log4j-detector
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC (by mergebase)
log4j-scanner
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS (by name)
| log4j-detector | log4j-scanner | |
|---|---|---|
| 8 | 1 | |
| 631 | 3 | |
| 0.0% | - | |
| 0.0 | 10.0 | |
| about 2 years ago | over 2 years ago | |
| Java | Go | |
| GNU General Public License v3.0 or later | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4j-detector
Posts with mentions or reviews of log4j-detector.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-13.
-
Continuing log4j detection
If you don't have server scanning tools like Nessus or Tenable that are capable of detecting log4j (nested or mitigsted), you could set up ad-hoc scanning with an open source tool like https://github.com/mergebase/log4j-detector
- Show HN: Log4j-detector – Finds all Log4j versions on a given file-system
-
Does Log4J require Java to be installed?
No- if you want to determine if a server is vulnerable this is actually the best script which is currently out there: https://github.com/mergebase/log4j-detector
-
Log4j Windows Scanner
There's also https://github.com/mergebase/log4j-detector, which is from MergeBase (a software composition analysis company).
- Welp, how's your LOG4J remediation coming along?
- log4j-detector: Detects log4j versions on your file-system, including deeply recursively nested copies (zips inside zips inside zips).
- Detects Log4j versions on your file-system
- Log4j 0day being exploited (mega thread/ overview)
log4j-scanner
Posts with mentions or reviews of log4j-scanner.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-13.
What are some alternatives?
When comparing log4j-detector and log4j-scanner you can also consider the following projects:
Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
log4jshield - Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
PowerShellSnippets