Log4j – Security Vulnerability – Detection Tools


Thankfully, just about everyone and their mama have a tool for detecting software stacks that are susceptible to Apache Log4J’s Log4Shell Security Vulnerability.



David Strom, InfoWorld

Here is a list pulled together by David Strom @ Infoworld


Company Product Platform Product Link Explanation
Qualys Qualys Web Application Scanning Cloud Link Link
Check Point CloudGuard AppSec Cloud Link
Cert ( Community Emergency Response Team ) CERTCC / CVE-2021-44228_scanner Desktop ( Windows, Linux, Mac ) Link
PortSwigger – Burp ( IBM – XforceRed ) xforcered / scan4log4shell Desktop Link
PortSwigger – Burp ( SilentSignal ) SilentSignal / Log4Shell Scanner Desktop Link
WhiteSource WhiteSource / log4j-detect-distribution Desktop ( Windows, Linux, Mac ) Link
JFrog log4j-tools Desktop ( OS Agnostic – Python & Java ) Link
Semgrep log4j2_tainted_argument ( application rule ) Semgrep – Product – Rule Link
Orca Security Cloud Risk Assessment Cloud ( Amazon-AWS, Microsoft – Azure, Google – GCP ) Link


Write Up

  1. Qualys
    • Mayank Deshmukh
      • Is Your Web Application Exploitable By Log4Shell Vulnerability?

My Take

Unfortunately, we live at a time, in a time, where people do not always appreciate those working hard on their behalf.

People working arduously, placing their own lives on their line, to safeguard the lives of their neighbors.


In follow-up posts, we will cover a couple of free standalone desktop tools.

One thought on “Log4j – Security Vulnerability – Detection Tools

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s