Skip to content

How to find Log4j version in Windows machines?

There has been frenzy among teams inside organization to find which applications & machines are using vulnerable version of Log4j, running the below Windows commands might be easy way to find log4j instead of using expensive tools that might help you to detect vulnerable versions of Log4j.To detect all the files with Log4j in their name run the below commands for each drive and export it to a text file which can be combined then to give the list of Log4j files in a machine

Step 1: Run the below commands

dir C: /s /b | findstr log4j >> clog4j.txt
dir D: /s /b | findstr log4j >> dlog4j.txt 
dir E: /s /b | findstr log4j >> elog4j.txt 
dir F: /s /b | findstr log4j >> flog4j.txt 

This will list all the log4j files in the Drive

Step 2: Then combine all files into a single command

type clog4j.txt dlog4j.txt elog4j.txt flog4.txt > FullLog4j%COMPUTERNAME%.txt

Step 3: This will give a list of log4j files in different drivers which can be analyzed further to see what are the jars that needs to be upgraded