This repo will be validating various threat hunting scenarios based on Log4j Exploitation and will be comprising of below formats
**A> Log4j Vulnerability Scanners
- log4sh-detect is a MULTI-PLATFORM Python Script that will detect hosts vulnerable to the log4shell Exploit. https://github.com/mortification77/log4sh-detect
- Script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(log4shell) in their AWS account https://github.com/mitiga/log4shell-cloud-scanner
- Perform a scan of a single host (using Powershell) to see if it's vulnerable https://github.com/crypt0jan/log4j-powershell-checker
- Nmap NSE scripts to check against log4shell https://github.com/Diverto/nse-log4shell
- DIVD-2021-00038 log4j scanner Scan paths including archives for vulnerable log4 https://github.com/dtact/divd-2021-00038--log4j-scanner
- Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless https://github.com/deepfence/ThreatMapper
- Open detection and scanning tool (Python) for discovering and fuzzing for Log4J vulnerability https://github.com/fullhunt/log4j-scan
- A script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) (Python) https://github.com/fox-it/log4j-finder
- Open source vulnerability scanner (docker), picks up nested JARs containing log4j https://github.com/anchore/grype
- Online Log4Shell Vulnerability Tester https://log4shell.huntress.com/
- Scans for java files that are vulnerable and may rename it for mitigation https://github.com/logpresso/CVE-2021-44228-Scanner
- Northwave Log4j CVE-2021-44228 checker (python) https://github.com/NorthwaveSecurity/log4jcheck 14 . Northwave Log4j CVE-2021-44228 checker Powershell version https://github.com/crypt0jan/log4j-powershell-checker 15 Scans a list of URLs with GET or POST request with user defined parameters (python) https://github.com/OlafHaalstra/log4jcheck
- Nmap NSE script to inject jndi payloads with customizable templates into HTTP targets https://github.com/righel/log4shell_nse
- Log4Shell scanner for Burp Suite https://github.com/silentsignal/burp-log4shell
- Scans a file or folder recursively for jar files that may be vulnerable https://github.com/1lann/log4shelldetect
- Splunk query's to detect the used Log4j version and detect abuse https://github.com/aholzel/log4j_splunk_querys
- Powershell: Queries domain servers and scans for log4j-core files. (slow) https://github.com/devotech/check-log4j
- This scanner will recursively scan paths including archives for vulnerable log4j versions and JndiLookup.class files. https://github.com/dtact/divd-2021-00038--log4j-scanner
- Samples of exploit attempts; The evolving Log4Shell story: analysis of ongoing and future exploits https://github.com/Forescout/log4j_response
- Open sourced(MIT license) PowerShell log4j detection. Uses "Everything" to prevent high system load https://www.cyberdrain.com/monitoring-with-powershell-detecting-log4j-files/
- Detects vulnerable Log4J versions on your file-system. It is able to find instances that are hidden several layers deep. Linux/Windows/Mac https://github.com/mergebase/log4j-detector
- Version hashes (MD5, SHA1 and SHA256) for log4j2 versions https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/CVE-2021-44228
- Florian Roth Log4j2 detection script https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
- Powershell script to detect Log4Shell https://github.com/sp4ir/incidentresponse/blob/35a2faae8512884bcd753f0de3fa1adc6ec326ed/Get-Log4shellVuln.ps1
- Open source SBOM scanner, can detect all dependencies including log4j https://github.com/anchore/syft/
- log4sh-detect is a MULTI-PLATFORM Python Script that will detect hosts vulnerable to the log4shell Exploit. https://github.com/mortification77/log4sh-detect.git
