Skip to content

Commit c8e46d0

Browse files
s-nixs-nix
authored
Merge pull request #6 from ProVal-Tech/4-suppress-warning-messages-from-luna
Suppress Warning Messages from Luna (log4shell) and Improve Logging
2 parents 05c5e71 + 6c45f0c commit c8e46d0

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

Find-L4JVulnerabilities.ps1

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -404,6 +404,7 @@ Write-Log -Text "Scanning $($arrFiles.Length) total files for potential vulnerab
404404
#scan i: JARs containing vulnerable Log4j code
405405
Write-Log -Text "Scanning for JAR files containing potentially insecure Log4j code."
406406
$arrFiles | Where-Object {$_ -match '\.jar$'} | ForEach-Object {
407+
Write-Verbose -Message "Running insecure code scan on file '$_'"
407408
if (Select-String -Quiet -Path $_ "JndiLookup.class") {
408409
Write-Log -Text "! ALERT: Potentially vulnerable file at $($_)!" -Type WARN
409410
$script:varDetection = 1
@@ -414,6 +415,7 @@ if(-not $skipYARA) {
414415
#scan ii: YARA for logfiles & JARs
415416
Write-Log -Text "Scanning LOGs, TXTs and JARs for common attack strings via YARA scan."
416417
foreach ($file in $arrFiles) {
418+
Write-Verbose -Message "Running YARA scan on file '$file'"
417419
if ($file -notmatch "Find-L4JVulnerabilities|yara-log|luna-log|L4Jdetections|L4JConsoleLog|luna\.log") {
418420
$yaResult = $null
419421
$yaResult = cmd /c """$workingPath\yara$varch.exe"" ""$workingPath\yara.yar"" ""$file"" -s"
@@ -432,15 +434,18 @@ if(-not $skipYARA) {
432434
}
433435
}
434436

435-
Write-Log -Text "- Scanning for known vulnerable libraries via Luna scan."
437+
Write-Log -Text "Scanning for known vulnerable libraries via Luna scan"
436438
Write-Log -Text "Ref: https://github.com/lunasec-io/lunasec/tree/master/tools/log4shell"
437439
$lunaUrl = "https://github.com/lunasec-io/lunasec/releases/download/v1.6.1-log4shell/log4shell_1.6.1-log4shell_Windows_x86_64.exe"
438440
$lunaPath = "$workingPath\log4shell.exe"
441+
Write-Log -Text "Downloading Luna scanner (log4shell)"
439442
Remove-Item -Path $lunaPath -Force -ErrorAction SilentlyContinue
440443
[Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072)
441444
(New-Object System.Net.WebClient).DownloadFile($lunaUrl,$lunaPath)
442445
foreach($drive in $script:varDrives) {
443-
$lunaResults = @(cmd /c """$lunaPath"" s --json $drive\ 2>&1")
446+
Write-Log -Text "Starting Luna scan for drive '$drive'"
447+
$lunaResults = @(cmd /c """$lunaPath"" scan --ignore-warnings --no-follow-symlinks --json $drive\ 2>&1")
448+
Write-Log -Text "Completed Luna scan for drive '$drive'"
444449
Add-Content -Value $lunaResults -Path $lunaLog
445450
foreach($entry in $lunaResults) {
446451
if($entry -match """severity"":") {

0 commit comments

Comments
 (0)