Visibility and Mitigation for Log4J vulnerabilities

Overview

Visibility and Mitigation for Log4J vulnerabilities

Several scripts for the visibility and mitigation of Log4J vulnerabilities.

Static Scanner - Linux

How it works
The tool works by identifying files that are either vulnerable Log4J jars, or files containing potentially vulnerable Log4J jars. It uses a number of different methods to do this:

  1. Name identification - This matches the name of the file with the vulnerable version range.
  2. Hash identification - This performs hashing on the file and compares it with known hashes of vulnerable versions of Log4J.
  3. Deep search identification - This searches for known classes within the vulnerable version range. If the file is zip-like, then the file names will be compared using name identification.

Usage
--disable-deep-search - Disables deep search and resorts to using only hashes and filenames (Default: False)
--deep-search-filesize=N - Sets the largest size of a file that this script will search in (Default: 30)
--search-binaries - Sets whether the script will look in .jar files, or all files (Default: False)
--output-dir=XYZ - Sets the output directory (Default: /tmp/)\

Example Output

test@test:~$ sudo python log.py --search-binaries
{"MachineName":"test","OS_Version":"Linux-5.11.0-37-generic-x86_64-with-Ubuntu-20.04-focal","Found":[{"file_path":"/home/test/filename","method":"deep_search","sha1":"d1879ffaf40d4fa77d2dafb0163f91fefacefa06"}],"Errors":[]}

Static Scanner - Windows

How it works
The tool works by identifying files that are either vulnerable Log4J jars, or files containing potentially vulnerable Log4J jars. It uses a number of different methods to do this:

  1. Hash identification - This performs hashing on the file and compares it with known hashes of vulnerable versions of Log4J.
  2. Deep search identification - This searches for known classes within the vulnerable version range. If the file is zip-like, then the file names will be compared using name identification.

Usage
Ivnoke-Log4JScan - This function scans the entire machine for potential Log4J vulnerable jar files. -StringsLookup - If this parameter set to True, deep search indentification will be enabled

Example Output

PS > . .\invoke-log4jscan.ps1
PS > Ivnoke-Log4JScan -StringsLookup $True
{"Found" :[{"sha1" :"9ed084377e4396f3fe97a780610e3fd418813b83","method" :"deep_search","file_path" :"C:\\filename.jar"}],"MachineName" :"WIN-TEST","OS_Version" :"Windows_NT"}
PS > . .\invoke-log4jscan.ps1
PS > Ivnoke-Log4JScan -StringsLookup $True | Out-File $(join-path $env:temp 'log4j_scan_results.json')

Dynamic Scanner And Patching - Windows & Linux

How it works
We recommend using a great tool released this week by the Amazon Corretto team.
A fork of the tool is included in this repo, with an added visibility feature that logs more info about possibly affected processes.
It works by loading Java code into running Java processes using standard Java mechanisms.
After being loaded into the processes, it detects if log4j is loaded and tries to do two things:

  1. Log information about the module.
  2. Patch the vulnerable function.

Usage
Full instructions on building and running the tool is found in the repository itself.

You might also like...
SSRF search vulnerabilities exploitation extended.
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

Small python script to look for common vulnerabilities on SMTP server.
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities
A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

Owner
SentinelLabs
SentinelLabs
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

frontal 1 Jan 11, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

AnonyminHack5 12 Dec 2, 2022
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

Christopher Roberts 3 Nov 16, 2021
Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.

RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T

Microsoft 823 Dec 21, 2022
Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

pyup.io 1.4k Dec 30, 2022
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

null 2.1k Dec 25, 2022
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.

null 136 Dec 13, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

?? Recon ?? The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

EntySec 118 Dec 24, 2022