A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228 & CVE-2021-45046).
It scans recursively both on disk and inside Java Archive files (JARs).
You can install log4j-finder using one of the following methods:
You can download the correct binary for your Operating System:
- Windows latest: log4j-finder.exe
- Linux latest: log4j-finder
If you are on Linux you can also download the latest release and run using one of the following ways:
curl -L https://github.com/fox-it/log4j-finder/releases/latest/download/log4j-finder -o log4j-finder
chmod +x log4j-finder
sudo ./log4j-finderwget https://github.com/fox-it/log4j-finder/releases/latest/download/log4j-finder -O log4j-finder
chmod +x log4j-finder
sudo ./log4j-finderFor distribution with Python 3 installed, one following methods also work:
curl -L https://github.com/fox-it/log4j-finder/raw/main/log4j-finder.py -o log4j-finder.py
sudo python3 log4j-finder.pywget https://github.com/fox-it/log4j-finder/raw/main/log4j-finder.py
sudo python3 log4j-finder.pygit clone https://github.com/fox-it/log4j-finder
cd log4j-finder
sudo python3 log4j-finder.pyExample usage to scan a path (defaults to /):
$ python3 log4j-finder.py /path/to/scanOr directly a JAR file:
$ python3 log4j-finder.py /path/to
4F42
/jarfile.jarOr multiple directories and or files:
$ python3 log4j-finder.py /path/to/dir1 /path/to/dir2 /path/to/jarfile.jarFiles or directories that cannot be accessed (Permission denied errors) are not printed.
If you want to see more output, you can give the -v flag for verbose, or -vv for debug mode (only recommended for debugging purposes).