A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to
It scans recursively both on disk and inside Java Archive files (JARs).
Example usage to scan a path (defaults to /):
$ python3 log4j-finder.py /path/to/scan
Or directly a JAR file:
$ python3 log4j-finder.py /path/to/jarfile.jar
Or multiple directories and or files:
$ python3 log4j-finder.py /path/to/dir1 /path/to/dir2 /path/to/jarfile.jar
Files or directories that cannot be accessed (Permission denied errors) are not printed.
If you want to see more output, you can give the
-v flag for verbose, or
-vv for debug mode (only recommended for debugging purposes).