COVID-19 Update

Log4j Scanning Tools Now Available for Free and Public Use

CISA, CrowdStrike, Microsoft and others have released Log4j scanning tools to help organizations find vulnerable instances of the Java logger.

Leave a Comment

Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic early last month. The Apache Foundation has since fixed the bugs and issued patches. So the onus is now on software developers and administrators to patch software and apply the fixes. Log4j is a hugely popular Java logging tool. Understandably, the tech industry rallied to help IT departments and technologists address every instance of Log4j in their environment through scanning tools.

That includes multiple open source and commercial scanning tools provided by government organizations and tech firms alike. Here is a quick rundown of some of the available tools:

CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an open-sourced Log4j scanner derived from scanners created by other members of the open-source community. This was tweeted by the agency last week. The tool is available on CISA’s GitHub page here.

Per the agency, the scanner is a modified version of scanners from cybersecurity company FullHunt and other sources.

CrowdStrike

Cybersecurity giant CrowdStrike has also released a free Log4j scanning tool, called the CrowdStrike Archive Scan Tool (CAST). The firm says the tool performs a targeted search by scanning a given set of directories foe JAR, WAR, ZIP and EAR files. Then, it performs a deeper scan on those file types matching against a known set of checksums for Log4j libraries. The tool can run on Windows, Mac and Linux systems.

Microsoft

Microsoft has added Log4j tools to Microsoft 365 Defender. This includes updates that provide a “consolidated view” of the organization’s exposure to the vulnerabilities on the device, software and vulnerable component level via automated and complementing capabilities.

The tools include discovery of vulnerable Log4j library components on devices and discovery of vulnerable applications with the Log4j library on devices. In addition, there is a dedicated Log4j dashboard and a new schema in advanced hunting. This surfaces file-level findings from the disk and provides the ability to correlate them with additional context.

Also Read: Which AV Products are Impacted by the Log4j Vulnerability?

Trend Micro

The cybersecurity company has released the Log4j Vulnerability Scanner and the Log4Shell Vulnerability Assessment Tool. These help administrators secure their environment against the flaws. The company even made a demo video for the scanning tool. Additionally, the vulnerability assessment tool leverages complimentary access to the company’s Vision One threat defense platform. This helps identify endpoints and server applications that may be affected by Log4Shell.

Arctic Wolf

The managed security firm Arctic Wolf has released a scanner that has gained significant traction in online IT forums. It’s an open-source deep-scan script that was first deployed to the company’s customer base. It was then made publicly available on GitHub for Windows, macOS and Linux users. According to the company, the tool enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.

Rezilion

Cybersecurity company Rezilion published this blog post that runs through some Log4j scanners and details what each can and can’t do. Give it a look because most scanners will miss Log4j in some formats.