Divd 2021 00038 log4j scanner

Overview

divd-2021-00038--log4j-scanner

This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/core/lookup/JndiLookup.class files.

Currently the allow list defines non exploitable versions, in this case log4j-core 2.15.0.

Usage (windows)

divd-2021-00038--log4j-scanner-windows-amd64.exe {target-path}

Usage (linux)

divd-2021-00038--log4j-scanner-linux-[amd64|arm64] {target-path}

Usage (mac)

divd-2021-00038--log4j-scanner-darwin-amd64 {target-path}

BUILD

GOARCH=amd64 GOOS=linux go build -o ./.builds/divd-2021-00038--log4j-scanner-linux-amd64 ./main.go

Copyright and license

Code and documentation copyright 2011-2020 Remco Verhoef (DTACT).

Code released under the MIT license.

Comments
  • 2.16 is detected as vulnerable

    2.16 is detected as vulnerable

    C:\Users\x\Downloads>dir .\l4j-test\
     Volume in drive C is Windows
     Volume Serial Number is x-x
    
     Directory of C:\Users\x\Downloads\l4j-test
    
    14.12.2021  17:42    <DIR>          .
    14.12.2021  17:42    <DIR>          ..
    12.12.2021  23:35         1,789,565 log4j-core-2.16.0.jar
                   1 File(s)      1,789,565 bytes
                   2 Dir(s)  403,926,196,224 bytes free
    
    C:\Users\x\Downloads>divd-2021-00038--log4j-scanner-windows-amd64.exe .\l4j-test\
    divd-2021-00038--log4j-scanner by DTACT
    http://github.com/dtact/divd-2021-00038--log4j-scanner
    
    [ ] Using targets: .\l4j-test\
    [!][l4j-test\log4j-core-2.16.0.jar -> org/apache/logging/log4j/core/lookup/JndiLookup.class] found JndiLookup.class with hash 085e0b34e40533015ba6a73e85933472702654e471c32f276e76cffcf7b13869 (version: )
    [🏎]: Scan finished! 1 files scanned, 1 vulnerable files found, 0 vulnerable libraries found, 0 errors occured,  in 00h0
    0m00s, average rate is: 649 files/min.
    
    C:\Users\x\Downloads>
    
    opened by ankrman 9
  • panic: runtime error: invalid memory address or nil pointer dereference

    panic: runtime error: invalid memory address or nil pointer dereference

    Running on Darwin. The scanner crashed while scanning a large fileset. [!][/xxxxxx/xxxxxx/xxxxxx/Library/Caches/Homebrew/downloads/2ac97b815131569d7888e06425f3446be8b2e68f8361ce20c65051f66cb23360--qt--6.2.2.monterey.bottle.tar.gz -> qt/6.2.2/share/qt/mkspecs/features/link_pkgconfig.prf] could not open zip file 1fe46b14df7175167596e630a8b1160a3e3e82d7bf62299b3acebd689a83675b panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x112eee8]

    opened by ykanello 3
  • Support for Docker version 18.06.1-ce

    Support for Docker version 18.06.1-ce

    I tried to run the scan for all local docker images. My docker daemon is Docker version 18.06.1-ce. I get the below error. Will there be too much of a difference between 1.40 and 1.38 to not support ?

    [email protected]:~# docker --version
    Docker version 18.06.1-ce, build e68fc7a
    
    [email protected]:~# ./divd-2021-00038--log4j-scanner scan-image --local
    divd-2021-00038--log4j-scanner by DTACT
    http://github.com/dtact/divd-2021-00038--log4j-scanner
    --------------------------------------
    [ ] Currently scanning , checked 0 images in 00h:00m:00s. 
    [!] Error identifying application: Error response from daemon: client version 1.40 is too new. Maximum supported API version is 1.38
    
    [email protected]:~# cat /etc/os-release
    NAME="RancherOS"
    VERSION=v1.5.0
    ID=rancheros
    ID_LIKE=
    VERSION_ID=v1.5.0
    PRETTY_NAME="RancherOS v1.5.0"
    HOME_URL="http://rancher.com/rancher-os/"
    SUPPORT_URL="https://forums.rancher.com/c/rancher-os"
    BUG_REPORT_URL="https://github.com/rancher/os/issues"
    BUILD_ID=
    
    opened by titoc 2
  • Cannot find module for path io/fs

    Cannot find module for path io/fs

    Could it be that a module dependency for path io/fs is missing?

    Trying to run the code I get the following error:

    $ go run .
    build github.com/dutchcoders/divd-2021-00038--log4j-scanner: cannot find module for path io/fs
    

    I have absolutely 0 experience with Golang, so forgive me if this is just an user error.

    opened by bart-roos 2
  • fix the disable-color flag

    fix the disable-color flag

    The disable-color command-line flag is used to disable color. It's used to call color.NoColor later on. But this call uses an incorrect boolean 'no-color' rather than 'disable-color'

    opened by sspans-sbp 1
  • Exclude file path option?

    Exclude file path option?

    Is it possible to add a flag to exclude certain paths? We would like to avoid scanning large directories with data files that reside in the same root path with the applications. thank you for your great work

    opened by ykanello 1
  • 2.17.0 is coming a vulnurable

    2.17.0 is coming a vulnurable

    I tried scanning a docker image and it is showing it vulnurable but log4j version 2.17.0 is used

    [!][ ] found org/apache/logging/log4j/core/lookup/JndiLookup.class with hash xxxxxxxxxxx (identified as version(s): 2.17.0, 2.17.1) └───────> found in WEB-INF/lib/log4j-core-2.17.0.jar
    └───────> found in opt/app/app.war hash=xxxxxxxxxxx
    └───────> found in xxxxxxxxxx/layer.tar

    opened by nikhil-vinod-gupta 0
Releases(1.0-beta.4)
Owner
null
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Frank HΓΌbner 12 Sep 17, 2022
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir

oelnaggar 14 Oct 29, 2022
WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions

Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn

WhiteSource 138 Nov 20, 2022
Simple local scanner for vulnerable log4j instances

Simple local log4j vulnerability scanner (Written in Go because, you know, "write once, run anywhere.") This is a simple tool that can be used to find

Hilko Bengen 386 Nov 9, 2022
Just simple log4j scanner With Golang

Summary Yesterdy which is Decemeber 12, 2021. One of my friend send me a message on twitter that he want me to write a script that brute force list of

Chan Nyein Wai 9 Apr 16, 2022
Yet another log4j vulnerability scanner

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

Athanasios Kostopoulos 3 Oct 12, 2022
Log4j-scanner tools - Support for multiple scan method

Log4j-scanner URL mode (fuzzing url with header, payload) go run . url -h Usage

BREAK TEAM - Hacking Team 2 Sep 7, 2022
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Alexander Bakker 66 Nov 2, 2022
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote

Dwi Siswanto 41 Nov 7, 2022
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Nanitor 12 Sep 22, 2022
Gbu-scanner - Go Blog Updates (Scanner service)

Go Blog Updates - Scanner This service scans go blog (go.dev) and publishes new posts to message broker (rabbitmq). It uses mongodb as a storage for a

null 1 Jan 10, 2022
GONET-Scanner - Golang network scanner with arp discovery and own parser

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

Luis Javier 61 Nov 18, 2022
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality

rabid 36 Nov 9, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Pinaki 24 Nov 2, 2022
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Daniele Linguaglossa 96 Nov 9, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Ryan S. 10 Feb 3, 2022
Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. Very Beta Warning!

null 56 Jun 17, 2022
Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

null 2 Dec 28, 2021
null 7 Nov 9, 2022