log4shell-tool
Log4Shell Enumeration, Mitigation and Attack Detection Tool (by datto)
PowerShellSnippets
By omrsafetyo
log4shell-tool | PowerShellSnippets | |
---|---|---|
4 | 8 | |
15 | 54 | |
- | - | |
0.0 | 4.9 | |
10 months ago | over 2 years ago | |
PowerShell | ||
Apache License 2.0 | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4shell-tool
Posts with mentions or reviews of log4shell-tool.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-20.
- Lacerte Tax - Log4j
-
Evidence of a log4j attack found - Now what?
Start with confirming that an incident took place. My five-minute understanding of Datto's ComStore log4shell tool is that it does two things:
- Log4j PDQ scan profile
-
Automating with PowerShell: Detecting Log4j
For an in-depth explanation of what variables are required, please check the 'Usage' section of the readme viewable at https://github.com/datto/log4shell-tool. This explains the three variables that need to be set and what values to set them to.
PowerShellSnippets
Posts with mentions or reviews of PowerShellSnippets.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-26.
-
Script all database object to single file per object using dbatools
So if for whatever reason you can't get the dba tools to work (it looks like there is a viable answer above), you can always use scripting options with the script method to script out database objects, via SMO. I have a sample script here which is a bit different from what you've asked for, but shows the fundamentals of what you might want to do.
- Log4j vulnerability mitigation
-
In case anyone needs it, here's a quick and dirty powershell script to patch log4j to prevent log4shell (CVE-2021-44228)
Not that messy! I added a link to this thread and direct to the github link from my README on my scanner utility repo. When I get a chance I may borrow this and updated it to use the same remote methods I used in the last script, but read the file/computer list from my generated CSV - that way people can clean up the CSV for their particular targets, and push an update with this script. Nice work!
- The Log4j Vulnerability Explained : Detection and Exploitation | TryHackMe Log4j
-
Log4j PDQ scan profile
The issue with searching for log4j*.jar is that you miss out on bundled jars which have different filenames hashes. It might be a better approach to search for all jar files and look inside if there is a jndilookup.class mentioned. This might add some false positives - but this is imho better than false negatives. Here is a powershell script which implements that approach: https://github.com/omrsafetyo/PowerShellSnippets/blob/master/Invoke-Log4ShellScan.ps1
- Log4j 0day being exploited (mega thread/ overview)
- Log4Shell Scanner multi-server, massively parallel PowerShell
What are some alternatives?
When comparing log4shell-tool and PowerShellSnippets you can also consider the following projects:
Get-log4j-Windows.ps1 - Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
CVE-2021-44228-Log4Shell-Hashes - Hashes for vulnerable LOG4J versions
CIPP - CIPP is a M365 multitenant management solution
Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
incidentresponse
Log4j-PoSH - Powershell tools for log4j vulnerability