diff --git a/pkgs/tools/security/log4j-vuln-scanner/default.nix b/pkgs/tools/security/log4j-vuln-scanner/default.nix
new file mode 100644
index 000000000000..f15a439a3822
--- /dev/null
+++ b/pkgs/tools/security/log4j-vuln-scanner/default.nix
@@ -0,0 +1,25 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "log4j-vuln-scanner";
+  version = "0.6";
+
+  src = fetchFromGitHub {
+    owner = "hillu";
+    repo = "local-log4j-vuln-scanner";
+    rev = "v${version}";
+    sha256 = "sha256-6LbKwDu3YZFRaIUOcepbLVZC9OYnqb0Tl0ElGDIzW48=";
+  };
+
+  vendorSha256 = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=";
+
+  meta = with lib; {
+    description = "Local log4j vulnerability scanner";
+    homepage = "https://github.com/hillu/local-log4j-vuln-scanner";
+    license = with licenses; [ gpl3Only ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 007ea0ae89c9..e63728661cfa 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7467,6 +7467,8 @@ with pkgs;
 
   log4j-scan = callPackage ../tools/security/log4j-scan { };
 
+  log4j-vuln-scanner = callPackage ../tools/security/log4j-vuln-scanner { };
+
   log4jcheck = callPackage ../tools/security/log4jcheck { };
 
   log4shell-detector = callPackage ../tools/security/log4shell-detector { };