log4shell.tools Scan logs

Log4Shell Scanner

Paste a log line, request header, or whole log file and instantly flag Log4Shell (CVE-2021-44228) exploitation attempts — including obfuscated JNDI payloads.

  • Free forever
  • No watermark
  • No signup
  • Batch ready
  1. Paste log lines, a header value, or a whole log file into the box.
  2. Click Scan — payloads are de-obfuscated and analysed locally.
  3. Review each finding: line, protocol, whether it was obfuscated, and why it's dangerous.

All log4shell tools

log4shell.tools is a small set of defensive utilities for the Log4Shell vulnerability (CVE-2021-44228). The scanner flags JNDI exploitation attempts in your logs — even obfuscated ones — while the version checker tells you whether a given Log4j build is vulnerable and what to upgrade to. Detection only: nothing here executes payloads or contacts external hosts.

Below, our guides explain how Log4Shell works, how attackers obfuscate payloads, how to detect exploitation, and how to remediate for good.

Defensive by design

These tools exist to help defenders triage logs and inventory versions quickly during and after the Log4Shell crisis. They do not generate attack payloads. The scanner de-obfuscates Log4j lookup syntax purely to recognise hostile strings — it never resolves them.

From our guides

Browse all articles →
Log4j versions & CVEs CVE-2021-45046 vs 45105: The Log4Shell Follow-On Flaws A defender's comparison of CVE-2021-45046 and CVE-2021-45105, explaining why the first Log4Shell fix was incomplete, what the denial-of-service follow-up was, and why only 2.17.1 is the safe endpoint. 6 min read Detecting exploitation How to Detect Log4Shell Exploitation in Your Logs A practical guide for defenders on detecting Log4Shell exploitation attempts in existing logs, covering which fields to search, the JNDI patterns to look for, and how to triage real findings. 6 min read Log4Shell explained How the Log4Shell JNDI Lookup RCE Worked, Conceptually A conceptual, defender-focused walkthrough of how the Log4Shell JNDI lookup led to remote code execution, explaining each link in the chain and where defenders can break it. 6 min read Remediation & patching How to Patch Log4j Against Log4Shell: A Step-by-Step Guide A step-by-step guide to patching Log4j against Log4Shell, covering which version to upgrade to, handling transitive dependencies, verifying the fix, and avoiding regressions. 6 min read Log4j versions & CVEs Is My Log4j Version Vulnerable? A Defender's Checklist A defender's checklist for deciding whether a Log4j version is vulnerable, mapping version numbers to the Log4Shell CVEs and explaining how to find your true version including transitive dependencies. 6 min read Log4j versions & CVEs The Log4j Patch Timeline: Every Version and What It Fixed A defender's timeline of the Log4j patch releases, explaining what 2.15.0, 2.16.0, 2.17.0, and 2.17.1 each fixed, the 2.12.4 and 2.3.2 backports, and which version is the safe endpoint. 6 min read Remediation & patching Log4Shell Mitigation Without Upgrading: Stopgaps That Help A defender's guide to mitigating Log4Shell when you cannot upgrade yet, covering removing JndiLookup.class, formatMsgNoLookups, WAF limits, and why these are stopgaps rather than fixes. 6 min read Obfuscated payloads Obfuscated JNDI Payloads Explained for Blue Teams A defender's breakdown of how Log4Shell JNDI payloads are obfuscated, from case-folding lookups to default-value tricks and encoding, so blue teams can recognise them in logs and traffic. 5 min read

Frequently asked questions

Is log4shell.tools an attack tool?
No — it's purely defensive. It detects exploitation attempts and assesses versions; it does not generate or send payloads.
What does the scanner detect?
JNDI lookup payloads (${jndi:ldap://…} and obfuscated variants) consistent with CVE-2021-44228 exploitation, with the protocol and de-obfuscated form shown.
What version should I upgrade to?
Log4j 2.17.1+ for Java 8+, which fixes CVE-2021-44228, 45046 and 45105.