Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

Overview

log4j-finder

A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk and inside Java Archive files (JARs).

log4j-finder results

Usage

Example usage to scan a path (defaults to /):

$ python3 log4j-finder.py /path/to/scan

Or directly a JAR file:

$ python3 log4j-finder.py /path/to/jarfile.jar

Or multiple directories and or files:

$ python3 log4j-finder.py /path/to/dir1 /path/to/dir2 /path/to/jarfile.jar

Files or directories that cannot be accessed (Permission denied errors) are not printed. If you want to see more output, you can give the -v flag for verbose, or -vv for debug mode (only recommended for debugging purposes).

Comments
  • Windows - Export results to a file

    Windows - Export results to a file

    Looking to somehow run this EXE on all our Windows systems remotely and then somehow aggregate all the results and parse looking for findings.. Any work on possibly implementing this? Thanks for all the hard work!

    opened by kmccb 8
  • zipfile.Path is 3.8+ only

    zipfile.Path is 3.8+ only

    Your doco says python 3.6+ but you're using zipfile.Path that wasn't introduced until 3.8. Just FYI. So this can't be used on any RHEL boxes without custom python installs.

    opened by scoggins 7
  • Errors on one certain server - too long filename perhaps?

    Errors on one certain server - too long filename perhaps?

    Hi,

    One of my servers spits out an error. I've replaced the servername and username.

    My first wild guess is that the path is too long and the application can't handle that. But that's just a wild guess on the first glance at the path. Do note that the broken lines is copied as-is from the output I got.

    Traceback (most recent call last):
        + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
        + FullyQualifiedErrorId : NativeCommandError
        + PSComputerName        : _<servername>_
    Traceback (most recent call last):
        + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
        + FullyQualifiedErrorId : NativeCommandError
        + PSComputerName        : _<servername>_
    
      File "log4j-finder.py", line 298, in <module>
      File "log4j-finder.py", line 298, in <module>
    
      File "log4j-finder.py", line 264, in main
      File "log4j-finder.py", line 264, in main
    
      File "pathlib.py", line 1193, in open
      File "pathlib.py", line 1193, in open
    
      File "pathlib.py", line 1046, in _opener
      File "pathlib.py", line 1046, in _opener
    
    FileNotFoundError
    FileNotFoundError
    :
    :
    [Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application
     Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Appli
    cation Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
    [Errno 2] No such file or directory: 'C:\\Documents and Settings\\_<username>_\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\App
    lication Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\tmphc250ssu\\org\\apache\\logging\\log4j\\core\\net\\JndiManager.class'
    NotSpecified: (:) [], RemoteException
    NotSpecified: (:) [], RemoteException
    [
    [
    3189
    3189
    7
    7
    2] Failed
    2] Failed
    NotSpecified: (:) [], RemoteException
    NotSpecified: (:) [], RemoteException
    to execute
    to execute
    NotSpecified: (:) [], RemoteException
    NotSpecified: (:) [], RemoteException
    script l
    script l
    o
    o
    g4j-finder
    g4j-finder
    
    opened by erottier 5
  • Adding -q option ?

    Adding -q option ?

    • WHAT ? One-liner output for each discovered log4j-core-2.x.jar file.
    [me@rocky8t01 log4j-finder]$ sudo ./dist/log4j-finder -bq  /tmp
    $HOSTNAME [shorter timestamp ] VULNERABLE: /tmp/apache-log4j-2.8-bin/log4j-core-2.8.jar -> org/apache/logging/log4j/core/net/JndiManager.class [415c13e7c8505fb056d540eac29b72fa: log4j 2.7 - 2.8.1]
    [me@rocky8t01 log4j-finder]$
    
    • WHY ? So that it is better used with CM tool like saltstack/ansible tools. -b option to exclude banner is still too much verbose for me.
    [me@rocky8t01 log4j-finder]$ sudo ./dist/log4j-finder -bq  /tmp
    usage: log4j-finder [-h] [-v] [-n] [-b] [PATH ...]
    log4j-finder: error: argument -b/--no-banner: ignored explicit argument 'q'
    [me@rocky8t01 log4j-finder]$ sudo ./dist/log4j-finder -b  /tmp
    [2021-12-16 20:55:05.573146] Scanning: /tmp
    [2021-12-16 20:55:05.596662] VULNERABLE: /tmp/apache-log4j-2.8-bin/log4j-core-2.8.jar -> org/apache/logging/log4j/core/net/JndiManager.class [415c13e7c8505fb056d540eac29b72fa: log4j 2.7 - 2.8.1]
    [2021-12-16 20:55:05.679576] Finished scan, elapsed time: 0.11 seconds
    
    Summary:
     Processed 291 files and 23 directories
     Scanned 44 files
      Found 1 vulnerable files
    
    Elapsed time: 0.11 seconds
    [me@rocky8t01 log4j-finder]$
    
    
    opened by tjyang 5
  • Trojan-Downloader.Win32.Bitser infection found in log4j-finder.exe

    Trojan-Downloader.Win32.Bitser infection found in log4j-finder.exe

    Kaspersky Anti-Virus found this on .exe file

    Type: Cheval de Troie Nom: Trojan-Downloader.Win32.Bitser.cue Exactitude: Exactement Niveau de menace: Élevé Type d'objet: Fichier Nom de l'objet: log4j-finder.exe Chemin de l'objet: *********** MD5: 0E08555A17CA3E08D02DBD4CFB87C1AA Raison: Consigné dans le rapport

    Kind regards. Jipi69

    opened by JIPI69 5
  • Documentation should explicitly mention that other archive file types are NOT scanned

    Documentation should explicitly mention that other archive file types are NOT scanned

    I think the documentation should explicitly mention that only JAR, EAR and WAR files are scanned.

    For example, often a rolled out software comes in the form of a ZIP file or RAR, TAR, TAR.GZ (TGZ), TAR.BZ2 or platform-specific files types like an extractable EXE or MSI files.

    Other programming languages use ZIP the file format but with a different suffix as an archive format as well, e.g. Python uses the WHL suffix.

    Such archive files might contain Java classes as well, probably wrapped in *.JAR archives inside the outer archive.

    These file types will not be scanned and I think this should be mentioned.

    opened by hvbtup 4
  • Access Denied even after elevating cmd

    Access Denied even after elevating cmd

    Hello Team,

    Thanks for developing this tool. I was trying to run it on my PC(windows), just installed python and ran it as explained by you, however, I am seeing a lot of access denied(even after opening cmd as admin and running if from there).

    Is there a way to give it privilges?

    opened by laroshkhan 4
  • Critical issue on Windows

    Critical issue on Windows

    @yunzheng : you use standard path libraries for the lookups of files in zip files: this approach is incorrect.

    image

    On windows the Exception will always be hit becasue the path for lookup of the class gets passed in the wrong format:

    'org\\apache\\logging\\log4j\\core\\lookup\\JndiLookup.class'

    rather than

    'org/apache/logging/log4j/core/lookup/JndiLookup.class'

    And since you have defaulted to setting has_lookup = False, VULNERABLE jars are being labeled PATCHED.

    This is very bad if people using windows are to rely on your tool...

    The behavior is inconsistent across your codebase... this is OK:

    image

    Furtheron it is not OK:

    image

    opened by KrisJanssen 3
  • Show patched .jar files as PATCHED (removal of JndiLookup.class)

    Show patched .jar files as PATCHED (removal of JndiLookup.class)

    Following the official Apache Log4j 2.x mitigation regarding the removal of JndiLookup class, these JAR files will now show up as PATCHED.

    More info regarding the removing of JndiLookup.class is described here: https://logging.apache.org/log4j/2.x/security.html

    opened by yunzheng 3
  • Revert

    Revert "Remove incorrect has_lookup=False for JndiLookup.class"

    Reverts fox-it/log4j-finder#36

    The old behaviour was actually correct, when there is a KeyError, it means no JndiLookup.class file is found. However the KeyError was also triggered due to non posix paths on Windows, that is now fixed in #37.

    opened by yunzheng 1
  • Perhaps mention you need python 3.8.10 to support win7

    Perhaps mention you need python 3.8.10 to support win7

    Because when created with 3.9 or 3.10 the binary will not work, and result in "api-ms-win-core-path-l1-1-0.dll is missing"

    It says so on the download page of python.org, but it can't hurt to mention it.

