Scan Linux hosts for active usage of log4j (log4j-core) for the purpose of identifying potentially vulnerable versions. This scanner is designed to be lightweight, fast, require no dependencies and support containerized/K8s environments.
chmod +x ./log4jscan.sh
sudo ./log4jscan.sh
###############################################################
log4jscan v1.2.1
###############################################################
* Scanning running processes
* Looking for log4j-core in loaded jar files
* Processes with loaded log4j-core will be displayed below
log4jscan is provided by Intezer - https://intezer.com
###############################################################
Found a process using Log4j:
PID: 22556
Container ID: 73004f1018480283dc99ab7e1ed4de3d0d8a1d566d88089cca7ba79fb18c1f40
Log4j version: 2.14.1
Jar path: /app/spring-boot-application.jar (the path is relative to the container)
Jar contains Jndilookup class: true
Process command line: java -jar /app/spring-boot-application.jar
Summary:
* If Log4j was found during the scan, please follow the guidelines provided by The Apache Software Foundation at https://logging.apache.org/log4j/2.x/security.html
* Since it is possible that Log4j is installed but not being used at the moment, it is recommended to check if Log4j is installed using your package manager (e.g. apt)
* Get the latest version of log4jscan at https://github.com/intezer/log4jscan
/bin/bash