1lann / log4shelldetect Public

Notifications You must be signed in to change notification settings
Fork 8
Star 45

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

Unlicense license

45 stars 8 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
LICENSE		LICENSE
README.md		README.md
demo.png		demo.png
go.mod		go.mod
go.sum		go.sum
main.go		main.go
velocity-1.1.9.jar		velocity-1.1.9.jar

Repository files navigation

log4shelldetect

Scans a file or folder recursively for Java programs that may be vulnerable to:

CVE-2021-44228 (Log4Shell) (v2.0.x - v2.14.x)
CVE-2021-45046 (v2.15.x)
CVE-2021-45105 (v2.16.x)

by inspecting the class paths inside files.

If you only want possibly vulnerable files to be printed rather than all files, run with -mode list.

Usage

Usage: log4shelldetect [options] <path>

Options:
  -include-zip
        include zip files in the scan
  -mode string
        the output mode, either "report" (every java archive pretty printed) or "list" (list of potentially vulnerable files) (default "report")

License

Code here is released to the public domain under unlicense.

With the exception of velocity-1.1.9.jar which is an example vulnerable .jar file part of Velocity which is licensed under GPLv3.

About

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

log4j scanner vulnerability-scanners log4j2 cve-2021-44228 log4shell cve-2021-45046

Readme

Unlicense license

Activity

45 stars

6 watching

8 forks

Report repository