-
Notifications
You must be signed in to change notification settings - Fork 0
/
log4j-scanner.go
executable file
·243 lines (218 loc) · 6.07 KB
/
log4j-scanner.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
package main
import (
"archive/zip"
"bytes"
"encoding/json"
"flag"
"fmt"
"io"
"io/ioutil"
"net/http"
"os"
"path/filepath"
"strings"
"github.com/hillu/local-log4j-vuln-scanner/filter"
)
type excludeFlags []string
var (
verbose bool
apiUrl string
excludes excludeFlags
ignoreV1 bool
quiet bool
logFileName string
vulnFiles []string
hostname, _ = os.Hostname()
logFile = os.Stdout
errFile = os.Stderr
)
func (flags *excludeFlags) String() string {
return fmt.Sprint(*flags)
}
func (flags *excludeFlags) Set(value string) error {
*flags = append(*flags, value)
return nil
}
func (flags excludeFlags) Has(path string) bool {
for _, exclude := range flags {
if path == exclude {
return true
}
}
return false
}
func handleJar(path string, ra io.ReaderAt, sz int64) {
// Get absolute path to jar file
absPath, err := filepath.Abs(path)
if err != nil {
fmt.Fprintf(errFile, "Could not get absolute path to %s: %s\n", path, err)
absPath = path
}
if verbose {
fmt.Fprintf(logFile, "Inspecting %s...\n", absPath)
}
zr, err := zip.NewReader(ra, sz)
if err != nil {
fmt.Fprintf(logFile, "cant't open JAR file: %s (size %d): %v\n", absPath, sz, err)
return
}
for _, file := range zr.File {
if file.FileInfo().IsDir() {
continue
}
switch strings.ToLower(filepath.Ext(file.Name)) {
case ".jar", ".war", ".ear":
fr, err := file.Open()
if err != nil {
fmt.Fprintf(logFile, "can't open JAR file member for reading: %s (%s): %v\n", absPath, file.Name, err)
continue
}
buf, err := ioutil.ReadAll(fr)
fr.Close()
if err != nil {
fmt.Fprintf(logFile, "can't read JAR file member: %s (%s): %v\n", absPath, file.Name, err)
}
handleJar(absPath+"::"+file.Name, bytes.NewReader(buf), int64(len(buf)))
default:
fr, err := file.Open()
if err != nil {
fmt.Fprintf(logFile, "can't open JAR file member for reading: %s (%s): %v\n", absPath, file.Name, err)
continue
}
// Identify class filess by magic bytes
buf := bytes.NewBuffer(nil)
if _, err := io.CopyN(buf, fr, 4); err != nil {
if err != io.EOF && !quiet {
fmt.Fprintf(logFile, "can't read magic from JAR file member: %s (%s): %v\n", absPath, file.Name, err)
}
fr.Close()
continue
} else if !bytes.Equal(buf.Bytes(), []byte{0xca, 0xfe, 0xba, 0xbe}) {
fr.Close()
continue
}
_, err = io.Copy(buf, fr)
fr.Close()
if err != nil {
fmt.Fprintf(logFile, "can't read JAR file member: %s (%s): %v\n", absPath, file.Name, err)
continue
}
if desc := filter.IsVulnerableClass(buf.Bytes(), file.Name, !ignoreV1); desc != "" {
// fmt.Fprintf(logFile, "indicator for vulnerable component found in %s (%s): %s\n", absPath, file.Name, desc)
vulnFiles = append(vulnFiles, absPath)
continue
}
}
}
}
func init() {
flag.Var(&excludes, "exclude", "paths to exclude")
flag.StringVar(&apiUrl, "api", "", "API URL")
flag.BoolVar(&verbose, "verbose", false, "log every archive file considered")
flag.StringVar(&logFileName, "log", "", "log file to write output to")
flag.BoolVar(&quiet, "quiet", false, "no ouput unless vulnerable")
flag.BoolVar(&ignoreV1, "ignore-v1", false, "ignore log4j 1.x versions")
flag.Parse()
if !quiet {
fmt.Printf("%s - a simple local log4j vulnerability scanner based on github.com/hillu/local-log4j-vuln-scanner\n", filepath.Base(os.Args[0]))
}
if len(os.Args) < 2 {
fmt.Fprintf(os.Stderr, "Usage: %s [--api] [--verbose] [--quiet] [--ignore-v1] [--log logfilename] [--exclude path] [ paths ... ]\n", os.Args[0])
os.Exit(1)
}
if logFileName != "" {
f, err := os.Create(logFileName)
if err != nil {
fmt.Fprintln(os.Stderr, "Could not create log file")
os.Exit(2)
}
logFile = f
errFile = f
defer f.Close()
}
}
func main() {
// Recoursively scan all the files in the given path
for _, root := range flag.Args() {
filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
if err != nil {
fmt.Fprintf(errFile, "%s: %s\n", path, err)
return nil
}
if excludes.Has(path) {
return filepath.SkipDir
}
if info.IsDir() {
return nil
}
switch ext := strings.ToLower(filepath.Ext(path)); ext {
case ".jar", ".war", ".ear":
f, err := os.Open(path)
if err != nil {
fmt.Fprintf(errFile, "can't open %s: %v\n", path, err)
return nil
}
defer f.Close()
sz, err := f.Seek(0, os.SEEK_END)
if err != nil {
fmt.Fprintf(errFile, "can't seek in %s: %v\n", path, err)
return nil
}
if _, err := f.Seek(0, os.SEEK_END); err != nil {
fmt.Fprintf(errFile, "can't seek in %s: %v\n", path, err)
return nil
}
handleJar(path, f, sz)
default:
return nil
}
return nil
})
}
if !quiet {
fmt.Println("\nScan finished")
// Print the vulnFiles
if len(vulnFiles) > 0 {
fmt.Println("\nVulnerable files:")
for _, f := range vulnFiles {
fmt.Println(f)
}
} else {
fmt.Println("No vulnerable files found")
}
}
if apiUrl != "" {
// Parse the data to json API request
var mapSlice []map[string]string
for _, f := range vulnFiles {
mapSlice = append(mapSlice, map[string]string{"fileName": f})
}
// var jsonMap = map[string]interface{}{"servername": "hostname", "vulnerableFiles": mapSlice}
jsonMap := map[string]interface{}{"servername": hostname, "vulnerableFiles": mapSlice}
// Convert jsonMap2 to bytes
jsonBytes, err := json.Marshal(jsonMap)
if err != nil {
fmt.Fprintf(errFile, "Error in marshalling jsonMap2: %v\n", err)
return
}
// Post the data to the apiUrl
req, err := http.NewRequest("POST", apiUrl, bytes.NewBuffer(jsonBytes))
if err != nil {
fmt.Fprintf(errFile, "Error creating request: %v\n", err)
return
}
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Fprintf(errFile, "Error posting data: %v\n", err)
return
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
fmt.Fprintf(errFile, "Error posting data: %v\n", err)
return
}
fmt.Printf("\nData successfully posted to %s\n", apiUrl)
}
}