Last active
January 21, 2022 19:32
-
-
Save perryflynn/e842e9a911f03204ea8dcfee0df76693 to your computer and use it in GitHub Desktop.
Find log4j for CVE-2021-44228 on some places * Log4Shell REPO: https://github.com/perryflynn/find-log4j
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # by Christian Blechert <[email protected]> | |
| # ATTENTION! It only checks ext3 + ext4 filesystems right now! | |
| # Extend it if you use something else | |
| # Repo: https://github.com/perryflynn/find-log4j | |
| while read -u 3 -r JAR | |
| do | |
| JAR=$(echo "$JAR" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//') | |
| if [ -z "$JAR" ]; then | |
| continue | |
| fi | |
| NUM=$(unzip -l "$JAR" | grep -P "^\s+[0-9]+\s+[0-9-]+\s+[0-9:]+\s+.+" | awk '{print $4}' | grep -P 'org/apache/(log4j|logging/log4j)' | wc -l) | |
| if [ $NUM -gt 0 ]; then | |
| echo "$JAR" | |
| fi | |
| done 3<<< "$(find / \( -fstype ext4 -or -fstype ext3 \) -type f -name "*.jar" 2> /dev/null)" | |
| # eof |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Finds log4j resources in running docker containers | |
| # by Christian Blechert <[email protected]> | |
| # Repo: https://github.com/perryflynn/find-log4j | |
| while read -r CONTAINER | |
| do | |
| CONTAINER=$(echo "$CONTAINER" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//') | |
| if [ -z "$CONTAINER" ]; then | |
| continue | |
| fi | |
| while read -u 3 -r JAR | |
| do | |
| JAR=$(echo "$JAR" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//') | |
| if [ -z "$JAR" ]; then | |
| continue | |
| fi | |
| rm -f moep.jar | |
| docker cp "$CONTAINER:$JAR" moep.jar | |
| NUM=$(unzip -l moep.jar | grep -P "^\s+[0-9]+\s+[0-9-]+\s+[0-9:]+\s+.+" | awk '{print $4}' | grep -P 'org/apache/(log4j|logging/log4j)' | wc -l) | |
| if [ $NUM -gt 0 ]; then | |
| echo "$CONTAINER @ $JAR" | |
| fi | |
| done 3<<< "$(docker exec -u root $CONTAINER find / -type f -name "*.jar" 2> /dev/null)" | |
| done <<< "$(docker ps --format '{{.Names}}')" | |
| # eof |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Finds log4j resources on Windows machines | |
| # by Christian Blechert <[email protected]> | |
| # Repo: https://github.com/perryflynn/find-log4j | |
| Add-Type -assembly "system.io.compression.filesystem" | |
| gwmi win32_volume | where-object { $_.filesystem -match "ntfs" -and $_.name -match "^[A-Z]:" } | sort { $_.name } | foreach-object { | |
| Get-ChildItem $_.name -File -Recurse -erroraction 'silentlycontinue' | | |
| Where-Object { $_.Name -match '\.jar$' } | | |
| Select-Object -ExpandProperty FullName | | |
| Foreach-Object { | |
| $folder = $_ | |
| $containsLog = ([io.compression.zipfile]::OpenRead($folder).Entries | | |
| Where-Object { $_.FullName -match "^org/apache/(log4j|logging/log4j)" }).Length | |
| if ( $containsLog -gt 0 ) { | |
| Write-Host "$($folder)" | |
| } | |
| } | |
| } | |
| # eof |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Created a repo: https://github.com/perryflynn/find-log4j