This simple Ansible Playbook can be used to clone and execute the log4shell-detector pyhon script to detect CVE-2021-44228 exploit attempts in your infrastructure.
The playbook will save the findings for each host under reports/{hostname}
Clone the repository.
git clone https://github.com/kaipee/log4shell-detector-playbook.gitCreate your inventory file.
cd log4shell-detector-playbook
touch inventoryAdd your host entries to the inventory file.
Run the playbook.
ansible-playbook -i inventory main.ymlReview the findings for each host under the reports directory.
grep -iTR 'attempt detected' reports/*All credit goes to @cyberops for the log4shell-detector tool.