Log4j – Security Vulnerability – Detection Tools

Background

Thankfully, just about everyone and their mama have a tool for detecting software stacks that are susceptible to Apache Log4J’s Log4Shell Security Vulnerability.

 

Tools

David Strom, InfoWorld

Here is a list pulled together by David Strom @ Infoworld

Link

Company Product Platform Product Link Explanation
Qualys Qualys Web Application Scanning Cloud Link Link
Check Point CloudGuard AppSec Cloud Link
Cert ( Community Emergency Response Team ) CERTCC / CVE-2021-44228_scanner Desktop ( Windows, Linux, Mac ) Link
PortSwigger – Burp ( IBM – XforceRed ) xforcered / scan4log4shell Desktop Link
PortSwigger – Burp ( SilentSignal ) SilentSignal / Log4Shell Scanner Desktop Link
WhiteSource WhiteSource / log4j-detect-distribution Desktop ( Windows, Linux, Mac ) Link
JFrog log4j-tools Desktop ( OS Agnostic – Python & Java ) Link
Semgrep log4j2_tainted_argument ( application rule ) Semgrep – Product – Rule Link
Orca Security Cloud Risk Assessment Cloud ( Amazon-AWS, Microsoft – Azure, Google – GCP ) Link

 

Write Up

  1. Qualys
    • Mayank Deshmukh
      • Is Your Web Application Exploitable By Log4Shell Vulnerability?
        Link

My Take

Unfortunately, we live at a time, in a time, where people do not always appreciate those working hard on their behalf.

People working arduously, placing their own lives on their line, to safeguard the lives of their neighbors.

Summary

In follow-up posts, we will cover a couple of free standalone desktop tools.

One thought on “Log4j – Security Vulnerability – Detection Tools

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s