Windows - Export results to a file

Question

Windows - Export results to a file

kmccb opened this issue 3 years ago · 8 comments

Looking to somehow run this EXE on all our Windows systems remotely and then somehow aggregate all the results and parse looking for findings.. Any work on possibly implementing this? Thanks for all the hard work!

Answer 1 · 2021-12-15T20:12:08.000Z

Looking to somehow run this EXE on all our Windows systems remotely and then somehow aggregate all the results and parse looking for findings.. Any work on possibly implementing this? Thanks for all the hard work!

I haven't tried myself, but everything appears to be housed in a single .py, so you could go in and find the lines that are writing out to console and set them to append a .txt or .log file of your naming and choosing.

If you just want it to write out and not append as it goes (only getting the result when the script finishes), you could create a new list and then convert the console prints to append the list. At the very end, just write the list out to a .txt or .log file.

Answer 2 · 2021-12-15T21:13:57.000Z

Hi, you can also redirect the output (stdout) to a file using the > redirection, for example in your cmd.exe or powershell:

log4j-finder.exe c:\ d:\ e:\ > c:\log4j.log

Then on all systems download the log4j.log, and clean it up afterwards.

Or you could also try writing to a mounted share like this to ensure unique files (assuming z:\ is a mapped drive):

log4j-finder.exe c:\ d:\ e:\ > z:\log4j-%COMPUTERNAME%.log

Would this work for you?

Answer 3 · 2021-12-16T12:39:00.000Z

to add to this problem: Yes the solution works, but if you want to use the -v parameter to grab a list of all .jars it wont add it into the generated file, only the output of the script without the parameter gets added into the file.

Answer 4 · 2021-12-16T13:29:45.000Z

log4j-finder.exe c:\ d:\ e:\ > z:\log4j-%COMPUTERNAME%.log

Thanks for the reply! That worked great.. Now it we could just parse the logs and look for vulnerable systems without having to go through 700+ logs (one for each machine).. This is progress though and I so appreciate the work!

Answer 5 · 2021-12-16T15:18:18.000Z

to add to this problem: Yes the solution works, but if you want to use the -v parameter to grab a list of all .jars it wont add it into the generated file, only the output of the script without the parameter gets added into the file.

The verbose/debug logging is written to stderr, you can redirect stderr to stdout by adding 2>&1 to the end of the command, so for example:

log4j-finder.exe -v c:\ d:\ e:\ > z:\log4j-%COMPUTERNAME%.log 2>&1

The verbose logging will then also end up in the same file.

Answer 6 · 2021-12-16T21:33:03.000Z

Now it we could just parse the logs and look for vulnerable systems without having to go through 700+ logs (one for each machine)

I would just grep for VULNERABLE on the generated log files. I'm adding hostname to the output soon, so that should also help, but grep can also show the filename that it was matched in for now.

Answer 7 · 2021-12-17T07:52:54.000Z

Closing this issue as output redirection seems to work for this use case. Feel free to-reopen if it's not.

Answer 8 · 2021-12-17T08:01:44.000Z

to add to this problem: Yes the solution works, but if you want to use the -v parameter to grab a list of all .jars it wont add it into the generated file, only the output of the script without the parameter gets added into the file.

The verbose/debug logging is written to stderr, you can redirect stderr to stdout by adding 2>&1 to the end of the command, so for example:
log4j-finder.exe -v c:\ d:\ e:\ > z:\log4j-%COMPUTERNAME%.log 2>&1
The verbose logging will then also end up in the same file.

Thanks alot - that works!