From 43a76ecdafa8598f08a602a4c7dabee8681f6f1b Mon Sep 17 00:00:00 2001 From: Brian Oster Date: Fri, 21 Jan 2022 14:14:04 -0600 Subject: [PATCH 1/3] Added option to store results in a file preserving color highlighting in addition to stdout. Added option to then view stored results displaying saved color highlighting. --- log4j-finder.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/log4j-finder.py b/log4j-finder.py index 38e9763..cee1981 100755 --- a/log4j-finder.py +++ b/log4j-finder.py @@ -259,8 +259,31 @@ def print_summary(stats): print(" Found {} patched files".format(stats["patched"])) if stats["unknown"]: print(" Found {} unknown files".format(stats["unknown"])) + - +def view_results(fname): + try: + f = open(fname, "r") + except IOError: + print("Error: File does not exist or cannot be opened.") + return + + print(f.read()) + f.close + + +class Tee(object): + def __init__(self, *files): + self.files = files + def write(self, obj): + for f in self.files: + f.write(obj) + f.flush() + def flush(self) : + for f in self.files: + f.flush() + + def main(): parser = argparse.ArgumentParser( description=f"%(prog)s v{__version__} - Find vulnerable log4j2 on filesystem (Log4Shell CVE-2021-4428, CVE-2021-45046, CVE-2021-45105)", @@ -301,11 +324,40 @@ def main(): help="exclude files/directories by pattern (can be used multiple times)", metavar='PATTERN' ) + parser.add_argument( + "-s", + "--saveresults", + metavar = "RESULTS-FILE", + help = "Save the results to a file in addition to stdout. "\ + "Results will include any color formating unless disabled. "\ + "Use --viewresults to view (stdout) the file with color highlighting." + ) + parser.add_argument( + "-r", + "--viewresults", + metavar = "RESULTS-FILE", + help = "View saved results with "\ + "color high-lighting (see --saveresults)."\ + "Scan is NOT performed." + ) args = parser.parse_args() logging.basicConfig( format="%(asctime)s %(levelname)s %(message)s", ) python_version = platform.python_version() + if args.viewresults != None: + view_results(args.viewresults) + return + + if args.saveresults != None: + try: + resultfile = open(args.saveresults, "w") + except IOError: + print("Unable to create results file specified.") + return + + sys.stdout = Tee(sys.stdout, resultfile) + if args.verbose == 1: log.setLevel(logging.INFO) log.info(f"info logging enabled - log4j-finder {__version__} - Python {python_version}") From 2dbd46df76a0d002ee9109423d0827192fb635e8 Mon Sep 17 00:00:00 2001 From: Brian Oster Date: Thu, 27 Jan 2022 09:47:11 -0600 Subject: [PATCH 2/3] added .gitignore for directories created during exe build --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7f7baab --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +__pycache__/ +build/ +dist/ \ No newline at end of file From 388007e7c92f83ef0fe424b7dbaa81b5c49f6219 Mon Sep 17 00:00:00 2001 From: Brian Oster Date: Thu, 27 Jan 2022 10:08:13 -0600 Subject: [PATCH 3/3] modded .gitignore for additional files created during exe build --- .gitignore | 3 ++- log4j-finder.spec | 33 --------------------------------- 2 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 log4j-finder.spec diff --git a/.gitignore b/.gitignore index 7f7baab..3119493 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ __pycache__/ build/ -dist/ \ No newline at end of file +dist/ +*.spec \ No newline at end of file diff --git a/log4j-finder.spec b/log4j-finder.spec deleted file mode 100644 index 3d37fd8..0000000 --- a/log4j-finder.spec +++ /dev/null @@ -1,33 +0,0 @@ -# -*- mode: python ; coding: utf-8 -*- - - -block_cipher = None - - -a = Analysis(['log4j-finder.py'], - hiddenimports=['colorama'], - win_no_prefer_redirects=False, - win_private_assemblies=False, - cipher=block_cipher, - noarchive=False) -pyz = PYZ(a.pure, a.zipped_data, - cipher=block_cipher) - -exe = EXE(pyz, - a.scripts, - a.binaries, - a.zipfiles, - a.datas, - [], - name='log4j-finder', - debug=False, - bootloader_ignore_signals=False, - strip=False, - upx=True, - upx_exclude=[], - runtime_tmpdir=None, - console=True, - disable_windowed_traceback=False, - target_arch=None, - codesign_identity=None, - entitlements_file=None )