log4jcheck: a platform independent tool to check for the log4j vulnerability

Right now, billions of devices are affected by the log4j vulnerability (also called log4shell), which is the short term for a critical security issue in Apache's Java library.

The vulnerability allows an attacker to gain remotely gain unauthenticated access to a target device and execute arbitrary code.

This platform independent tool can be used to quickly check if a remote target is affected by this vulnerability to help penetration testers but also administrators to quickly identify and mitigate the log4j vulnerability.

Manual:

Usage: log4jcheck [options]

Show this help message
--help

Hide application banner
-s, --silent

Timeout between server request and DNS logging in ms (default=6000), increase timeout for accuracy, decrease for speed
-t, --timeout

Use a custom list of target headers to check (separated by comma)
-c, --custom

Check multiple default headers
-m, --multiple

Use a custom protocol (default=jndi:ldap://)
-p, --protocol

Set output format to JSON
-j, --json

Print debug output
-d, --debug

Target URL to check
-u, --url

Download:

Linux (x64):
https://cytres.com/tools/log4jcheck-linux-x64.tar.gz

Windows (x64):
https://cytres.com/tools/log4jcheck-windows-x64.tar.gz

MacOS (x64):
https://cytres.com/tools/log4jcheck-macOS-x64.tar.gz