Comment on page
Detect vulnerable versions of Log4j with Spyderbat Log4jtool
Use Spyderbat's own tool to scan for vulnerable Log4j Java packages in your Linux environment for an added level of protection against malicious attacks.
Published: December 31, 2021
As Spyderbat worked with customers on the recent Log4Shell vulnerability, it became clear that a simple tool was needed to accurately find existing running Java packages that are vulnerable in their environments. This is echoed in the Dec 22nd alert by the Cybersecurity and Infrastructure Agency (CISA) and other agencies specifying to:
- Identify assets affected by Log4Shell and other Log4j-related vulnerabilities
- Upgrade Log4j assets and affected products to the latest version as soon as patches are available and remain alert to vendor software updates, and
- Initiating hunt and incident response procedures to detect possible Log4Shell exploitation.
Since Log4j is a back-end component for logging in Java applications, it is not always clear where it is used. Spyderbat has open-sourced the following Log4jtool to the security community – that can be run on Linux systems and scans if any vulnerable Java packages are present.
Optionally you can provide a path if you don’t wish to scan your entire filesystem:
sudo ./log4jtool -p /my/path/
The tool iterates through the file system looking for .war, .jar, and .ear files and then looks for the version of Log4j that they may contain. It doesn’t alter anything at all. It inspects the files and looks within them for nested copies of Log4j as well.
If Java packages are found, the output looks like this:
File: /test/log4j/log4j-1.2.12.jar contains version: 1.2.12 which is not-vulnerable
File: /testx/apache-tomcat-8.5.73/webapps/log4shell-demo.war contains version: 2.14.1 which is vulnerable
Spyderbat customers are encouraged to review our rticle on how to detect Log4J in their Linux environments.