Skip to content
/ log4shell Public

Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hozyx/log4shell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 

Repository files navigation

log4shell

Python Script to scan the server file system for log4j jars that are vulnerable to CVE-2021-44228 and CVE-2021-45046. The script recursively goes through the file system (including zip, ear, war) to find log4j versions 2.* to 2.15 with org/apache/logging/log4j/core/lookup/JndiLookup.class.

The script takes the file system path to scan and lists down the vulnerable jar File Path, Bundle-Version, and Bundle-Name. The values are colon ":" separated. This output format is useful if the script is executed by an orchestration tool like Ansible and needs to be machine-readable.

The script supports additional options --Summary and --UnprocessedFiles to print more details of the scan.

About

Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published