Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic earlier this month. The Apache Foundation has since fixed the bugs and issued patches, so the onus is now on software developers and administrators to patch software and apply the fixes.
Since Log4j is a hugely popular Java logging tool, the tech industry rallied to help IT departments and technologists address every instance of Log4j in their environment.
That includes multiple open source and commercial scanning tools provided by government organizations and tech firms alike. Here is a quick rundown of some of the available tools:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an open-sourced Log4j scanner derived from scanners created by other members of the open-source community, the agency tweeted last week. The tool is available on CISA’s GitHub page here.
Per the agency, the scanner is a modified version of scanners from cybersecurity company FullHunt and other sources.
Cybersecurity giant CrowdStrike has also released a free Log4j scanning tool, which it calls the CrowdStrike Archive Scan Tool (CAST). The firm says the tool performs a targeted search by scanning a given set of directories foe JAR, WAR, ZIP and EAR files, then performs a deeper scan on those file types matching against a known set of checksums for Log4j libraries. The tool can run on Windows, Mac and Linux systems.
Microsoft has added Log4j tools to Microsoft 365 Defender, including updates that provide a “consolidated view” of the organization’s exposure to the vulnerabilities on the device, software and vulnerable component level via automated and complementing capabilities.
The tools include discovery of vulnerable Log4j library components on devices, discovery of vulnerable applications with the Log4j library on devices, a dedicated Log4j dashboard and a new schema in advanced hunting that surfaces file-level findings from the disk and provides the ability to correlate them with additional context.
The cybersecurity company has released the Log4j Vulnerability Scanner and the Log4Shell Vulnerability Assessment Tool to help administrators secure their environment against the flaws. The company even made a demo video for the scanning tool, and the vulnerability assessment tool leverages complimentary access to the company’s Vision One threat defense platform to help identify endpoints and server applications that may be affected by Log4Shell.
The managed security firm Arctic Wolf has released a scanner that has gained significant traction in online IT forums. It’s an open-source deep-scan script that was first deployed to the company’s customer base and then made publicly available on GitHub for Windows, macOS and Linux users. According to the company, the tool enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.
Cybersecurity company Rezilion published this blog post that runs through some Log4j scanners and details what each can and can’t do. Give it a look because most scanners will miss Log4j in some formats.
Leave a Reply