CVE-2021-44228_scanner vs local-log4j-vuln-scanner

CVE-2021-44228_scanner

Scanners for Jar files that may be vulnerable to CVE-2021-44228 (by CERTCC)

Suggest topics

Source Code

Suggest alternative

Edit details

local-log4j-vuln-scanner

Simple local scanner for vulnerable log4j instances (by hillu)

Log4j2 log4shell cve-2021-44228 cve-2019-17571 Scanner Security security-tools

Source Code

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

CVE-2021-44228_scanner		local-log4j-vuln-scanner
	Project
13	Mentions	10
346	Stars	381
0.0%	Growth	-
1.8	Activity	1.8
about 2 years ago	Latest Commit	almost 2 years ago
PowerShell	Language	Go
BSD 2-clause "Simplified" License	License	GNU General Public License v3.0 only

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

CVE-2021-44228_scanner

Posts with mentions or reviews of CVE-2021-44228_scanner. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-01-16.

Bitcoin miner support/suggestions (log4j)
1 project | /r/sysadmin | 1 Oct 2022
Log4J Scanner via Ninja
1 project | /r/msp | 18 Jan 2022
Log4 detection by enterprise tools
2 projects | /r/cybersecurity | 16 Jan 2022
Log4J Network Scanning/Detection on a 100k+ Node Network
3 projects | /r/networking | 8 Jan 2022

The last scanner type is looking for the classes. Carnegie Mellon’s CERTCC released one that is referenced by CISA: https://github.com/CERTCC/CVE-2021-44228_scanner that look for class names and some fingerprints. Then there is a scanner written in Go that checks for the vulnerable class files and their hashes (inside JARs, WARs,EARs, and zips). https://github.com/hillu/local-log4j-vuln-scanner
Any free tool to scan for Log4Shell and Log4j vulnerabilities?
2 projects | /r/sysadmin | 4 Jan 2022
Log4j vulnerability mitigation
3 projects | /r/sysadmin | 26 Dec 2021
Is Log4J really fixed?
1 project | /r/Minecraft | 25 Dec 2021

See: https://github.com/CERTCC/CVE-2021-44228_scanner
Add CERTCC log4j scan to PDQ?
1 project | /r/sysadmin | 21 Dec 2021

I'd like to use this to this script scan our network for log4j vulnberabilties: https://github.com/CERTCC/CVE-2021-44228_scanner
Log4J "JndiLookup.class" question
1 project | /r/sysadmin | 18 Dec 2021
Is my Powershell Log4J scanner sufficient?
1 project | /r/sysadmin | 17 Dec 2021

local-log4j-vuln-scanner

Posts with mentions or reviews of local-log4j-vuln-scanner. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-01-08.

Log4J Network Scanning/Detection on a 100k+ Node Network
3 projects | /r/networking | 8 Jan 2022

The last scanner type is looking for the classes. Carnegie Mellon’s CERTCC released one that is referenced by CISA: https://github.com/CERTCC/CVE-2021-44228_scanner that look for class names and some fingerprints. Then there is a scanner written in Go that checks for the vulnerable class files and their hashes (inside JARs, WARs,EARs, and zips). https://github.com/hillu/local-log4j-vuln-scanner
Log4jscanner by Google
5 projects | /r/devops | 29 Dec 2021

I have been scanning with https://github.com/hillu/local-log4j-vuln-scanner and that problem was resolved in there.
So how exactly is Log4j supposed to be patched/mitigated on Windows?
7 projects | /r/sysadmin | 18 Dec 2021

If you want to scan your system for vulnerable log4j instances, https://github.com/hillu/local-log4j-vuln-scanner has binaries and is constantly updated
All log4j detection tools fail these cases - be careful
2 projects | /r/sysadmin | 15 Dec 2021

We are using this local log4j scanner: https://github.com/hillu/local-log4j-vuln-scanner/
Cisco AMP/Endpoint is not a great product for Endpoint Security.
2 projects | /r/Cisco | 15 Dec 2021

https://github.com/hillu/local-log4j-vuln-scanner - Nope
Vulnerabilidade Log4j
2 projects | /r/devpt | 15 Dec 2021
Can PDQ be used to scan for log4j usage?
1 project | /r/pdq | 13 Dec 2021

Log4j may be included in other jars, so a recursive ps scan like https://github.com/hillu/local-log4j-vuln-scanner may come to rescue
Any mitigations in the works for the log4j critical CVE?
1 project | /r/QRadar | 12 Dec 2021

The scanner provided by https://github.com/hillu/local-log4j-vuln-scanner gives us the following output when using "/opt/qradar/" as directory.
Log4j 0day being exploited
10 projects | /r/blueteamsec | 9 Dec 2021

What are some alternatives?

When comparing CVE-2021-44228_scanner and local-log4j-vuln-scanner you can also consider the following projects:

hotpatch-for-apache-log4j2 - An agent to hotpatch the log4j RCE from CVE-2021-44228.

tfsec - Security scanner for your Terraform code

CVE-2021-44228-Log4Shell-Hashes - Hashes for vulnerable LOG4J versions

log4jscanner - A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

Get-log4j-Windows.ps1 - Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228

CVE-2021-44228-Scanner - Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.

Log4jPatcher - A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

log4shell - Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

nse-log4shell - Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)

log4shell-detector - Detector for Log4Shell exploitation attempts

Windowslog4jClassRemover

CVE-2021-44228_scanner vs hotpatch-for-apache-log4j2 local-log4j-vuln-scanner vs tfsec CVE-2021-44228_scanner vs CVE-2021-44228-Log4Shell-Hashes local-log4j-vuln-scanner vs log4jscanner CVE-2021-44228_scanner vs Get-log4j-Windows.ps1 local-log4j-vuln-scanner vs CVE-2021-44228-Scanner CVE-2021-44228_scanner vs nuclei local-log4j-vuln-scanner vs Log4jPatcher CVE-2021-44228_scanner vs log4shell local-log4j-vuln-scanner vs nse-log4shell CVE-2021-44228_scanner vs log4shell-detector local-log4j-vuln-scanner vs Windowslog4jClassRemover

Compare CVE-2021-44228_scanner vs local-log4j-vuln-scanner and see what are their differences.

CVE-2021-44228_scanner

local-log4j-vuln-scanner

CVE-2021-44228_scanner

local-log4j-vuln-scanner

What are some alternatives?