Skip to content

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

License

Notifications You must be signed in to change notification settings

fox-it/log4j-finder

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ad0b4db · Dec 14, 2021

History

8 Commits
Dec 14, 2021
Dec 14, 2021
Dec 14, 2021
Dec 14, 2021
Dec 14, 2021

Repository files navigation

log4j-finder

A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk and inside Java Archive files (JARs).

log4j-finder results

Usage

Example usage to scan a path (defaults to /):

$ python3 log4j-finder.py /path/to/scan

Or directly a JAR file:

$ python3 log4j-finder.py /path/to/jarfile.jar

Or multiple directories and or files:

$ python3 log4j-finder.py /path/to/dir1 /path/to/dir2 /path/to/jarfile.jar

Files or directories that cannot be accessed (Permission denied errors) are not printed. If you want to see more output, you can give the -v flag for verbose, or -vv for debug mode (only recommended for debugging purposes).