Just in time for the holidays, the Log4j vulnerabilities panicked IT and security teams at the beginning of the month. Since then, the Apache Foundation has fixed the bugs and released patches, so it is now up to software developers and administrators to patch software and apply the fixes.
Since Log4j is an extremely popular Java logging tool, the technology industry has come together to help IT departments and technologists manage every instance of Log4j in their environment.
This includes several open source and commercial scanning tools provided by government organizations and technology companies alike. Here is a quick rundown of some of the tools available:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an open source Log4j scanner derived from scanners created by other members of the open source community, the agency tweeted last week. The tool is available on CISA’s GitHub page here.
According to the agency, the scanner is a modified version of scanners from cybersecurity company FullHunt and other sources.
Cybersecurity giant CrowdStrike has also released a free Log4j scanning tool it calls the CrowdStrike Archive Scan Tool (CAST). The tool, according to the company, does a targeted search by scanning a specific set of directories for JAR, WAR, ZIP, and EAR files, and then doing a deeper scan of those file types using a known set of checksums for Log4j libraries match. The tool can run on Windows, Mac, and Linux systems.
Microsoft has added Log4j tools to Microsoft 365 Defender, including updates that provide a “consolidated view” of the company’s vulnerability to vulnerabilities at the device, software and vulnerable component level through automated and complementary functions.
The tools include the detection of vulnerable Lob4j library components on devices, the detection of vulnerable applications with the Log4j library on devices, a dedicated Log4j dashboard and a new schema in the advanced search that shows and enables file-level results from the hard drive to correlate them with additional context.
The cybersecurity company has released the Log4j Vulnerability Scanner and Log4Shell Vulnerability Assessment Tool to help administrators protect their environment from the errors. The company even made a demo video for the scan tool, and the vulnerability assessment tool uses free access to the Vision One company’s threat prevention platform to identify endpoints and server applications that could be impacted by Log4Shell.
The managed security company Arctic Wolf has released a scanner that has gained prominence in online IT forums. It’s an open source deep scan script that was first deployed to the company’s customer base and then made publicly available on GitHub for Windows, macOS, and Linux users. According to the company, the tool enables detection of CVE-2021-45046 and CVE-2021-44228 in nested JAR files, as well as WAR and EAR files.
Cybersecurity company Rezilion published this blog post which goes through some Log4j scanners and details what everyone can and cannot do. Check it out, as most scanners will miss Log4j in some formats.