Log4Shell / Log4J Detection Scripts

2 years ago
12 January 2022
2 replies
1344 views

DavidRies
Rookie
0 replies

Hi Everyone,

Some of my Arctic Wolf customers and colleagues asked me to post here and share our Log4Shell vulnerability detections scripts with the Automox community:

GitHub: https://github.com/rtkwlf/wolf-tools/tree/main/log4shell
Windows PowerShell: https://github.com/rtkwlf/wolf-tools/blob/main/log4shell/log4shell_deep_scan.ps1
Linux/macOS sh: https://github.com/rtkwlf/wolf-tools/blob/main/log4shell/log4shell_deep_scan.sh

The Arctic Wolf Log4Shell Deep Scan is designed to detect Java application packages subject to CVE-2021-44228 and CVE-2021-45046.

The scripts search the system for Java applications that contain the Log4J class JndiLookup.class which is the source of the Log4Shell vulnerabilities. If this class is found within an application, the script looks for updates to Log4J that indicate the application has been updated to use Log4J 2.16+ or Log4J 2.12.2+. If the application contains JndiLookup.class but does not appear to have been updated, the application is vulnerable.

If you have any questions about the script or feedback, let me know!

- David Ries

2 replies

A

Anonymous
0 replies
2 years ago
12 January 2022

Oh dang..score! Thanks, @DavidRies!

A

Anonymous
0 replies
2 years ago
18 January 2022

QUICK UPDATE - due to the amazingly high quality of this script, it’s now available as a tested/approved worklet to our entire install base and can be found here in the Worklet Catalog. This is one of the best log4j remediation approaches we’ve seen, so our team made it official. Some screenshots can be seen below:

Big thanks to @DavidRies and the folks at ArcticWolf for this one! :metal:

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded