Multiple Log4j scanners released by CISA, CrowdStrike
Last week, the CISA released its own Log4j scanner alongside several others published by various cybersecurity companies and researchers. The open-sourced tool is derived from scanners created by other members of the community and is designed to help organizations determine if they have vulnerable web services affected by the critical Log4j vulnerabilities. The CISA reportedly modified a scanner created by security company FullHunt and sought assistance from other researchers such as Philipp Klaus and Moritz Bechler to produce the scanner.
Its repository provides a scanning solution for two major vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. The CISA stated that the scanner supports DNS callback for vulnerability discovery and validation as well. The scanner provides fuzzing for JSON data parameters, HTTP Post Data parameters and support for lists of URLs. CrowdStrike released its own free Log4j scanner named the CrowdStrike Archive Scan Tool (CAST) that bears many similarities too that of the CISA. According to vulnerability researcher Yotam Perkal, the scanners still need work. In a series of tests, Perkal found that many of the available scanners were unable to find all instances of the vulnerability.