log4j-detector
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC (by mergebase)
Get-log4j-Windows-local
Identifying all log4j components across on local windows servers. CVE-2021-44228 (by KeysAU)
log4j-detector | Get-log4j-Windows-local | |
---|---|---|
8 | 2 | |
631 | 5 | |
0.0% | - | |
0.0 | 4.1 | |
about 2 years ago | over 2 years ago | |
Java | PowerShell | |
GNU General Public License v3.0 or later | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4j-detector
Posts with mentions or reviews of log4j-detector.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-13.
-
Continuing log4j detection
If you don't have server scanning tools like Nessus or Tenable that are capable of detecting log4j (nested or mitigsted), you could set up ad-hoc scanning with an open source tool like https://github.com/mergebase/log4j-detector
- Show HN: Log4j-detector – Finds all Log4j versions on a given file-system
-
Does Log4J require Java to be installed?
No- if you want to determine if a server is vulnerable this is actually the best script which is currently out there: https://github.com/mergebase/log4j-detector
-
Log4j Windows Scanner
There's also https://github.com/mergebase/log4j-detector, which is from MergeBase (a software composition analysis company).
- Welp, how's your LOG4J remediation coming along?
- log4j-detector: Detects log4j versions on your file-system, including deeply recursively nested copies (zips inside zips inside zips).
- Detects Log4j versions on your file-system
- Log4j 0day being exploited (mega thread/ overview)
Get-log4j-Windows-local
Posts with mentions or reviews of Get-log4j-Windows-local.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-16.
-
Powershell Script to check for Log4j Vulnerability
Single server, local host: https://github.com/KeysAU/Get-log4j-Windows-local
- Log4j Windows Scanner
What are some alternatives?
When comparing log4j-detector and Get-log4j-Windows-local you can also consider the following projects:
log4j-scanner - Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
CVE-2021-44228-Log4Shell-Hashes - Hashes for vulnerable LOG4J versions
Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
Get-log4j-Windows.ps1 - Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
log4jshield - Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
CVE-2021-44228_scanner - Scanners for Jar files that may be vulnerable to CVE-2021-44228
PowerShellSnippets