{"id":18832663,"url":"https://github.com/datto/log4shell-tool","last_synced_at":"2026-01-25T18:30:17.763Z","repository":{"id":45381129,"uuid":"437958327","full_name":"datto/log4shell-tool","owner":"datto","description":"Log4Shell Enumeration, Mitigation and Attack Detection Tool","archived":false,"fork":false,"pushed_at":"2023-07-10T13:47:34.000Z","size":3568,"stargazers_count":15,"open_issues_count":10,"forks_count":13,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-12-30T07:21:16.575Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-13T17:09:38.000Z","updated_at":"2022-01-20T01:05:06.000Z","dependencies_parsed_at":"2023-01-23T03:00:45.918Z","dependency_job_id":null,"html_url":"https://github.com/datto/log4shell-tool","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datto%2Flog4shell-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datto%2Flog4shell-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datto%2Flog4shell-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datto%2Flog4shell-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datto","download_url":"https://codeload.github.com/datto/log4shell-tool/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239768927,"owners_count":19693763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T01:58:40.638Z","updated_at":"2026-01-25T18:30:17.709Z","avatar_url":"https://github.com/datto.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Log4Shell Enumeration, Mitigation and Attack Detection Tool\n### Build 9c [GitHub Version], 16th December 2021\n_By Datto, For the MSP Community_\n\n## Summary\nThis is a PowerShell-based script that can be run on a Windows system (it has been neither written for, nor tested with, other platforms) to:\n* (Optionally) inoculate the system against Log4Shell attacks with vulnerable Log4j versions by setting the `LOG4J_FORMAT_MSG_NO_LOOKUPS` environment variable to `TRUE`\n    * Check whether any JAR files on the system contains code linking it to a vulnerable Log4j version\n        * _This is not conclusive and should be used for reference only_\n* Using the YARA tool and [Florian Roth's definitions](https://github.com/Neo23x0/signature-base/blob/master/yara/expl_log4j_cve_2021_44228.yar), check all JAR, LOG and TXT files on the system for indicators of Log4Shell attacks\n\nThe script was originally developed as a Component for the [Datto RMM software](https://www.datto.com/rmm); however, as part of Datto's ongoing commitment to the MSP, it has been released for free for the Community.\n\n## Usage\n\nThree environment variables _(ie: $env:variableName)_ must be furnished, either by editing the script or by adding them in your runtime environment:\n* usrScanScope\n    * Value of 1: Only scan home drive (usually C:) _(Fastest scan time)_\n    * Value of 2: Scan all fixed and removable drives\n    * Value of 3: Scan all drives, including Network drives _(Slowest scan time -- may take several hours)_\n* usrUpdateDefs\n    * Value of `true`: Download the latest YARA definitions from Florian Roth to scan files against\n    * Value of `false`: Use definitions attached\n* usrMitigate\n    * Value of Y: Inoculate system by setting `LOG4J_FORMAT_MSG_NO_LOOKUPS` environment variable to `TRUE`\n    * Value of N: De-inoculate system by setting `LOG4J_FORMAT_MSG_NO_LOOKUPS` environment variable to `FALSE` (Use with caution!)\n    * Value of X: Ignore inoculation subroutine entirely\n\n## Included in package\n\n* [Yara](https://github.com/VirusTotal/yara) 4.1.3-1755 (32- \u0026 64-bit) \u0026 COPYING document\n* Florian Roth's YARA definitions for Log4Shell as of 13th December 2021\n\n## Changelog\n* Build 8b \u003e Build 9c\n    * Readability improvements for users running script from a single PowerShell console window\n    * Log.txt and L4JDetectiond.txt will be written to local directories if C:\\ProgramData\\CentraStage does not exist\n    * Example variables commented out at beginning of script for easy onboarding\n    * Script now checks for administrative status\n    * Script does not refer to UDFs for Non-RMM partners anymore\n\n## Credits\nThis script was written by seagull for Datto RMM and the wider MSP Community. It may be freely copied, edited and redistributed provided credits to Datto, seagull \u0026 a link to this GitHub repo remain in the comments.  \nYARA is a tool by the VirusTotal project. The definitions used here were created by Florian Roth.  \nwww.datto.com/rmm\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatto%2Flog4shell-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatto%2Flog4shell-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatto%2Flog4shell-tool/lists"}