How to find Log4j version in Windows machines?
There has been frenzy among teams inside organization to find which applications & machines are using vulnerable version of Log4j, running the below Windows commands might be easy way to find log4j instead of using expensive tools that might help you to detect vulnerable versions of Log4j.To detect all the files with Log4j in their name run the below commands for each drive and export it to a text file which can be combined then to give the list of Log4j files in a machine
Step 1: Run the below commands
dir C: /s /b | findstr log4j >> clog4j.txt dir D: /s /b | findstr log4j >> dlog4j.txt dir E: /s /b | findstr log4j >> elog4j.txt dir F: /s /b | findstr log4j >> flog4j.txt
This will list all the log4j files in the Drive
Step 2: Then combine all files into a single command
type clog4j.txt dlog4j.txt elog4j.txt flog4.txt > FullLog4j%COMPUTERNAME%.txt
Step 3: This will give a list of log4j files in different drivers which can be analyzed further to see what are the jars that needs to be upgraded