{"id":28764130,"url":"https://github.com/1lann/log4shelldetect","last_synced_at":"2025-06-17T09:11:07.935Z","repository":{"id":45136589,"uuid":"437155858","full_name":"1lann/log4shelldetect","owner":"1lann","description":"Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or \"that Log4j JNDI exploit\" by inspecting the class paths inside files","archived":false,"fork":false,"pushed_at":"2022-01-05T23:07:50.000Z","size":12272,"stargazers_count":45,"open_issues_count":4,"forks_count":8,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-05T00:01:51.432Z","etag":null,"topics":["cve-2021-44228","cve-2021-45046","log4j","log4j2","log4shell","scanner","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/1lann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-11T01:08:00.000Z","updated_at":"2024-11-15T10:28:16.000Z","dependencies_parsed_at":"2022-08-30T04:52:53.192Z","dependency_job_id":null,"html_url":"https://github.com/1lann/log4shelldetect","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/1lann/log4shelldetect","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1lann%2Flog4shelldetect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1lann%2Flog4shelldetect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1lann%2Flog4shelldetect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1lann%2Flog4shelldetect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/1lann","download_url":"https://codeload.github.com/1lann/log4shelldetect/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1lann%2Flog4shelldetect/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260326793,"owners_count":22992388,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2021-44228","cve-2021-45046","log4j","log4j2","log4shell","scanner","vulnerability-scanners"],"created_at":"2025-06-17T09:11:06.392Z","updated_at":"2025-06-17T09:11:07.916Z","avatar_url":"https://github.com/1lann.png","language":"Go","readme":"# log4shelldetect\n\nScans a file or folder recursively for Java programs that may be vulnerable to:\n\n- CVE-2021-44228 (Log4Shell) (v2.0.x - v2.14.x)\n- CVE-2021-45046 (v2.15.x)\n- CVE-2021-45105 (v2.16.x)[^*]\n\n[^*]: 2.12.2 detection is not available yet pending 2.12.3's release which I will need to test. 2.12.2 will appear as patched.\n\nby inspecting the class paths inside files.\n\nIf you only want possibly vulnerable files to be printed rather than all files, run with `-mode list`.\n\n![Demo of log4shelldetect](./demo.png)\n\n## Usage\n\n```\nUsage: log4shelldetect [options] \u003cpath\u003e\n\nOptions:\n  -include-zip\n        include zip files in the scan\n  -mode string\n        the output mode, either \"report\" (every java archive pretty printed) or \"list\" (list of potentially vulnerable files) (default \"report\")\n```\n\n## License\n\nCode here is released to the public domain under [unlicense](/LICENSE).\n\nWith the exception of `velocity-1.1.9.jar` which is an example vulnerable `.jar` file part of [Velocity](https://github.com/PaperMC/Velocity) which is licensed under GPLv3.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1lann%2Flog4shelldetect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F1lann%2Flog4shelldetect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1lann%2Flog4shelldetect/lists"}