From bc328b1163905a5b82f07f8b2a5c0eed48be511f Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Thu, 23 Dec 2021 20:41:15 -0500
Subject: [PATCH] log4j

---
 build_lists/sensitive_files.yaml                  | 15 +++++++++++++++
 .../linpeas_parts/6_software_information.sh       |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml
index ddb0b2c..17878c0 100644
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
@@ -795,6 +795,21 @@ search:
                 type: d
                 search_in: 
                   - common
+  
+  - name: Log4Shell
+    value:
+        config:
+          auto_check: False
+    
+        files:
+          - name: "log4j-core*.jar"
+            value: 
+                type: f
+                search_in: 
+                  - common
+                  - /lib
+                  - /lib32
+                  - /lib64
 
   - name: OpenVPN
     value:
diff --git a/linPEAS/builder/linpeas_parts/6_software_information.sh b/linPEAS/builder/linpeas_parts/6_software_information.sh
index fd45103..4d627f4 100644
--- a/linPEAS/builder/linpeas_parts/6_software_information.sh
+++ b/linPEAS/builder/linpeas_parts/6_software_information.sh
@@ -181,7 +181,7 @@ peass{Ldap}
 if [ "$PSTORAGE_LOG4SHELL" ] || [ "$DEBUG" ]; then
   print_2title "Searching Log4Shell vulnerable libraries"
   printf "%s\n" "$PSTORAGE_LOG4SHELL" | while read f; do
-    echo "$f" | grep -E "log4j\-core\-(1\.|2\.[0-9][^0-9]|2\.1[0-6])" | sed -${E} "s,log4j\-core\-(1\.|2\.[0-9][^0-9]|2\.1[0-6]),${SED_RED},";
+    echo "$f" | grep -E "log4j\-core\-(1\.[^0]|2\.[0-9][^0-9]|2\.1[0-6])" | sed -${E} "s,log4j\-core\-(1\.[^0]|2\.[0-9][^0-9]|2\.1[0-6]),${SED_RED},";
   done
   echo ""
 fi