Created
December 17, 2021 13:46
-
-
Save adotcoop/269546bd009a880615a0e9bd4f341ec8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Find-log4j.ps1 | |
# | |
# Searches a machine for files named log4j-core-*.jar using robocopy and outputs to a file | |
# | |
# Virtually all of the code is from Matt Benninge; I've just added a very simple file output | |
# https://gist.github.com/matbe/df32f7257d9eab07fb388bef85edab04 | |
# | |
# Once you have the files you can combine the ones that found log4j using | |
# | |
# dir *_found* | Get-Content | Out-File c:\users\public\log4jfound.txt | |
# | |
# If run as a package/program through SCCM it'll run under the context of LOCALSYSTEM so | |
# provided the computer account has write (not read) privilege to the shared folder the | |
# script will be able to create the files | |
# | |
$dropFolder = "\\server\share\log4j\" | |
# == code from Matt == | |
$searchName = "log4j-core-*.jar" | |
$drives = Get-WmiObject Win32_LogicalDisk -Filter 'DriveType=3' | Select -ExpandProperty DeviceID | |
$i = 0 | |
Foreach ($drive in $drives) { | |
$searchDir = "$drive\" | |
$jars= (&cmd /c pushd $searchDir `& robocopy /l "$searchDir" null "$searchName" /ns /njh /njs /np /nc /ndl /xjd /mt /s).trim() -ne '' | |
Foreach ($jar in $jars){ | |
If($jar) { | |
If(($jar).StartsWith($drive)){ | |
$i++ #increase $i to instruct CM that potential vunerable file found | |
} | |
} | |
} | |
} | |
# == end of code from matt == | |
If ($i -ge 1) { | |
$filename = "log4j_found_$($ENV:Computername).txt" | |
} | |
Else { | |
$filename = "log4j_notfound_$($ENV:Computername).txt" | |
} | |
$jars | out-file "$dropFolder$filename" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment