righettod · December 13, 2021 19:16 · righettod · Dec 12, 2021
diff --git a/identify-class-location.sh b/identify-class-location.sh
 #!/bin/bash
 #########################################################################################################
 # Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files
 # Based on this script:
 # https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh
 #########################################################################################################
 if [ "$#" -lt 1 ]; then
    script_name=$(basename "$0")
    echo "Usage:"
    echo "   $script_name [APP_LIBS_FOLDER]"
    echo ""
    echo "Call example:"
    echo "    $script_name /tmp/app-jars"
    exit 1
 fi
 # Set here the folder path in which all the JAR files of the app were copied 
 TARGET_CLASS_NAME="org/apache/logging/log4j/core/lookup/JndiLookup.class"
 APP_LIBS_FOLDER=$1
 WORK_FOLDER=/tmp/work
 LIBS_COUNT=$(ls $APP_LIBS_FOLDER/*.jar | wc -l)
 echo -e "\e[93m[+] Searching class '$TARGET_CLASS_NAME' accross $LIBS_COUNT libraries...\e[0m"
 find=0
 find_one=0
 i=0
 cdir=$(pwd)
 for lib in $APP_LIBS_FOLDER/*.jar
 do
 	i=$((i+1))
 	echo -ne "\rInspecting file $i/$LIBS_COUNT..."
 	find=$(unzip -l $lib | grep -c "$TARGET_CLASS_NAME")
 	if [ $find -ne 0 ]
 	then
 		find_one=1
 		echo ""
 		echo -e "\e[92m[!] Class found in the file '$(basename $lib)'.\e[0m"
 		echo -e "\e[93m[+] Try to find the Maven artefact version...\e[0m"
 		rm -rf $WORK_FOLDER 2>/dev/null
 		mkdir $WORK_FOLDER
 		unzip -q -d $WORK_FOLDER $lib
 		cd $WORK_FOLDER
 		for f in $(grep -r "groupId\s*=\s*org.apache.logging.log4j" *)
 		do
 			file_loc=$(echo $f | cut -d":" -f1)
 			artefact_version=$(grep -Po "version\s*=\s*.*" $file_loc | sed 's/version=//g')
 			echo "File          : $(basename $lib)"
 			echo "Metadata file : $file_loc"
 			echo "Log4J version : $artefact_version"
 		done
 		cd $cdir
 		rm -rf $WORK_FOLDER 2>/dev/null
 	fi
 done
 if [ $find_one -eq 0 ]
 then
 	echo ""
 	echo -e "\e[91m[!] Class not found!\e[0m"
 else
 	echo -ne "\r\e[93m[+] Inspection finished.\e[0m"
 	echo ""
 fi
	#!/bin/bash
	#########################################################################################################
	# Script to identify Log4J affected class for CVE-2021-44228 in a collection of jar files
	# Based on this script:
	# https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh
	#########################################################################################################
	if [ "$#" -lt 1 ]; then
	script_name=$(basename "$0")
	echo "Usage:"
	echo " $script_name [APP_LIBS_FOLDER]"
	echo ""
	echo "Call example:"
	echo " $script_name /tmp/app-jars"
	exit 1
	fi
	# Set here the folder path in which all the JAR files of the app were copied
	TARGET_CLASS_NAME="org/apache/logging/log4j/core/lookup/JndiLookup.class"
	APP_LIBS_FOLDER=$1
	WORK_FOLDER=/tmp/work
	LIBS_COUNT=$(ls $APP_LIBS_FOLDER/*.jar \| wc -l)
	echo -e "\e[93m[+] Searching class '$TARGET_CLASS_NAME' accross $LIBS_COUNT libraries...\e[0m"
	find=0
	find_one=0
	i=0
	cdir=$(pwd)
	for lib in $APP_LIBS_FOLDER/*.jar
	do
	i=$((i+1))
	echo -ne "\rInspecting file $i/$LIBS_COUNT..."
	find=$(unzip -l $lib \| grep -c "$TARGET_CLASS_NAME")
	if [ $find -ne 0 ]
	then
	find_one=1
	echo ""
	echo -e "\e[92m[!] Class found in the file '$(basename $lib)'.\e[0m"
	echo -e "\e[93m[+] Try to find the Maven artefact version...\e[0m"
	rm -rf $WORK_FOLDER 2>/dev/null
	mkdir $WORK_FOLDER
	unzip -q -d $WORK_FOLDER $lib
	cd $WORK_FOLDER
	for f in $(grep -r "groupId\s=\sorg.apache.logging.log4j" *)
	do
	file_loc=$(echo $f \| cut -d":" -f1)
	artefact_version=$(grep -Po "version\s=\s.*" $file_loc \| sed 's/version=//g')
	echo "File : $(basename $lib)"
	echo "Metadata file : $file_loc"
	echo "Log4J version : $artefact_version"
	done
	cd $cdir
	rm -rf $WORK_FOLDER 2>/dev/null
	fi
	done
	if [ $find_one -eq 0 ]
	then
	echo ""
	echo -e "\e[91m[!] Class not found!\e[0m"
	else
	echo -ne "\r\e[93m[+] Inspection finished.\e[0m"
	echo ""
	fi