Find-log4j.ps1

# Find-log4j.ps1
#
# Searches a machine for files named log4j-core-*.jar using robocopy and outputs to a file
#
# Virtually all of the code is from Matt Benninge; I've just added a very simple file output 
#   https://gist.github.com/matbe/df32f7257d9eab07fb388bef85edab04
#
# Once you have the files you can combine the ones that found log4j using 
#
#   dir *_found* | Get-Content | Out-File c:\users\public\log4jfound.txt
#
# If run as a package/program through SCCM it'll run under the context of LOCALSYSTEM so 
# provided the computer account has write (not read) privilege to the shared folder the
# script will be able to create the files
#

$dropFolder = "\\server\share\log4j\"

# == code from Matt ==

$searchName = "log4j-core-*.jar"
$drives = Get-WmiObject Win32_LogicalDisk -Filter 'DriveType=3' | Select -ExpandProperty DeviceID

$i = 0
Foreach ($drive in $drives) {
    $searchDir = "$drive\"
    $jars= (&cmd /c pushd $searchDir `& robocopy /l "$searchDir" null "$searchName" /ns /njh /njs /np /nc /ndl /xjd /mt /s).trim() -ne ''
        
    Foreach ($jar in $jars){
        If($jar) {
            If(($jar).StartsWith($drive)){
                $i++    #increase $i to instruct CM that potential vunerable file found
            }
        }
    }
}

# == end of code from matt ==

If ($i -ge 1) { 
  $filename = "log4j_found_$($ENV:Computername).txt" 
  }
Else 	{ 
  $filename = "log4j_notfound_$($ENV:Computername).txt" 
  }
  
$jars | out-file "$dropFolder$filename"