Skip to content
/ log4shelldetect Public

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

License

Unlicense license
45 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

1lann/log4shelldetect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
velocity-1.1.9.jar
velocity-1.1.9.jar
 
 

Repository files navigation

log4shelldetect

Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the jar.

If you only want possibly vulnerable jars to be printed rather than all jars, run with -mode list.

Usage

Usage: log4shelldetect [options] <path>

Options:
  -mode string
        the output mode, either "report" (every jar pretty printed) or "list" (list of potentially vulnerable files) (default "report")

License

Code here is released to the public domain under unlicense.

With the exception of velocity-1.1.9.jar which is an example vulnerable .jar file part of Velocity which is licensed under GPLv3.

About

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

Topics

log4j scanner vulnerability-scanners log4j2 cve-2021-44228 log4shell cve-2021-45046

Resources

Readme

License

Unlicense license
Activity

Stars

45 stars

Watchers

6 watching

Forks

8 forks
Report repository

Releases 7

v0.0.7 Latest
Dec 18, 2021
+ 6 releases

Packages

No packages published

Languages