search

mergebase / log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
Other
638 stars 98 forks source link

Scan .car files #72

Closed rgmz closed 2 years ago

rgmz commented 2 years ago

This is a format I've never encountered before. The "Carbon Application Archive" format seems to be used for Apache Synapse and WSO2.

More research is required to determine if this is a "deployable" archive like .jar or the others.

References:

juliusmusseau commented 2 years ago

v2021.12.29 released which addresses this (all files that match .ar will be scanned now).