Last week, CISA released its own Log4j scanner alongside several others released by various cybersecurity companies and researchers. The open-source tool is derived from scanners created by other community members and is designed to help organizations determine if they have vulnerable web services affected by critical Log4j vulnerabilities. CISA reportedly modified a scanner created by security firm FullHunt and enlisted the help of other researchers such as Philipp Klaus and Moritz Bechler to produce the scanner.
Its repository provides a scanning solution for two major vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. CISA said the scanner also supports DNS callback for vulnerability discovery and validation. The scanner provides fuzzing for JSON data parameters, HTTP Post Data parameters, and support for URL lists. CrowdStrike has released its own free Log4j scanner named CrowdStrike Archive Scan Tool (CAST) which has many similarities to CISA’s. According to vulnerability researcher Yotam Perkal, the scanners still need work. In a series of tests, Perkal found that many available scanners were unable to find all instances of the vulnerability.