search

1lann / log4shelldetect

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
The Unlicense
44 stars 8 forks source link

Added additional file types and also exit code. #1

Closed thorhs closed 2 years ago

thorhs commented 2 years ago

Added .ear and .zip to types of file to test.

Also added an exit code if a match is found. Exit codes:

This enables integration with Ansible, e.g:

---
- hosts: all
  become: true
  tasks:
  - name: Copy log4shelldetect to remote host
    copy:
      src: /home/XXX/log4shelldetect
      dest: /tmp/log4shelldetect
      mode: "0555"

  - name: Search for log4j
    shell:
      cmd: "/tmp/log4shelldetect -mode=list /"
    register: log4shelldetect
    changed_when: log4shelldetect.rc == 3
    failed_when: log4shelldetect.rc == 1 or log4shelldetect.rc == 2

  - name:
    copy:
      dest: "/home/XXX/log4shelldetect.out/{{ ansible_fqdn }}"
      content: "{{ log4shelldetect.stdout }}\n"
    when: log4shelldetect.rc == 3
    delegate_to: localhost
thorhs commented 2 years ago

Sorry for this being two changes in one commit, don't have time to split them up.

Turegano commented 2 years ago

you are terrific!!!

1lann commented 2 years ago

Thanks for your PR! I've adjusted it a bit to fix a race condition, return correct exit codes as you specified, and to put .zip scanning behind a flag as it can be potentially significantly slower.