Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

Overview

log4shelldetect

Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the jar.

If you only want possibly vulnerable jars to be printed rather than all jars, run with -mode list.

License

Code here is released to the public domain under unlicense.

With the exception of velocity-1.1.9.jar which is an example vulnerable .jar file part of Velocity which is licensed under GPLv3.

You might also like...
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.
Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!

Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions

Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

CVE-2021-21978 exp
CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。

Comments
  • Get the command output

    Get the command output

    Hi @1lann and thanks for the work, I already used your tool to scan individually some of our servers.

    I wanted to scan the whole infrastructure by executing the tool with jobs on more computers, remotely. To get the vulnerable binaries/detections & grep the output, i need to save the output of your tool in a file.

    I tried everything with DOS & PowerShell without success : Out-File, RedirectStandardOutput, *>, PS Transcript... Every file i try to write keeps empty.

    How can i get the output of your tool in a file ? Thanks in advance

    Edit : it seems to work with -mode report, not with -mode list

    opened by arnaudluti 3
  • Added additional file types and also exit code.

    Added additional file types and also exit code.

    Added .ear and .zip to types of file to test.

    Also added an exit code if a match is found. Exit codes:

    • 0: No match found
    • 1: Error
    • 2: Error parsing flags
    • 3: Match was found

    This enables integration with Ansible, e.g:

    ---
    - hosts: all
      become: true
      tasks:
      - name: Copy log4shelldetect to remote host
        copy:
          src: /home/XXX/log4shelldetect
          dest: /tmp/log4shelldetect
          mode: "0555"
    
      - name: Search for log4j
        shell:
          cmd: "/tmp/log4shelldetect -mode=list /"
        register: log4shelldetect
        changed_when: log4shelldetect.rc == 3
        failed_when: log4shelldetect.rc == 1 or log4shelldetect.rc == 2
    
      - name:
        copy:
          dest: "/home/XXX/log4shelldetect.out/{{ ansible_fqdn }}"
          content: "{{ log4shelldetect.stdout }}\n"
        when: log4shelldetect.rc == 3
        delegate_to: localhost
    
    opened by thorhs 3
  • A lot of 'Access Denied' errors while running

    A lot of 'Access Denied' errors while running

    I get a lot of access denied errors on certain files on Windows (10) while running. Especially the Recycle bin and the WER files. While these are expected, it very much clutters the view.

    Please filter those out and/or create a parameter to do this. (I hope it will be off and possible a parameter to turn it on)

    opened by erottier 1
  • Add excluded or inclusive filesystems to scan

    Add excluded or inclusive filesystems to scan

    We have many servers with the same mounted NFS mounts and we don't want to scan this multiple times. This app should allow either multiple specified file system paths or allow you to specify an excluded filesystem path, or maybe a combination of the two.

    opened by minsis 3
Releases(v0.0.7)
Owner
Jason Chu
I'm an aussie who likes go.
Jason Chu
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Frank Hübner 12 Sep 17, 2022
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Nanitor 12 Sep 22, 2022
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir

oelnaggar 14 Oct 29, 2022
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality

rabid 36 Nov 9, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Pinaki 24 Nov 2, 2022
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Daniele Linguaglossa 96 Nov 9, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Ryan S. 10 Feb 3, 2022
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

Sakuraji 1 Dec 28, 2021
A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

Rasmus Hansen 4 Nov 9, 2022
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Rakuten Group, Inc. 10 Oct 3, 2022