CISA log4j PS scanner

This page summarizes the projects mentioned and recommended in the original post on /r/PowerShell

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • log4j-scanner

    Discontinued log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

  • Log4jSherlock

    I have used the https://github.com/Maelstromage/Log4jSherlock Log4jSherlock scanner which is powershell based and looks on windows machines for AR, WAR, EAR, JPI, HPI files that contain the log4j libraries and vulnerable pom properties. This script creates a csv file named for each system scanned and provides locations of all AR, WAR, EAR, JPI, HPI files and details on if they contain the log4j components. This is a good way to narrow the search for a dynamic scan such as the CISA scanning tool listed above, or to just identify and patch affected instances.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts