Top 19 log4shell Open-Source Projects

lunasec

36 1,406 5.5 TypeScript

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
log4shell-vulnerable-app

5 1,091 0.0 Java

Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
log4j-detector

8 631 0.0 Java

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
log4j-finder

2 435 0.0 Python

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
local-log4j-vuln-scanner

10 383 1.8 Go

Simple local scanner for vulnerable log4j instances
log4jpwn

1 308 0.0 Python

log4j rce test environment and poc
Log4j-RCE-Scanner

1 255 3.8 Shell

Remote command execution vulnerability scanner for Log4j.
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
L4sh

1 254 0.0 Python

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
Log4Shell-IOCs

1 184 3.6 Python

A collection of intelligence about Log4Shell and its exploitation activity.
log4jscanwin

4 154 1.3 C

Log4j Vulnerability Scanner for Windows
log4shell-tools

8 84 4.5 Go

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
log4j-cve-2021-44228

6 56 3.6

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
Log4JShell-Bytecode-Detector

4 50 0.0 Java

Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
Log4jPatcher

2 46 0.0 Java

A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
log4shelldetect

3 44 0.0 Go

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
log4shell_ioc_ips

3 36 0.0 Shell

log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)
log4j-scan-turbo

2 27 1.8 Shell

Multithreaded log4j vulnerability scanner using only bash! Tests all JNDI protocols, HTTP GET/POST, and 84 headers.
log4jshield

2 14 0.0 Shell

Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
log4j2-rce-poc

1 3 4.1 Kotlin

A bare minimum proof-of-concept for Log4j2 JNDI RCE vulnerability (CVE-2021-44228/Log4Shell).
SaaSHub

www.saashub.com sponsored

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

log4shell related posts

How to send similar payload to different http headers?
1 project | /r/HowToHack | 6 Apr 2022
Example exploits for MacOS Endpoint Protection assessment
1 project | /r/macsysadmin | 6 Mar 2022
Received a visit from the infamous Dejmnok420 today. Can anyone ELI5 the steps to take now?
1 project | /r/admincraft | 1 Mar 2022
Log4J Network Scanning/Detection on a 100k+ Node Network
3 projects | /r/networking | 8 Jan 2022
Log4jscanner by Google
5 projects | /r/devops | 29 Dec 2021
Well it's Log4J Patch Day. Again. (2.17 now available to fix infinite recursion bug)
2 projects | /r/sysadmin | 18 Dec 2021
So how exactly is Log4j supposed to be patched/mitigated on Windows?
7 projects | /r/sysadmin | 18 Dec 2021
A note from our sponsor - SaaSHub
www.saashub.com | 28 Apr 2024

SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source log4shell projects? This list will help you:

	Project	Stars
1	lunasec	1,406
2	log4shell-vulnerable-app	1,091
3	log4j-detector	631
4	log4j-finder	435
5	local-log4j-vuln-scanner	383
6	log4jpwn	308
7	Log4j-RCE-Scanner	255
8	L4sh	254
9	Log4Shell-IOCs	184
10	log4jscanwin	154
11	log4shell-tools	84
12	log4j-cve-2021-44228	56
13	Log4JShell-Bytecode-Detector	50
14	Log4jPatcher	46
15	log4shelldetect	44
16	log4shell_ioc_ips	36
17	log4j-scan-turbo	27
18	log4jshield	14
19	log4j2-rce-poc	3