Log4J Scanner in PowerShell & Shell for Windows and Linux
Log4J Scanner in PowerShell & Shell for Windows and Linux
Hello! Today, I wanted to share a small vulnerability scanner developed by the Geneva-based company e-Xpert Solutions that helps detect Log4J vulnerabilities on your servers.
https://github.com/e-XpertSolutions/atdefense-research
This script was developed by: Michael Molho and David Routin.
I contributed to this project by adding the check for version 2.15, which contains a DoS vulnerability.
Yeah, I’m pretty proud of it because I had never participated in a GitHub project before. Seeing my name in the “Contributors” section feels great.
Update 12/20/2021: Version 2.16 is also vulnerable to a DoS vulnerability. I submitted a new pull request to update the PowerShell script.
Here’s how to use it on Windows:
- Download handle.exe (a Sysinternals tool) here: https://docs.microsoft.com/en-us/sysinternals/downloads/handle
- Place the script on your server.
- Run it as an administrator using this command:
powershell -ExecutionPolicy Bypass -File log4find.ps1 -HandlePath <handle.exe_filepath>
You’ll get color-coded results:
- Green: You’re good.
- Red: Warning, one or both vulnerabilities are present on your server.
- Yellow: The check failed; you should manually verify.
If the check fails, I recommend using “Everything” by voidtools. It’s an incredibly fast search engine for Windows.
To use Everything, launch it as an admin and then type your search:
log4*
The asterisk “*” acts as a wildcard.
In my case, there’s no Java on my machine, just 1000 PowerShell scripts and files/folders related to these Log4J detection scripts.
That’s it. Enjoy!
