Skip to content

thanasisk/k-amon-k

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

k-amon-k - Yet another log4j scanner

Quick-n-Dirty installation

Assuming you have a working Go installation in your *NIX

  • git clone git@github.com:thanasisk/k-amon-k.git
  • go get golang.org/x/sys/unix
  • go build
  • ./k-amon-k foo.war

Releases etc coming

FAQ

  • What's with the name?
  • I really like this band, if you are into metal music, make sure to support them
  • How does it work?
  • At the time of writing, log4j 2.0.17 is considered the only safe version, thus the only good known SHA256. The utility contains known BAD SHA256s for known vulnerable versions.
  • Does it support nested Zips/Jars etc?
  • Yes!
  • Is it not MD5, that "competing" implementations use,considered broken from a security perspective?
  • Yes and indeed it is. While an attack is might not be practical, let's use SHA256.
  • Where has this been tested on?
  • Why, Linux only of course.

License

GPL v3

About

Yet another log4j vulnerability scanner

Topics

security log4shell

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages