Avast WEBforum

Other => Non-Avast security products => Topic started by: polonus on December 20, 2021, 10:16:05 AM

Title: Does avast offer something in the line of a log4j scan?
Post by: polonus on December 20, 2021, 10:16:05 AM

See this web-based tool: -https://log4j-tester.trendmicro.com/
Or here: -https://www.blackhatethicalhacking.com/tools/log4j-scan/

As this could be the vulner of the day:  Log4j attackers switch to injecting Monero miners via RMI now.

Restrictions apply.
Use of such scanners only when one has authorization (prior written). Usage of log4j-scan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. This also applies for a pen-testing tool like this firefox toolkit
(with specific add-ons) -https://github.com/mazen160/Firefox-Security-Toolkit (for security researching pen-testers only).

polonus

Title: Re: Does avast offer something in the line of a log4j scan?
Post by: Asyn on December 20, 2021, 10:41:50 AM

Improving OSS-Fuzz and Jazzer to catch Log4Shell
https://security.googleblog.com/2021/12/improving-oss-fuzz-and-jazzer-to-catch.html

Title: Re: Does avast offer something in the line of a log4j scan?
Post by: Asyn on December 23, 2021, 09:52:10 AM

CISA releases Apache Log4j scanner to find vulnerable apps
https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/