This profile scans for vulnerable versions of Log4j Core JAR files directly on the file system, and embedded in WAR files.
git clone https://github.com/trickyearlobe/inspec-log4j
inspec exec inspec-log4j
Ensure you have SSH keys loaded for a privileged user (such as root) on the target. Alternatively, check the CLI docs to see how to use Inspec with SUDO
git clone https://github.com/trickyearlobe/inspec-log4j
inspec exec inspec-log4j -t ssh://root@host
git clone https://github.com/trickyearlobe/inspec-log4j
inspec archive inspec-log4j