Giters

nikaiw / log4jscanner

A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

log4jscanner

Go Reference

A minor fork of https://github.com/google/log4jscanner

Changes

  • The scanner won't detect patched version 2.12.2+ and 2.3.1+
  • The scanner will detect the vulnerable version between 2.0-beta9 and 2.0
  • The scanner scan all local disks if no argument is given
  • The scanner checks .par, .sar , .kar
  • The scanner will output to stdout the result as CSV with the following format:

"hostname","path","version"

Installing

Pre-compiled binaries are available as [release assets][releases].

To install from source with an existing [Go][go] v1.17+ installation, either use [go install][go-install]:

go install github.com/nikaiw/log4jscanner@latest

Or build from the repo directly:

git clone https://github.com/nikaiw/log4jscanner.git
cd log4jscanner
go build -o log4jscanner

About

A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

License:Apache License 2.0

Languages

Language:Go 92.8%Language:Shell 7.2%