log4jcheck: a platform independent tool to check for the log4j vulnerability

Right now, billions of devices are affected by the log4j vulnerability (also called log4shell), which is the short term for a critical security issue in Apache's Java library.

The vulnerability allows an attacker to gain remotely gain unauthenticated access to a target device and execute arbitrary code.

This platform independent tool can be used to quickly check if a remote target is affected by this vulnerability to help penetration testers but also administrators to quickly identify and mitigate the log4j vulnerability.


Usage: log4jcheck [options]

Show this help message

Hide application banner
-s, --silent

Timeout between server request and DNS logging in ms (default=6000), increase timeout for accuracy, decrease for speed
-t, --timeout

Use a custom list of target headers to check (separated by comma)
-c, --custom

Check multiple default headers
-m, --multiple

Use a custom protocol (default=jndi:ldap://)
-p, --protocol

Set output format to JSON
-j, --json

Print debug output
-d, --debug

Target URL to check
-u, --url


Linux (x64):

Windows (x64):

MacOS (x64):