Command line usage examples

[OlivierMasit]

Windows

.\log4shell_1.4.0-log4shell_Windows_x86_64.exe scan --no-follow-symlinks --json --output [YourFile].json --include-log4j1 [Path]

--no-follow-symlinks > exclude symbolic links from scan (in version 1.4.0, it causes crash on Linux in certain conditions)
--Json > return Json format on screen
--output > save the return to a file
--include-log4j1 > add testing for log4j1xxx versions

Examples

# Scan the C drive
.\log4shell_1.4.0-log4shell_Windows_x86_64.exe scan --no-follow-symlinks --json --output result.json --include-log4j1 c:\

# Scan multiple paths or drives
.\log4shell_1.4.0-log4shell_Windows_x86_64.exe scan --no-follow-symlinks --json --output result.json --include-log4j1 C:\Users\Oli\Documents\ C:\Users\oli\Downloads\

.\log4shell_1.4.0-log4shell_Windows_x86_64.exe scan --no-follow-symlinks --json --output result.json --include-log4j1 C:\ D:\

Linux

sudo ./log4shell_1.4.0-log4shell_Linux_x86_64 scan --no-follow-symlinks --json --output [YourFIle].json --include-log4j1 [Path]

Examples

# Scan the root
sudo ./log4shell_1.4.0-log4shell_Linux_x86_64 scan --no-follow-symlinks --json --output result.json --include-log4j1 /

# Scan multiple paths or drives
sudo ./log4shell_1.4.0-log4shell_Linux_x86_64 scan --no-follow-symlinks --json --output result.json --include-log4j1 /usr /var /mnt/xxx

Output

When using --json --output, The output is a JSON file which will be easy to automatically ingest ;-).

Examples

Linux

{
        "vulnerable_libraries": [
                {
                        "path": "/home/oli/Documents/test-tomcat.war::WEB-INF/lib/log4j-1.2.16.jar",
                        "file_name": "org/apache/log4j/net/SocketNode.class",
                        "hash": "688a3dadfb1c0a08fb2a2885a356200eb74e7f0f26a197d358d74f2faf6e8f46",
                        "version": "1.2.16",
                        "cve": "CVE-2019-17571",
                        "severity": "9.8"
                },
                {
                        "path": "/home/oli/Documents/test-tomcat.war::WEB-INF/lib/log4j-core-2.13.3.jar",
                        "file_name": "org/apache/logging/log4j/core/net/JndiManager.class",
                        "hash": "c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078",
                        "version": "2.13.0, 2.13.1, 2.13.2, 2.13.3",
                        "cve": "CVE-2021-44228",
                        "severity": "10.0"
                },
                {
                        "path": "/home/oli/test-tomcat.war::WEB-INF/lib/log4j-1.2.16.jar",
                        "file_name": "org/apache/log4j/net/SocketNode.class",
                        "hash": "688a3dadfb1c0a08fb2a2885a356200eb74e7f0f26a197d358d74f2faf6e8f46",
                        "version": "1.2.16",
                        "cve": "CVE-2019-17571",
                        "severity": "9.8"
                },
                {
                        "path": "/home/oli/test-tomcat.war::WEB-INF/lib/log4j-core-2.13.3.jar",
                        "file_name": "org/apache/logging/log4j/core/net/JndiManager.class",
                        "hash": "c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078",
                        "version": "2.13.0, 2.13.1, 2.13.2, 2.13.3",
                        "cve": "CVE-2021-44228",
                        "severity": "10.0"
                },
                {
                        "path": "/usr/share/zaproxy/lib/log4j-core-2.14.1.jar",
                        "file_name": "org/apache/logging/log4j/core/net/JndiManager.class",
                        "hash": "77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6",
                        "version": "2.14.0, 2.14.1",
                        "cve": "CVE-2021-44228",
                        "severity": "10.0"
                }
        ]
}

Windows

{
        "vulnerable_libraries": [
                {
                        "path": "c:\\Dev\\Apache_Directory_Studio\\plugins\\org.apache.directory.studio.ldapservers.apacheds_2.0.0.v20180908-M14.jar::resources/libs/apacheds-service.jar",
                        "file_name": "org/apache/log4j/net/SocketNode.class",
                        "hash": "8ef0ebdfbf28ec14b2267e6004a8eea947b4411d3c30d228a7b48fae36431d74",
                        "version": "1.2.17",
                        "cve": "CVE-2019-17571",
                        "severity": "9.8"
                },
                {
                        "path": "c:\\Users\\Oli\\Downloads\\test-tomcat.war::WEB-INF/lib/log4j-core-2.13.3.jar",
                        "file_name": "org/apache/logging/log4j/core/net/JndiManager.class",
                        "hash": "c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078",
                        "version": "2.13.0, 2.13.1, 2.13.2, 2.13.3",
                        "cve": "CVE-2021-44228",
                        "severity": "10.0"
                }
              
        ]
}

Hope it helps some of you ...

[breadchris]

@OlivierMasit thank you for submitting these! We know our documentation is lacking for how to use this tool and so it is helpful to see someone post some real world examples of using it.

Would you consider opening a PR with this included on the README page for the cli? https://github.com/lunasec-io/lunasec/tree/master/tools/log4shell, it would probably help a number of people to see this information.

Thank you :)

[OlivierMasit]

@breadchris, sure as soon as I have some time i'll create a help and PR ;-)