Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/santosomar/log4j-ioc-detector

A Simple Log4j Indicator of Compromise Linux Detector
https://github.com/santosomar/log4j-ioc-detector

Last synced: 22 days ago
JSON representation

A Simple Log4j Indicator of Compromise Linux Detector

Host: GitHub
URL: https://github.com/santosomar/log4j-ioc-detector
Owner: santosomar
License: bsd-3-clause
Created: 2021-12-14T17:06:27.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2021-12-15T16:08:15.000Z (almost 3 years ago)
Last Synced: 2024-08-05T17:45:32.748Z (4 months ago)
Language: Shell
Size: 6.84 KB
Stars: 14
Watchers: 3
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - santosomar/log4j-ioc-detector - A Simple Log4j Indicator of Compromise Linux Detector (Shell)

README

# log4j Linux IoC Detector
A basic Bash script to detect log4j Indicator of Compromise (IoC) in Linux.

## How to Use
1. Clone this repository:
```
git clone https://github.com/santosomar/log4j-ioc-detector
```
2. Run the the `log4j_ioc_detector.sh` script, as demonstrated below:

```
# bash sudo log4j_ioc_detector.sh
A basic Bash script to detect log4j Indicator of Compromise (IoC) in Linux.
Author: Omar Santos (@santosomar)
+------------------------------------------+
Scan Started:
| Tue Dec 14 17:26:36 UTC 2021 |
Searching for exploitation attempts in uncompressed files in folder /var/log and all sub folders
Searching for exploitation attempts in compressed files in folder /var/log and all sub folders
Searching for obfuscated variants
```

Any IoCs in the logs will be reported to the screen...