Log4shelldetect
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
Install / Use
/learn @1lann/Log4shelldetectREADME
log4shelldetect
Scans a file or folder recursively for Java programs that may be vulnerable to:
- CVE-2021-44228 (Log4Shell) (v2.0.x - v2.14.x)
- CVE-2021-45046 (v2.15.x)
- CVE-2021-45105 (v2.16.x)[^*]
[^*]: 2.12.2 detection is not available yet pending 2.12.3's release which I will need to test. 2.12.2 will appear as patched.
by inspecting the class paths inside files.
If you only want possibly vulnerable files to be printed rather than all files, run with -mode list.
Usage
Usage: log4shelldetect [options] <path>
Options:
-include-zip
include zip files in the scan
-mode string
the output mode, either "report" (every java archive pretty printed) or "list" (list of potentially vulnerable files) (default "report")
License
Code here is released to the public domain under unlicense.
With the exception of velocity-1.1.9.jar which is an example vulnerable .jar file part of Velocity which is licensed under GPLv3.
Related Skills
next
A beautifully designed, floating Pomodoro timer that respects your workspace.
product-manager-skills
34PM skill for Claude Code, Codex, Cursor, and Windsurf: diagnose SaaS metrics, critique PRDs, plan roadmaps, run discovery, and coach PM career transitions.
devplan-mcp-server
3MCP server for generating development plans, project roadmaps, and task breakdowns for Claude Code. Turn project ideas into paint-by-numbers implementation plans.
