-
-
Save ldaume/1c149c3b388921f2a8adb70c7825d6ee to your computer and use it in GitHub Desktop.
Find log4j for CVE-2021-44228 on some places * Log4Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Finds log4j resources on Linux (tested with Debian) | |
| # by Christian Blechert <[email protected]> | |
| # ATTENTION! It only checks ext3 + ext4 filesystems right now! | |
| # Extend it if you use something else | |
| while read -u 3 -r JAR | |
| do | |
| JAR=$(echo "$JAR" | tr -d '[:space:]') | |
| if [ -z "$JAR" ]; then | |
| continue | |
| fi | |
| NUM=$(unzip -l "$JAR" | grep -P "^\s+[0-9]+\s+[0-9-]+\s+[0-9:]+\s+.+" | awk '{print $4}' | grep -P 'org/apache/(log4j|logging/log4j)' | wc -l) | |
| if [ $NUM -gt 0 ]; then | |
| echo "$JAR" | |
| fi | |
| done 3<<< "$(find / \( -fstype ext4 -or -fstype ext3 \) -type f -name "*.jar" 2> /dev/null)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Finds log4j resources in running docker containers | |
| # by Christian Blechert <[email protected]> | |
| while read -r CONTAINER | |
| do | |
| CONTAINER=$(echo "$CONTAINER" | tr -d '[:space:]') | |
| if [ -z "$CONTAINER" ]; then | |
| continue | |
| fi | |
| while read -u 3 -r JAR | |
| do | |
| JAR=$(echo "$JAR" | tr -d '[:space:]') | |
| if [ -z "$JAR" ]; then | |
| continue | |
| fi | |
| rm -f moep.jar | |
| docker cp "$CONTAINER:$JAR" moep.jar | |
| NUM=$(unzip -l moep.jar | grep -P "^\s+[0-9]+\s+[0-9-]+\s+[0-9:]+\s+.+" | awk '{print $4}' | grep -P 'org/apache/(log4j|logging/log4j)' | wc -l) | |
| if [ $NUM -gt 0 ]; then | |
| echo "$CONTAINER @ $JAR" | |
| fi | |
| done 3<<< "$(docker exec -u root $CONTAINER find / -type f -name "*.jar" 2> /dev/null)" | |
| done <<< "$(docker ps --format '{{.Names}}')" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Finds log4j resources on Windows machines | |
| # by Christian Blechert <[email protected]> | |
| Add-Type -assembly "system.io.compression.filesystem" | |
| gwmi win32_volume | where-object { $_.filesystem -match "ntfs" -and $_.name -match "^[A-Z]:" } | sort { $_.name } | foreach-object { | |
| Get-ChildItem $_.name -File -Recurse -erroraction 'silentlycontinue' | | |
| Where-Object { $_.Name -match '\.jar$' } | | |
| Select-Object -ExpandProperty FullName | | |
| Foreach-Object { | |
| $folder = $_ | |
| $containsLog = ([io.compression.zipfile]::OpenRead($folder).Entries | | |
| Where-Object { $_.FullName -match "^org/apache/(log4j|logging/log4j)" }).Length | |
| if ( $containsLog -gt 0 ) { | |
| Write-Host "$($folder)" | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment