4 Powerful Tools To Check For Vulnerable Log4j Hosts

Log4j has seen a series of vulnerabilities discloser just over the period of a couple of weeks. The worst part is that it is said to be the deadliest vulnerability of the decade. Security firm CheckPoint said that these vulnerabilities are not less than a pandemic. These vulnerabilities allow attackers to perform unauthenticated, remote code execution with minimum effort on any application using the Log4j library. We hope most of you know how many applications use the Log4j library. This made millions of machines vulnerable to the Log4j vulnerabilities. If you want to read more on the Log4j vulnerabilities, we have published multiple posts on how to detect Log4j vulnerabilities, how to fix Log4j vulnerabilities, how to protect your machine from Log4j vulnerabilities, how do Log4j vulnerabilities work, and some of the basic workaround techniques to mitigate Log4j vulnerabilities in previous posts. We thought it is good to introduce some more tools and techniques to help you check the vulnerable hosts more efficiently. Please don’t leave this post unread, as we have covered four new powerful tools to check for vulnerable log4j hosts on your network.

If you are searching for a command to check the Log4j version, then you may end up with no results. There is no such command that will tell you the version of Log4j installed on your system. Some applications ship the libraries directly as a jar file, and some will contain them in archives. You may need to prep inside the jar or archive to see the version of Log4j.

Well, it is easy for a java developer who knows how to prepare jar files and build java packages to check the Log4j library versions inside jar files. However, we have created this post for those who don’t know about looking for Log4j library versions hidden inside jar files. We have covered four such powerful tools to check for vulnerable log4j hosts on your network.

Log4j Vulnerabilities Found In 2021:

List Of Tools To Check For Vulnerable Log4j Hosts On Your Network

Check For Vulnerable Log4j Hosts Using log4j-Scan:

Log4j-scan is a fully automated, accurate, and extensive scanner tool to check vulnerable log4j hosts on the network. You can use this tool for personal or commercial purposes to scan infrastructure for Log4J vulnerabilities, and test for WAF bypasses that can result in code execution on the organization’s environment. This tool doesn’t require setting up a DNS callback server since it supports DNS OOB callbacks.

How To Run Log4j-Scan Tool?

Check For Vulnerable Log4j Hosts Using log4j_Checker_Beta:

This is a script to check if your server is possibly affected by log4j vulnerabilities. However, it has some accuracy concerns about the detection of vulnerabilities in the Log4j library. Since it uses library version is one of the main criteria. Despite that, a good thing about his tool is that it supports archive files like WAR and EAR. This tool is capable of checking:

How To Run log4j_Checker_Beta?

Run this command to download the script and run on your machine

# wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - |bash

Run this command to see only warning in the output:

# wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - | bash | grep '\[WARNING\]'

Note: Ensure ‘locate’ and ‘unzip’ commends need to be installed and locate database is updated before you run the commands. results would be more accurate if you run these commands with superuser privilege.

# sudo apt install unzip locate# sudo updatedb

If you want to run this script on the machine which doesn’t have the internet connection, clone the git repository.

# https://github.com/rubo77/log4j_checker_beta.git

# cd log4j_checker_beta/

# ./log4j_checker_beta.sh hashes-pre-cve_local.txt | grep '\[WARNING\]'

Check For Vulnerable Log4j Hosts Using log4j-Sniffer:

log4j-sniffer crawls for all instances of log4j on disk within a specified directory. It is one of the accurate tools to identify the vulnerable instances of Log4j within a directory tree. It is not limited to working only with Java archives, it supports a wide range of archives such as .zip, tar, .tar.gz, .tgz, .tar.bz2, .tbz2.

log4j-sniffer will scan for all files of the following types based upon suffix:

How to run log4j-sniffer?

Or

$ tar -xf log4j-sniffer-1.0.0-linux-amd64.tgz

3. Run log4j-sniffer:

4. Run the log4j-sniffer with crawl flag which takes directory path as imput to crawl for vulnerable Log4j libraries.

Check For Vulnerable Log4j Hosts Using Check-Log4j:

Check-log4j is a tool developed by yahoo to check whether the host is vulnerable to the Log4j. This tool works entirely in a different way than other tools. It attempts to verify the service by triggering the exploit. But, on the other hand, it doesn’t tell that you may not know whether you have a vulnerable version of log4j on your system. Please see the manual page for full details.

How to Run Check-Log4j?

We hope this post would help you know 4 Powerful Tools to Check for Vulnerable Log4j Hosts. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.