Aims to find JndiLookup.class in nearly any directory or zip, jar, ear, war file, even deeply nested.# File system scanner for CVE-2021-44228
Aims to find JndiLookup.class in nearly any directory or zip, jar, ear, war file, even deeply nested.
* [find-class-files](./find-class-files) – Clojure implementation should be able to run nearly anywhere Java can run, assuming there's enough disk space.
* Given a set of file system roots (c:\my_dir or /home/home/on/the/range), shows instances of JndiLookup.class on the disk or in zips.
* [windows_cmd](./windows_cmd) – Prototype Windows scripts are batch files, but they're really slow and can get pretty verbose and they can't tell you the file hash.
[4.0K] /data/pocs/5713ee9c6be21d157d4eb4c0b422d128677b3874
├── [4.0K] examples
│ ├── [ 0] empty.jar
│ ├── [ 742] jar.jar
│ ├── [ 24] JndiLookup.class
│ ├── [4.0K] nothing_hiding_in_here
│ │ └── [ 0] just_a_file_to_make_sure_extra_files_are_handled_ok.txt
│ ├── [4.0K] somewhere
│ │ └── [4.0K] or
│ │ └── [4.0K] another
│ │ └── [ 154] JndiLookup.zip
│ └── [ 868] uberjar.war
├── [4.0K] find-class-files
│ ├── [ 2] deps.edn
│ └── [4.0K] src
│ └── [4.0K] find_class_files
│ └── [7.7K] program.clj
├── [4.0K] findclassfiles
│ ├── [ 326] build_and_package.cmd
│ ├── [ 643] findJndiLookup.cmd
│ ├── [ 255] findJndiLookup.ps1
│ ├── [ 645] project.clj
│ ├── [ 757] README.md
│ └── [4.0K] src
│ └── [4.0K] findclassfiles
│ └── [9.4K] program.clj
├── [ 607] README.md
└── [4.0K] windows_cmd
├── [ 380] check_drive.cmd
├── [1.0K] investigate_archive.cmd
├── [ 176] investigate_archives.cmd
├── [ 934] investigate_sub_archive.cmd
├── [273K] investigate.txt
├── [ 320] list.cmd
└── [ 193] runall.cmd
12 directories, 22 files