    (lower is obviously also possible, but 3.8.10 is easiest to use in this case)

    opened by jkommeren 1
  • Signed Windows Binary Out-Of-Date

    Signed Windows Binary Out-Of-Date

    Hello,

    Thank you so much for providing the python script and binary. Are you able to release a new binary and signed version since the log4j version 2.17.1 is not recognized as clean ?

    Thank you !

    opened by SKAatGIT 0
  • Added option to store results in a file preserving color highlighting…

    Added option to store results in a file preserving color highlighting…

    … in addition to stdout. Added option to then view stored results displaying saved color highlighting.

    In other words not only are results displayed on the screen (stdout) in real time but are also saved in a file that can be viewed later with the same color highlighting. This is especially useful on Windows since piping to something like Tee loses color highlighting.

    opened by brian-oster-acme 0
  • quick + dirty multipass scan feature

    quick + dirty multipass scan feature

    Quick + dirty multi-pass scan feature

    • added multi-pass flag (skips zip files)
    • added input flag (ingests list of zip files)
    • added output flag (writes list of zip files)
    opened by B3K7 1
  • script (binary) requires executable option on /tmp mount

    script (binary) requires executable option on /tmp mount

    [root@host tmp]# mount | grep /tmp
    /dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
    [root@host tmp]# /srv/log4j-finder 
    /srv/log4j-finder: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted
    [root@host tmp]# mount /tmp -o remount,exec
    [root@host tmp]# mount | grep /tmp
    /dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,relatime,seclabel,attr2,inode64,noquota)
    [root@host tmp]# /srv/log4j-finder 
     __               _____  __         ___ __           __
    |  |.-----.-----.|  |  ||__|______.'  _|__|.-----.--|  |.-----.----.
    |  ||  _  |  _  ||__    |  |______|   _|  ||     |  _  ||  -__|   _|
    |__||_____|___  |   |__||  |      |__| |__||__|__|_____||_____|__|
              |_____|      |___| v1.2.0 https://github.com/fox-it/log4j-finder
    
    [2021-12-30 15:29:02] host Scanning: /
    ^C
    Aborted!
    

    this is not expected, especially not from a security scan utility, as noexec is set with a reason on /tmp mount point. It would be nice to provide a different tmp dir for the binary.

    opened by rule88 2
  • redhat linux 6 glibc_2.14 not found error

    redhat linux 6 glibc_2.14 not found error

    on RHEL6 I see:

    [22407] Error loading Python lib '/tmp/_MEI7VUFgo/libpython3.7m.so.1.0': dlopen: /lib64/libc.so.6: version 'GLIBC_2.14' not found (required by /tmp/_MEI7VUFgo/libpython3.7m.so.1.0)
    

    When I compile and install glibc-2.14 manually and export as an env variable, I get:

    export LD_LIBRARY_PATH=/var/opt/glibc-2.14/lib && /tmp/log4j-finder -b
    Traceback (most recent call last):
      File "log4j-finder.py", line 29, in <module>
      File "/root/.pyenv/versions/3.7.5/lib/python3.7/site-packages/PyInstaller/loader/pyimod03_importers.py", line 623, in exec_module
      File "platform.py", line 116, in <module>
      File "/root/.pyenv/versions/3.7.5/lib/python3.7/site-packages/PyInstaller/loader/pyimod03_importers.py", line 623, in exec_module
      File "subprocess.py", line 153, in <module>
    ImportError: /var//opt/glibc-2.14/lib/libc.so.6: version `GLIBC_2.15' not found (required by /tmp/_MEIWmgHt6/select.cpython-37m-x86_64-linux-gnu.so)
    

    You guessed it, so I build and compiled glibc-2.15 too, and then it gives again the first error.

