Comments (4)
yunzheng
commented on July 22, 2024
Hi, we have a note about this in the README.md for windows that it only scans the root drive c:\
Thanks for your patch, do you think it's possible to check fi the drive is a logical drive and not a mapped network share?
I'm concerned that people deploy this in their networks and causes every host to scan the same share :D
Or maybe this is a non issue as you mention you can exclude drives using the --exclude flag. Happy to hear your thoughts.
from log4j-finder.
hvdort
commented on July 22, 2024
I have added some code to do it automatic:
-
add reference on top:
import wmi -
add line 301 - 306:
parser.add_argument(
"-a",
"--all-drives",
action="store_true",
help="all local drives (windows)"
) -
add this snippet after "print (FIGLET)":
if args.all_drives:
args.path.remove('/')
for d in wmi.WMI().Win32_LogicalDisk():
if d.DriveType == 3:
args.path.append(d.Name+'\')
I'm not a programmer. Anybody else the possibility to make a pull request with this code?
If you compile the code at yourself run once: pip install wmi
from log4j-finder.
sibalzer
commented on July 22, 2024
@yunzheng I didn't see this as a problem at first because under Linux all connected network drives are scanned as well. As proposed by @hvdort we can use the win32 api to get the logical drives. However i suggest to use it via ctypes to not create additional dependency. Working on it rn.
from log4j-finder.
sibalzer
commented on July 22, 2024
bc1be64 adds a check for local drives.
from log4j-finder.
Related Issues (20)
- Errors on one certain server - too long filename perhaps? HOT 5
- Critical issue on Windows HOT 3
- LICENSE is missing HOT 1
- Renamed class extensions are not found HOT 2
- GitHub Action didnt publish the release HOT 1
- Symantec Endpoint Protection detects as Trojan HOT 3
- Documentation could use a parameter list with their uses HOT 1
- log4j-finder will change acces time of a jar file HOT 2
- One-Click Windows Version (cmd stays open after execution) HOT 3
- Not working for log4j-1.x where JMSAppender.class exists HOT 1
- Missing 'known bad' hash for versions <2.1? HOT 2
- Scanning issue very large zip files HOT 6
- Very strange security issues from running the Log4j-finder.exe on a Windows 10 machine?
- Exit with error when Vulnerability is found (optional parameter)
- Error with a ZIP file HOT 6
- redhat linux 6 glibc_2.14 not found error HOT 1
- script (binary) requires executable option on /tmp mount HOT 2
- does not scan .nar files
- Signed Windows Binary Out-Of-Date
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4j-finder.