-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlog4j.sh
67 lines (57 loc) · 2.13 KB
/
log4j.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
# __________ ___. .__ __
# \______ \ __ __ \_ |__ _______ |__|| | __
# | _/| | \ | __ \ \_ __ \| || |/ /
# | | \| | / | \_\ \ | | \/| || <
# |____|_ /|____/ |___ / |__| |__||__|_ \
# \/ \/ \/
# Get evidence of log4j presence in any VMs snapshots (from either vmware or Nutanix AHV)
# Thanks a lot to @nboyadj who created the logic
# I only put all into music !
# Define variables
clusterIP=1.1.1.1
search_filter=log4j*.jar
username=user
password=secret
# Create working directory
mkdir out 2> /dev/null
rm -f out/*
rm vmware.csv
rm nutanix.csv
# Get vm ID for vmware
echo
echo Getting list of VM IDs
echo
curl -k -X GET "https://$clusterIP/api/v1/vmware/vm" -H "accept: application/json" -u $username:$password > vmware.json
echo
# Get vm ID for nutanix
curl -k -X GET "https://$clusterIP/api/internal/nutanix/vm" -H "accept: application/json" -u $username:$password > nutanix.json
# Rewrite vm name : vm id
cat vmware.json | jq '.data[] | .name + "," + .id' | sed s'|"||g' > vmware.csv
cat nutanix.json | jq '.data[] | .name + "," + .id' | sed s'|"||g' > nutanix.csv
# Loop thru vm/vmID and search for log4j for vmware
while read line;
do
vmname=$(echo "${line}" | cut -d , -f 1);
vmid=$(echo "${line}" | cut -d , -f 2);
echo Working on $vmname;
curl -s -k -X GET "https://$clusterIP/api/v1/vmware/vm/${vmid}/search?path=$search_filter" -H "accept: application/json" -u $username:$password > "./out/$vmname.json";
done < vmware.csv
# Loop thru vm/vmID and search for log4j for nutanix
while read line;
do
vmname=$(echo "${line}" | cut -d , -f 1);
vmid=$(echo "${line}" | cut -d , -f 2);
echo Working on $vmname;
curl -s -k -X GET "https://$clusterIP/api/internal/nutanix/vm/${vmid}/search?path=$search_filter" -H "accept: application/json" -u $username:$password > "./out/$vmname.json";
done < nutanix.csv
echo
echo Displaying results ...
echo
# Parse JSON files
cd out
ls -1 > filelist
while read f; do cat "$f" | jq '.data[] | .path' | awk -v file="$f" '{print file","$0}' ; done < filelist
echo
echo Finished.
echo