From b357bbc36278ba24ae6053598df2c8e5b23c7c09 Mon Sep 17 00:00:00 2001
From: breadchris <chris@lunasec.io>
Date: Fri, 31 Dec 2021 13:03:59 -0500
Subject: [PATCH 1/2] update CLI readme

---
 tools/log4shell/README.md | 53 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 49 insertions(+), 4 deletions(-)

diff --git a/tools/log4shell/README.md b/tools/log4shell/README.md
index 441627c75..96e0675f7 100644
--- a/tools/log4shell/README.md
+++ b/tools/log4shell/README.md
@@ -13,10 +13,18 @@
 -->
 # Log4Shell
 
-A CLI tool for identifying and patching the Log4Shell vulnerability.
+A CLI tool to identify and mitigate the impact of the [Log4Shell (CVE-2021-44228)](https://log4shell.com) vulnerability.
 
 ## Usage
 
+The available commands are:
+
+```shell
+scan, s       Scan directories, passed as arguments, for archives (.jar, .war) which contain class files that are vulnerable to the log4shell vulnerability.
+patch, p      Patches findings of libraries vulnerable toLog4Shell by removing the JndiLookup.class file from each.
+livepatch, l  Perform a live patch of a system by exploiting the log4shell vulnerability for immediate mitigation. The payload executed patches the running process to prevent further payloads from being able to be executed.
+```
+
 ### Scanning
 Scan directories for known vulnerable Log4j dependencies.
 
@@ -24,13 +32,28 @@ Scan directories for known vulnerable Log4j dependencies.
 $ log4shell scan  <dir1> <dir2> ...
 ```
 
+Note: By default, Log4j 1.x.x vulnerabilities are not included in findings as to reflect that this tool was created
+to identify the Log4Shell vulnerability. To also scan for vulnerabilities affecting these versions, pass the option `--include-log4j1`
+when scanning.
+
 Output findings to a file in json format with `--output`.
 
 ```shell
 $ log4shell scan --output findings.json <dir>
 ... 
-$ cat findings.json
-{"vulnerable_libraries":[{"path":"test/vulnerable-log4j2-versions/target/dependency/log4j-core-2.0-rc1.jar","file_name":"org/apache/logging/log4j/core/lookup/JndiLookup.class","hash":"39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8","version_info":"log4j 2.0-rc1","cve":"CVE-2021-44228"}, ...]}
+$ cat findings.json | jq .
+{
+  "vulnerable_libraries": [
+    {
+      "path": "test/vulnerable-log4j2-versions/target/dependency/log4j-core-2.0-rc1.jar",
+      "file_name": "org/apache/logging/log4j/core/lookup/JndiLookup.class",
+      "hash": "39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8",
+      "version_info": "log4j 2.0-rc1",
+      "cve": "CVE-2021-44228"
+    },
+    ...
+  ]
+}
 ```
 
 To output findings, as the tool discovers them, in json format, use `--json`.
@@ -62,6 +85,28 @@ exclude multiple subdirectories.
 $ log4shell scan --exclude <subdir1> --exclude <subdir2> <dir1> <dir2>
 ```
 
+Here are some OS specific examples for scanning:
+
+Linux/MacOS
+```shell
+sudo ./log4shell scan --no-follow-symlinks --json --output [YourFIle].json --include-log4j1 [Path]
+```
+
+Windows
+```shell
+# Scan the C drive
+.\log4shell_1.4.0-log4shell_Windows_x86_64.exe scan --no-follow-symlinks --json --output result.json --include-log4j1 c:\
+
+# Scan multiple paths or drives
+.\log4shell_1.4.0-log4shell_Windows_x86_64.exe scan --no-follow-symlinks --json --output result.json --include-log4j1 C:\Users\Oli\Documents\ C:\Users\oli\Downloads\
+
+.\log4shell_1.4.0-log4shell_Windows_x86_64.exe scan --no-follow-symlinks --json --output result.json --include-log4j1 C:\ D:\
+```
+
+### Patch
+
+Patch existing 
+
 ### Live Patch
 Run a Live Patch server.
 
@@ -95,4 +140,4 @@ Find the compiled tool for your OS [here](https://github.com/lunasec-io/lunasec/
 git tag -a v<VERSION>-log4shell -m "<RELEASE NAME>"
 git push origin v<VERSION>-log4shell
 GITHUB_TOKEN=<GITHUB_PERSONAL_ACCESS_TOKEN> goreleaser release --rm-dist
-```
\ No newline at end of file
+```

From 3c62a744077e34e918f7a71463fef4c1e0074204 Mon Sep 17 00:00:00 2001
From: breadchris <chris@lunasec.io>
Date: Fri, 31 Dec 2021 13:07:47 -0500
Subject: [PATCH 2/2] update readme format

---
 tools/log4shell/README.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/tools/log4shell/README.md b/tools/log4shell/README.md
index 96e0675f7..401682671 100644
--- a/tools/log4shell/README.md
+++ b/tools/log4shell/README.md
@@ -19,11 +19,9 @@ A CLI tool to identify and mitigate the impact of the [Log4Shell (CVE-2021-44228
 
 The available commands are:
 
-```shell
-scan, s       Scan directories, passed as arguments, for archives (.jar, .war) which contain class files that are vulnerable to the log4shell vulnerability.
-patch, p      Patches findings of libraries vulnerable toLog4Shell by removing the JndiLookup.class file from each.
-livepatch, l  Perform a live patch of a system by exploiting the log4shell vulnerability for immediate mitigation. The payload executed patches the running process to prevent further payloads from being able to be executed.
-```
+* `scan` - Scan directories, passed as arguments, for archives (.jar, .war) which contain class files that are vulnerable to the log4shell vulnerability.
+* `patch` - Patches findings of libraries vulnerable toLog4Shell by removing the JndiLookup.class file from each.
+* `livepatch` - Perform a live patch of a system by exploiting the log4shell vulnerability for immediate mitigation. The payload executed patches the running process to prevent further payloads from being able to be executed.
 
 ### Scanning
 Scan directories for known vulnerable Log4j dependencies.