Qualys , the IT security company has come out with a new tool for Windows that helps any one to scan for Log4j files in a Windows machine. It’s a simple Log4jScanner.exe called “log4jscanwin” that scans the files including entire hard drives and Nested JARs that might contain log4j vulnerability. This application will also output the results to console as well as it can also a get a signature report on possible detections.
Step 1: Download the zip file from GitHub – https://github.com/Qualys/log4jscanwin/releases/download/1.2.18/Log4jScanner-1.2.18.zip
Step 2: Extract it to a folder and run one of the below commands in Step 3
Step 3: You can run either “/scan”, “/scan_directory”, “/scan_file” along with “/report” option.Sample usage is given below as shown
It will start scanning the drivers as shown below and will display the results as shown along with which CVE’s got affected.