FORGEBOX Enterprise 🚀 - Take your ColdFusion (CFML) Development to Modern Times! Learn More...
CommandBox Log4j Detectv1.0.2 Public
This module is a simple wrapper for the Log4j Detect project found here:
The Log4j Detect project is a native Go binary which will scan any folder of jars for vulnerable files. This module will download the latest binary for your OS and run it.
Install the module like so:
CommandBox> install commandbox-log4j-detect
On first run, the module will download the latest version of the 3rd party library based on your OS and CPU arch. It will not check or download again on subsequent runs. You can use the
--forceBinaryDownload flag when scanning to force it to re-download the latest 3rd party library if you wish.
CommandBox> log4j-detect C:/websites/ --forceBinaryDownload
Scan the current directory by running the command:
Scan another directory by specying it as a parameter
CommandBox> log4j-detect C:/ColdFusion2021 CommandBox> log4j-detect /path/to/folder
Scan a list of directories for vulnerable Log4j jars
CommandBox> log4j-detect C:/foo,C:/bar,D:/baz
Scan a all drives on your machine. This can take a very long time.
CommandBox> log4j-detect --scanAllDrives
box install commandbox-log4j-detect