log4shell-tool
incidentresponse | log4shell-tool | |
---|---|---|
6 | 4 | |
24 | 15 | |
- | - | |
0.0 | 0.0 | |
about 1 year ago | 10 months ago | |
PowerShell | ||
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
incidentresponse
-
So how exactly is Log4j supposed to be patched/mitigated on Windows?
Use https://github.com/sp4ir/incidentresponse/blob/main/Get-Log4shellVuln.ps1 to find any jars with the JNDI look up.
- Remote searching log4j [Windows]
- Is this Powershell script thorough for detecting the Log4J vulnerability?
- Nice Log4J Response Arcserve....
- Everybody thinks that they can do IT because they’ve used a computer as users
-
Log4j PDQ scan profile
For now, I've setup two different scanners in PDQ. One of the PDQ example, and one of another I found, and running both to be safe. Here is the 2nd one I'm using, I modified it though so it wasn't trying to write direct to the C drive, as that may fail (but it does have to go to a folder that exists). https://github.com/sp4ir/incidentresponse/blob/35a2faae8512884bcd753f0de3fa1adc6ec326ed/Get-Log4shellVuln.ps1
log4shell-tool
- Lacerte Tax - Log4j
-
Evidence of a log4j attack found - Now what?
Start with confirming that an incident took place. My five-minute understanding of Datto's ComStore log4shell tool is that it does two things:
- Log4j PDQ scan profile
-
Automating with PowerShell: Detecting Log4j
For an in-depth explanation of what variables are required, please check the 'Usage' section of the readme viewable at https://github.com/datto/log4shell-tool. This explains the three variables that need to be set and what values to set them to.
What are some alternatives?
log4jscanwin - Log4j Vulnerability Scanner for Windows
Get-log4j-Windows.ps1 - Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
PowerShellSnippets
CIPP - CIPP is a M365 multitenant management solution
nse-log4shell - Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
local-log4j-vuln-scanner - Simple local scanner for vulnerable log4j instances
signature-base - YARA signature and IOC database for my scanners and tools
CVE-2021-44228-Scanner - Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
CVE-2021-44228-Log4Shell-Hashes - Hashes for vulnerable LOG4J versions
PatchAgainstLog4Shell - This is for patching against Log4Shell in Windows via Powershell
Log4Shell-Automated - This is an automated script to scan for Log4J vulnerabilities. This is based off of the Datto script.