log4j search

<#
    RUN AS ADMIN!
    
    .SYNOPSIS
    Get-Log4shellVuln.ps1 scans all local drives for presence of log4j jar files and analyzes the contents of the jar file to determine if it is vulnerable to #log4shell (CVE-2021-44228) vulnerability
    .DESCRIPTION
    Review all local disks for any presence of log4j jar files, extract the manifest from the file and determine if the version is less than 2.15.
    Output to console status of individual files and global result at end.
    Record list of all jar files in log4j.csv, manifest versions in log4j-manifest.csv, and finally presence of jndi class in log4j-jndi.csv
    Requires .net 4 or later
#>
 
Add-Type -AssemblyName System.IO.Compression
Add-Type -AssemblyName System.IO.Compression.FileSystem
$logFolder = "C:\"
$log4jCsv = "$logFolder\log4j.csv"
$targetManifestFile = "$logFolder\log4j-manifest.txt"
$manifestCsv = "$logFolder\log4j-manifest.csv"
$jndiCsv = "$logFolder\log4j-jndi.csv"
$log4Filter = "log4j*.jar"
$jarFiles = Get-PSDrive | Where-Object { $_.Name.length -eq 1 } | Select-Object -ExpandProperty Root | Get-ChildItem -File -Recurse -Filter $log4Filter -ErrorAction SilentlyContinue | Select-Object -ExpandProperty FullName
$jarFiles | Export-Csv $log4jCsv
$global:result = $null
foreach ($jarFile in $jarFiles) {
    Write-Output $jarFile
    $zip = [System.IO.Compression.ZipFile]::OpenRead($jarFile)
    $zip.Entries | 
    Where-Object { $_.Name -like 'JndiLookup.class' } | ForEach-Object {  
        $output = "$($jarFile.ToString()),$($_.FullName)"      
        Write-Output $output
        $output | Out-File -Append $jndiCsv        
        if ($null -eq $global:result) { $global:result = "Jndi class exists" }        
    }
    $zip.Entries | 
    Where-Object { $_.FullName -eq 'META-INF/MANIFEST.MF' } | ForEach-Object {        
        [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $targetManifestFile, $true)
        $implementationVersion = (Get-Content $targetManifestFile | Where-Object { $_ -like 'Implementation-Version: *' }).ToString()
        Write-Output $implementationVersion
        "$($jarFile.ToString()),$($implementationVersion.ToString())" | Out-File -Append $manifestCsv   
        Remove-Item $targetManifestFile -ErrorAction SilentlyContinue
        $implementationVersion_ = $implementationVersion.Replace('Implementation-Version: ', '').Split('.')
        if ($implementationVersion_[0] -eq 2 -and $implementationVersion_ -lt 15 ) {
            Write-Output "log4shell vulnerability exists"
            $global:result = "Vulnerable"
        }
    }
    if ($null -eq $global:result) { $global:result = "Jndi class not found" }
}
Write-Output "Result: $global:result"

2.7 KB | 2021-12-14 | 185 | Never | Raw paste | Report

Hot pastes

hello, world
     2321 | Never
free anonymous http proxies
     1043 | 2022-07-12
Office 2021 activation.bat
     893 | 2022-12-12
log4j search
     185 | Never
AVAST Software License File
     116 | Never
asfasfasfasfas
     102 | 2023-03-05
sggag
     76 | 2023-06-12
safsafasfsaf
     31 | 2023-06-22
زيوت عطرية
     23 | 2023-03-17