Dec 15, 2022
Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Sep 20, 2022
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
 CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

depsdev CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security sig

May 11, 2023