A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228)
It scans recursively both on disk and inside Java Archive files (JARs).
Example usage to scan a path (defaults to /):
$ python3 log4j-finder.py /path/to/scanOr directly a JAR file:
$ python3 log4j-finder.py /path/to/jarfile.jarOr multiple directories and or files:
$ python3 log4j-finder.py /path/to/dir1 /path/to/dir2 /path/to/jarfile.jarFiles or directories that cannot be accessed (Permission denied errors) are not printed.
If you want to see more output, you can give the -v flag for verbose, or -vv for debug mode (only recommended for debugging purposes).