    What I don't understand is that seemingly it's not using these glibc versions:

    objdump -T /tmp/log4j-finder
    
    /tmp/log4j-finder:     file format elf64-x86-64
    
    DYNAMIC SYMBOL TABLE:
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strcat_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 getenv
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __snprintf_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 raise
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 free
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __vfprintf_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 unlink
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncpy
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncmp
    0000000000000000  w   D  *UND*  0000000000000000              _ITM_deregisterTMCloneTable
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcpy
    0000000000000000      DF *UND*  0000000000000000              inflate
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mkdir
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 ferror
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fread
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mbstowcs
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setenv
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 getpid
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fclose
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 opendir
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 stpcpy
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 rmdir
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strlen
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setbuf
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strchr
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dirname
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 memset
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strnlen
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strncat
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.4   __realpath_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 closedir
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __strdup
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __libc_start_main
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 wcsncpy
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 calloc
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcmp
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 signal
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 ftell
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 feof
    0000000000000000  w   D  *UND*  0000000000000000              __gmon_start__
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 clearerr
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3   realpath
    0000000000000000      DF *UND*  0000000000000000              inflateEnd
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 kill
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __xpg_basename
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fileno
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __stpcpy_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 __xstat
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 readdir
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlopen
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 malloc
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fflush
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 nl_langinfo
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fseek
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __vsnprintf_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strncpy_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strcpy_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 mkdtemp
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 setlocale
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fchmod
    0000000000000000      DF *UND*  0000000000000000              inflateInit_
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 waitpid
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fopen
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 perror
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strtok
    0000000000000000  w   D  *UND*  0000000000000000              _Jv_RegisterClasses
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 unsetenv
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 execvp
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 strcat
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fwrite
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __fprintf_chk
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3.4 __strncat_chk
    0000000000000000  w   D  *UND*  0000000000000000              _ITM_registerTMCloneTable
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlsym
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 fork
    0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 dlerror
    0000000000607a40 g    DO .bss   0000000000000008  GLIBC_2.2.5 stdout
    0000000000607a48 g    DO .bss   0000000000000008  GLIBC_2.2.5 stdin
    0000000000607a50 g    DO .bss   0000000000000008  GLIBC_2.2.5 stderr
    

    Could you compile the binary also for older versions of glibc, like 2.12? Or perhaps there's some option that does something dynamic, I'm no expert.

    opened by nin0-0 1
Releases(v1.2.0)
  • v1.2.0(Dec 20, 2021)

    Notable changes

    • Added Log4j 2.17.0 detection, versions lower than this is marked as VULNERABLE
    • Detect removal of JndiLookup.class, will show up as PATCHED
    • Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
    • Hostname is now added to the output, and there is an new option -q, --quiet to suppress summary and banner.
    • It now also processes .zip files
    • You can now exclude files or directories by using the --exclude option, eg: --exclude /mnt/media/*

    What's Changed

    • Add CVE-2021-45046 to the README by @lmorg in https://github.com/fox-it/log4j-finder/pull/9
    • Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/15
    • Update README.md with instructions for creating PyInstaller executables by @yunzheng in https://github.com/fox-it/log4j-finder/pull/17
    • Add -V/--version argument to print program version by @yunzheng in https://github.com/fox-it/log4j-finder/pull/21
    • Add hostname to output and refactored parts of script by @yunzheng in https://github.com/fox-it/log4j-finder/pull/23
    • Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in https://github.com/fox-it/log4j-finder/pull/25
    • Added "How it works" section to README.md by @yunzheng in https://github.com/fox-it/log4j-finder/pull/28
    • Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in https://github.com/fox-it/log4j-finder/pull/29
    • Fixing scanning issue of jars inside war files by @dariux in https://github.com/fox-it/log4j-finder/pull/22
    • Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in https://github.com/fox-it/log4j-finder/pull/33
    • Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in https://github.com/fox-it/log4j-finder/pull/36
    • Add ability to exclude files and directories by @mjsalmi in https://github.com/fox-it/log4j-finder/pull/34
    • Fix zip internal path issue on Windows by @KrisJanssen in https://github.com/fox-it/log4j-finder/pull/37
    • Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in https://github.com/fox-it/log4j-finder/pull/39
    • Added MIT License by @yunzheng in https://github.com/fox-it/log4j-finder/pull/41
    • Added missing log4j 2.12.2 MD5 hash by @yunzheng in https://github.com/fox-it/log4j-finder/pull/42
    • Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/43
    • Fixed files and directory stats by @yunzheng in https://github.com/fox-it/log4j-finder/pull/46
    • Output log4j-finder and Python version to debug and info logging by @yunzheng in https://github.com/fox-it/log4j-finder/pull/47
    • Add support for processing files with .zip extension by @yunzheng in https://github.com/fox-it/log4j-finder/pull/48
    • Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in https://github.com/fox-it/log4j-finder/pull/53

