log4shelldetect

Scans a file or folder recursively for Java programs that may be vulnerable to:

CVE-2021-44228 (Log4Shell) (v2.0.x - v2.14.x)
CVE-2021-45046 (v2.15.x)
CVE-2021-45105 (v2.16.x)¹

by inspecting the class paths inside files.

If you only want possibly vulnerable files to be printed rather than all files, run with -mode list.

Usage

Usage: log4shelldetect [options] <path>

Options:
  -include-zip
        include zip files in the scan
  -mode string
        the output mode, either "report" (every java archive pretty printed) or "list" (list of potentially vulnerable files) (default "report")

License

Code here is released to the public domain under unlicense.

With the exception of velocity-1.1.9.jar which is an example vulnerable .jar file part of Velocity which is licensed under GPLv3.

2.12.2 detection is not available yet pending 2.12.3's release which I will need to test. 2.12.2 will appear as patched. ↩

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
LICENSE		LICENSE
README.md		README.md
demo.png		demo.png
go.mod		go.mod
go.sum		go.sum
main.go		main.go
velocity-1.1.9.jar		velocity-1.1.9.jar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gitignore

.gitignore

.goreleaser.yml

.goreleaser.yml

LICENSE

LICENSE

README.md

README.md

demo.png

demo.png

go.mod

go.mod

go.sum

go.sum

main.go

main.go

velocity-1.1.9.jar

velocity-1.1.9.jar

Repository files navigation

log4shelldetect

Usage

License

About

Releases 7

Packages

Languages

License

1lann/log4shelldetect

Folders and files

Latest commit

History

Repository files navigation

log4shelldetect

Usage

License

Footnotes

About

Topics

Resources

License

Stars

Watchers

Forks

Languages