How can you detect the Log4j zero day vulnerability (known as Log4shell)? Here’s a list of FREE Log4j vulnerability scanner tools.
Amazon Inspector and AWS
The Amazon Inspector team has created coverage for identifying the existence of this vulnerability in your Amazon EC2 instances and Amazon Elastic Container Registry Images (Amazon ECR), according to Amazon. With the new Amazon Inspector, scanning is automated and continual, the company said. Continual scanning is driven by events such as new software packages, new instances, and new common vulnerability and exposure (CVEs) being published.
Google built its own log4jscanner that walks directory, printing any detected JARs to stdout.Optionally, its
--rewrite flag can actively remove the vulnerable class from detected JARs in-place.
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.
Qualys has released a utility that helps to detect CVE-2021-44228 and CVE-2021-45046 vulnerabilities. The utility will scan the entire hard drive(s) including archives (and nested JARs) for the Java class that indicates the Java application contains a vulnerable log4j library. The utility will output its results to a console.
TrendMicro Log4j Vulnerability Tester
This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.
This script searches the system for Java applications that contain the Log4J class JndiLookup.class which is the source of the Log4Shell vulnerabilities. If this class is found within an application, the script looks for updates to Log4J that indicate the application has been updated to use Log4J 2.16+ or Log4J 2.12.2+. If the application contains JndiLookup.class but does not appear to have been updated, the application is vulnerable.
Log4j RCE Scanner
Apache Log4j CVE-2021-44228 developed by Adil Soybali, a security researcher from Seccops Cyber Security Technologies Inc.
This tool can:
- scan according to the url list you provide.
- scan all of them by finding the subdomains of the domain name you give.
- add the source domain as a prefix to determine from which source the incoming dns queries are coming from.
Another free open source tool written in go. It can scan int URL mode (fuzzing url with header, payload) and in internal mode, scanning log4j inside your server.
You should use these scanners to detect Log4Shell vulnerability in your environment. Especially since threat actors are scanning the internet for vulnerable systems to exploit.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.