log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228.
This is the code that runs https://log4shell.tools. If you'd like to inspect the code or run an instance in your own environment, you've come to the right place.
The tool was tested on Go 1.16. Make sure it (or a more recent version) is installed and run the following command:
go install github.com/alexbakker/log4shell-tools/cmd/log4shell-tools-server
The binary will be available in
The tool uses its in-memory storage backend by default. If you need test results to persist across restarts, you may want to use the Postgres backend instead.
Usage of log4shell-tools-server: This tool only listens on 127.0.0.1 by default. Set the addr-* options to customize for your environment. -addr-http string listening address for the HTTP server (default "127.0.0.1:8001") -addr-http-external string address where the HTTP server can be reached externally (default "127.0.0.1:8001") -addr-ldap string listening address for the LDAP server (default "127.0.0.1:12345") -addr-ldap-external string address where the LDAP server can be reached externally (default "127.0.0.1:12345") -http-proto string the HTTP protocol to use for URL's (default "https") -storage string storage connection URI (either memory:// or a postgres:// URI (default "memory://") -test-timeout int test timeout in minutes (default 30)