    New Contributors

    • @lmorg made their first contribution in https://github.com/fox-it/log4j-finder/pull/9
    • @dariux made their first contribution in https://github.com/fox-it/log4j-finder/pull/22
    • @mjsalmi made their first contribution in https://github.com/fox-it/log4j-finder/pull/34
    • @KrisJanssen made their first contribution in https://github.com/fox-it/log4j-finder/pull/37

    Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.1...v1.2.0

    Source code(tar.gz)
    Source code(zip)
    log4j-finder(8.43 MB)
    log4j-finder-linux-v1.2.0.zip(8.33 MB)
    log4j-finder-signed.exe(6.28 MB)
    log4j-finder-windows-signed-v1.2.0.zip(6.14 MB)
    log4j-finder-windows-v1.2.0.zip(6.13 MB)
    log4j-finder.exe(6.27 MB)
  • v1.0.1(Dec 15, 2021)

    What's Changed

    • Add colorama to pyinstaller builds for better color support on Windows by @yunzheng in https://github.com/fox-it/log4j-finder/pull/5
    • Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/6
    • Output scanning stats and version information by @yunzheng in https://github.com/fox-it/log4j-finder/pull/7

    New Contributors

    • @yunzheng made their first contribution in https://github.com/fox-it/log4j-finder/pull/5

    Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.0...v1.0.1

    Source code(tar.gz)
    Source code(zip)
    log4j-finder(8.42 MB)
    log4j-finder-linux-v1.0.1.zip(8.32 MB)
    log4j-finder-windows-v1.0.1.zip(6.13 MB)
    log4j-finder.exe(6.26 MB)
  • v1.0.0(Dec 14, 2021)

    Release of log4j-finder with Pyinstaller builds for Windows and Linux. So it can easily run on systems without Python 3.

    What's Changed

    • Add GitHub actions to generate pyinstaller binaries for windows and linux by @taufderl in https://github.com/fox-it/log4j-finder/pull/1

    New Contributors

    • @taufderl made their first contribution in https://github.com/fox-it/log4j-finder/pull/1

    Full Changelog: https://github.com/fox-it/log4j-finder/commits/v1.0.0

    Source code(tar.gz)
    Source code(zip)
    log4j-finder-linux-v1.0.0.zip(8.15 MB)
    log4j-finder-windows-v1.0.0.zip(6.05 MB)
Owner
Fox-IT
Fox-IT
Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

FaisalFs 16 Mar 24, 2022
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

Herwono W. Wijaya 130 Dec 15, 2022
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

null 60 Dec 10, 2022
A honeypot for the Log4Shell vulnerability (CVE-2021-44228)

Log4Pot A honeypot for the Log4Shell vulnerability (CVE-2021-44228). License: GPLv3.0 Features Listen on various ports for Log4Shell exploitation. Det

Thomas Patzke 79 Dec 27, 2022
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

Log4JHunt An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability. Video demo: Usage Here the help usage: $ python3 log4jhunt.py

RedHunt Labs 39 Nov 21, 2022
Log4Shell Proof of Concept (CVE-2021-44228)

CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She

Kr0ff 3 Jul 23, 2022
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Mitiga 13 Jan 4, 2022
Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

Justakazh 6 Dec 28, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 187 Jan 3, 2023
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
log4j-tools: CVE-2021-44228 poses a serious threat to a wide range of Java-based applications

log4j-tools Quick links Click to find: Inclusions of log4j2 in compiled code Calls to log4j2 in compiled code Calls to log4j2 in source code Overview

JFrog Ltd. 171 Dec 25, 2022
Scans for Log4j versions effected by CVE-2021-44228

check_mkExtension to check for log4j2 CVE-2021-44228 This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0) How it works Run i

inett GmbH 4 Jun 30, 2022
Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服

null 86 Dec 9, 2022
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

null 3 Aug 13, 2022
A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks

Log4j dork scanner This is an auto script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks. Installation:

Jagar 5 Dec 27, 2022
Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

Jordan Jay 43 Nov 9, 2022
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

Taroballz 7 Nov 9, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022