Log4j Finder Versions Save

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

v1.2.0

2 years ago

Notable changes

Added Log4j 2.17.0 detection, versions lower than this is marked as VULNERABLE
Detect removal of JndiLookup.class, will show up as PATCHED
Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
Hostname is now added to the output, and there is an new option -q, --quiet to suppress summary and banner.
It now also processes .zip files
You can now exclude files or directories by using the --exclude option, eg: --exclude /mnt/media/*

What's Changed

Add CVE-2021-45046 to the README by @lmorg in https://github.com/fox-it/log4j-finder/pull/9
Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/15
Update README.md with instructions for creating PyInstaller executables by @yunzheng in https://github.com/fox-it/log4j-finder/pull/17
Add -V/--version argument to print program version by @yunzheng in https://github.com/fox-it/log4j-finder/pull/21
Add hostname to output and refactored parts of script by @yunzheng in https://github.com/fox-it/log4j-finder/pull/23
Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in https://github.com/fox-it/log4j-finder/pull/25
Added "How it works" section to README.md by @yunzheng in https://github.com/fox-it/log4j-finder/pull/28
Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in https://github.com/fox-it/log4j-finder/pull/29
Fixing scanning issue of jars inside war files by @dariux in https://github.com/fox-it/log4j-finder/pull/22
Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in https://github.com/fox-it/log4j-finder/pull/33
Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in https://github.com/fox-it/log4j-finder/pull/36
Add ability to exclude files and directories by @mjsalmi in https://github.com/fox-it/log4j-finder/pull/34
Fix zip internal path issue on Windows by @KrisJanssen in https://github.com/fox-it/log4j-finder/pull/37
Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in https://github.com/fox-it/log4j-finder/pull/39
Added MIT License by @yunzheng in https://github.com/fox-it/log4j-finder/pull/41
Added missing log4j 2.12.2 MD5 hash by @yunzheng in https://github.com/fox-it/log4j-finder/pull/42
Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/43
Fixed files and directory stats by @yunzheng in https://github.com/fox-it/log4j-finder/pull/46
Output log4j-finder and Python version to debug and info logging by @yunzheng in https://github.com/fox-it/log4j-finder/pull/47
Add support for processing files with .zip extension by @yunzheng in https://github.com/fox-it/log4j-finder/pull/48
Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in https://github.com/fox-it/log4j-finder/pull/53

New Contributors

@lmorg made their first contribution in https://github.com/fox-it/log4j-finder/pull/9
@dariux made their first contribution in https://github.com/fox-it/log4j-finder/pull/22
@mjsalmi made their first contribution in https://github.com/fox-it/log4j-finder/pull/34
@KrisJanssen made their first contribution in https://github.com/fox-it/log4j-finder/pull/37

Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.1...v1.2.0

v1.0.1

2 years ago

What's Changed

Add colorama to pyinstaller builds for better color support on Windows by @yunzheng in https://github.com/fox-it/log4j-finder/pull/5
Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) by @yunzheng in https://github.com/fox-it/log4j-finder/pull/6
Output scanning stats and version information by @yunzheng in https://github.com/fox-it/log4j-finder/pull/7

New Contributors

@yunzheng made their first contribution in https://github.com/fox-it/log4j-finder/pull/5

Full Changelog: https://github.com/fox-it/log4j-finder/compare/v1.0.0...v1.0.1

v1.0.0

2 years ago

Release of log4j-finder with Pyinstaller builds for Windows and Linux. So it can easily run on systems without Python 3.

What's Changed

Add GitHub actions to generate pyinstaller binaries for windows and linux by @taufderl in https://github.com/fox-it/log4j-finder/pull/1

New Contributors

@taufderl made their first contribution in https://github.com/fox-it/log4j-finder/pull/1

Full Changelog: https://github.com/fox-it/log4j-finder/commits/v1.0.0