log4j-detector
log4j-detector copied to clipboard
mergebase
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instan...
Hi, for log4j 1.x mitigation it could be important, to scan for the file log4j.properties contens the string "JMS" because of content like --- #configuring the custom logger log4j.logger.com.apress.logging.log4j=DEBUG, JMS...
Hi, I'm not sure whether that's the right way to go, I'm sorry if I did not understand your code properly. If you set the empirical condition variables based on...
Hi, just to let you know I ported your work to Python: https://github.com/HynekPetrak/log4shell_finder Thanks for the work and excellent research on this vulnerability. Let me know if you eventually want...
Hello there again (see my other post ;), I have an issue when scanning from '/': The progress gets stuck somewhere within /dev/usb/... and won't continue for hours. (How) can...
I created a modified version of the log4j scanner based on your great work, that does not suffer from performance / memory problems due to a different handling of the...
When I compile from source the resulting binary looks like an outdated release. This can cause having binaries with same name but different content in the wild. Please tag a...
Heya, a scan with 2021.12.13 on a basic openSUSE Leap 15.2 install that has, to my knowledge, no Java applications running takes about 45 seconds whereas with 2021.12.14 it wasn't...
Getting below error. java.lang.RuntimeException: java.io.IOException: line too long
First of all, thank you. This is a very useful tool. I was looking for a way to identify vulnerable Log4j versions inside of our Docker containers. Here is a...
I get a lot of these types of "Problem" messages. Are they safe to ignore? I am running in Windows. -- Problem: C:\Program Files\Commvault\ContentStore\CVMedia\11.0.0\Windows\BinaryPayload\LooseUpdates\CU38\BinaryPayload\adLdapTool.exe.zip - Not actually a zip!?! (no...
