Skip to content

Instantly share code, notes, and snippets.

@Sheraw91
Created December 14, 2021 16:37
Show Gist options
  • Save Sheraw91/d80fee9b112ccc4f4f53530841cc185b to your computer and use it in GitHub Desktop.
Save Sheraw91/d80fee9b112ccc4f4f53530841cc185b to your computer and use it in GitHub Desktop.
Log4Shell - Scan library versions on Windows - PowerShell
Add-Type -AssemblyName System.IO.Compression
Add-Type -AssemblyName System.IO.Compression.FileSystem
$errorAction = "SilentlyContinue"
$logFolder = "C:\"
$logFileJson = "$logFolder\log4j-scanner-results.json"
$targetManifestFile = "$logFolder\log4j-manifest.txt"
$log4Filter = "log4j*.jar"
$jarFiles = Get-PSDrive | Where-Object { $_.Name.length -eq 1 } | Select-Object -ExpandProperty Root | Get-ChildItem -File -Recurse -Filter $log4Filter -ErrorAction $errorAction | Select-Object -ExpandProperty FullName
$global:result = $null
$resultJson = @{}
$jarFilesList = New-Object System.Collections.ArrayList
$resultJson.Add("hostname", $env:computername)
$resultJson.Add("date", (Get-Date -Format "MM/dd/yyyy HH:mm K"))
foreach ($jarFile in $jarFiles) {
$fileJson = @{}
$fileJson.Add("file", $jarFile)
$zip = [System.IO.Compression.ZipFile]::OpenRead($jarFile)
$zip.Entries |
Where-Object { $_.FullName -eq 'META-INF/MANIFEST.MF' } | ForEach-Object {
[System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $targetManifestFile, $true)
$implementationVersion = (Get-Content $targetManifestFile -ErrorAction $errorAction | Where-Object { $_ -like 'Implementation-Version: *' }).ToString()
# Get the version number
$version = $implementationVersion.Replace('Implementation-Version: ', '')
$fileJson.Add("version", $version)
Remove-Item $targetManifestFile -ErrorAction $errorAction
$implementationVersion_ = $implementationVersion.Replace('Implementation-Version: ', '').Split('.')
# Check if it is vulnerable using the library version
if ($implementationVersion_[0] -eq 2 -and $implementationVersion_ -lt 15 ) {
$fileJson.Add("vulnerable", $True)
$global:result = "Vulnerable"
}
else {
$fileJson.Add("vulnerable", $False)
}
}
if ($null -eq $global:result) { $global:result = "Jndi class not found" }
$jarFilesList.Add($fileJson)
}
# Save result on a JSON file
$resultJson.Add("jar_files", $jarFilesList)
$resultJson.Add("result", $global:result)
$resultJson | ConvertTo-Json -Depth 10 | Out-File $logFileJson
Write-Output "Result: $global:result"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment