Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
nse-log4shell
Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
We are downloaded the windows binary from here https://github.com/hillu/local-log4j-vuln-scanner and I wrote a powershell script that scans all local mapped drives for jar and war files and logs what it scans and any vulnerable findings. Found an old software package in use in our environment running log4j too
This just came out - haven’t tested it yet though - https://github.com/Qualys/log4jscanwin
I published a Powershell script to make finding and patching against Log4Shell easier on Windows systems. I hope it can help you, OP. Patch Against Log4Shell
log4shell or LogJam vulnerabilities (CVE-2021-44228) https://github.com/Diverto/nse-log4shell
Use https://github.com/sp4ir/incidentresponse/blob/main/Get-Log4shellVuln.ps1 to find any jars with the JNDI look up.