The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Log4shelldetect Alternatives
Similar projects and alternatives to log4shelldetect
-
CVE-2021-44228-Scanner
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
-
local-log4j-vuln-scanner
Simple local scanner for vulnerable log4j instances
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
log4shell_ioc_ips
log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)
-
Log4j-CVE-Detect
Detections for CVE-2021-44228 inside of nested binaries
-
log4j-sniffer
A tool that scans archives to check for vulnerable log4j versions
-
Empire
Discontinued Empire is a PowerShell and Python post-exploitation agent.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Logout4Shell
Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
log4shelldetect reviews and mentions
-
Today is a bad day to run a VMWare cluster with thousands of java apps.
Apologies if this is a rule 2 violation, but I thought I might share a tool I wrote to detect .jars that are potentially vulnerable in case people find it useful (currently it only identifies if the vulnerable classpath is present, and whether or not it is updated to the fixed version): https://github.com/1lann/log4shelldetect
I'm not sure what you mean. You can deploy a built binary over your network and run it on all your servers. For example: curl -sSL https://github.com/1lann/log4shelldetect/releases/download/v0.0.2/log4shelldetect_0.0.2_Linux_x86_64.tar.gz | tar -C /tmp/ -zxf - log4shelldetect && /tmp/log4shelldetect -mode list /path/to/scan 2>/dev/null would download and extract the prebuilt binary to /tmp, and run it scanning at /path/to/scan, only outputting paths to potentially vulnerable .jars and ignoring warnings. You can replace the URL with your own build or distribute your own build as you wish.
- Log4j 0day being exploited
-
A note from our sponsor - WorkOS
workos.com | 29 Mar 2024
Stats
1lann/log4shelldetect is an open source project licensed under The Unlicense which is not an OSI approved license.
The primary programming language of log4shelldetect is Go.
Popular Comparisons
- log4shelldetect VS CVE-2021-44228-Scanner
- log4shelldetect VS local-log4j-vuln-scanner
- log4shelldetect VS log4shell_ioc_ips
- log4shelldetect VS log4j-sniffer
- log4shelldetect VS Log4j-CVE-Detect
- log4shelldetect VS Windowslog4jClassRemover
- log4shelldetect VS Empire
- log4shelldetect VS Apache Log4j 2
- log4shelldetect VS Logout4Shell
- log4shelldetect VS apache-log4j-poc