log4j-scanner vs log4j-scan

log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities. (by cisagov)

Suggest topics

DISCONTINUED

Suggest alternative

Edit details

log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 (by fullhunt)

Suggest topics

Source Code

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

log4j-scanner		log4j-scan
	Project
9	Mentions	20
1,250	Stars	3,362
-	Growth	0.9%
4.7	Activity	0.0
over 1 year ago	Latest Commit	over 1 year ago
Java	Language	Python
-	License	MIT License

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

log4j-scanner

Posts with mentions or reviews of log4j-scanner. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-07-07.

Finding the "practical" component for my thesis on Log4Shell
5 projects | /r/cybersecurity | 7 Jul 2022

https://github.com/cisagov/log4j-scanner https://github.com/fullhunt/log4j-scan https://github.com/portswigger/log4shell-scanner
CISA log4j PS scanner
3 projects | /r/PowerShell | 2 Jan 2022
So many different log4j scanner tools and scripts posted
2 projects | /r/sysadmin | 28 Dec 2021
Understanding and Exploiting Log4J Vulnerability
2 projects | dev.to | 25 Dec 2021

Alternately you can use cisagov/log4j-scanner to scan for log4j Vulnerability on your site.
Log4PowerShell - A CVE-2021-44228 Proof of Concept / Demo I wrote in PowerShell
2 projects | /r/netsec | 23 Dec 2021
Log4j scanners released by CISA, CrowdStrike
1 project | /r/technologists | 23 Dec 2021
GitHub - cisagov/log4j-scanner: log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
1 project | /r/devopsish | 22 Dec 2021
Log4j RCE Scanner
1 project | news.ycombinator.com | 21 Dec 2021

log4j-scan

Posts with mentions or reviews of log4j-scan. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-07-28.

Sublime Music - A FLOSS desktop client for Subsonic API servers (Airsonic, Navidrome, Gonic, etc)
3 projects | /r/selfhosted | 28 Jul 2022

Testing the image with github.com/fullhunt/log4j-scan and https://github.com/quay/clair shows no vulnerabilities
Finding the "practical" component for my thesis on Log4Shell
5 projects | /r/cybersecurity | 7 Jul 2022

https://github.com/cisagov/log4j-scanner https://github.com/fullhunt/log4j-scan https://github.com/portswigger/log4shell-scanner
Here's a log4j-scan in case you want to find vulnerable hosts in the pool of servers you own
1 project | /r/webdev | 23 Dec 2021
Log4j2 nightmares for self hosters?
5 projects | /r/selfhosted | 21 Dec 2021

https://github.com/fullhunt/log4j-scan Used this one for my network. Worked just fine and no setup required to run on my host.
How to Check if a Java Project Depends on A Vulnerable Version of Log4j
8 projects | dev.to | 20 Dec 2021

The team at FullHunt provided an open-source tool called log4j-scan, an automated and extensive scanner for finding vulnerable Log4j hosts. It allows teams to scan their infrastructure but also test for WAF (Web Application Firewall) bypasses that can result in code execution. The tool has several options but in short, you pass to the tool the URL to scan and you get a report on the vulnerabilities found. For example:
Log4j for Dummies: How to Determine if Your Server (or Docker Container) Is Affected by the Log4Shell Vulnerability
2 projects | /r/unRAID | 16 Dec 2021

Yep. Seems like https://github.com/fullhunt/log4j-scan/issues/80 would fix my issue. Thanks for the assist.
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
1 project | /r/hacking | 16 Dec 2021

1 project | /r/cybersecurity | 16 Dec 2021
fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
1 project | /r/devopsish | 15 Dec 2021
Log4j Vulnerability Cheatsheet
5 projects | dev.to | 14 Dec 2021

What are some alternatives?

When comparing log4j-scanner and log4j-scan you can also consider the following projects:

CVE-2021-44228-Scanner - Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

log4jpwn - log4j rce test environment and poc

Log4jSherlock

canarytokens - Canarytokens helps track activity and actions on your network.

Log4jAttackSurface

log4jscanner - A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

Log4PowerShell - A Log4j writeup and Docker based PoC written in PowerShell

mariadb-docker - Docker Official Image packaging for MariaDB

lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

log4jScanner - log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services

syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.