This repository contains altered community scripts related to CVE-2021-44228 ported to EDR environments. The scripts were modified to be compatible with other technologies' additional requirements.
See the linked repositories for an up-to-date and original version of the modified scripts.
All the following scripts have been rendered compatible by implementing incompatible Python modules and exposing an xdr entry point.
Documentation regarding the xdr function's expected input and outputs can be found in each script.
-
fox-it/log4j-finder by NCC Group / Fox-IT / Research and Intelligence Fusion Team (RIFT)
Scan the filesystem to find Log4j2 files that is vulnerable to Log4Shell (CVE-2021-44228). It scans recursively both on disk and inside Java Archive files (JARs).
-
Neo23x0/log4shell-detector by Florian Roth
Checks local log files for indicators of exploitation attempts, even heavily obfuscated ones that string or regular expression based patterns wouldn't detect.