diff --git a/pkgs/tools/security/log4jcheck/default.nix b/pkgs/tools/security/log4jcheck/default.nix
new file mode 100644
index 000000000000..291bf1ff96b4
--- /dev/null
+++ b/pkgs/tools/security/log4jcheck/default.nix
@@ -0,0 +1,34 @@
+{ lib
+, fetchFromGitHub
+, python3
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "log4jcheck";
+  version = "unstable-2021-12-14";
+  format = "other";
+
+  src = fetchFromGitHub {
+    owner = "NorthwaveSecurity";
+    repo = pname;
+    rev = "736f1f4044e8a9b7bf5db515e2d1b819253f0f6d";
+    sha256 = "sha256-1al7EMYbE/hFXKV4mYZlkEWTUIKYxgXYU3qBLlczYvs=";
+  };
+
+  propagatedBuildInputs = with python3.pkgs; [
+    requests
+  ];
+
+  installPhase = ''
+    runHook preInstall
+    install -vD nw_log4jcheck.py $out/bin/${pname}
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Tool to check for vulnerable Log4j (CVE-2021-44228) systems";
+    homepage = "https://github.com/NorthwaveSecurity/log4jcheck";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 8dbe51b68cf2..9cd1ec6c48f7 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7465,6 +7465,8 @@ with pkgs;
 
   log4j-scan = callPackage ../tools/security/log4j-scan { };
 
+  log4jcheck = callPackage ../tools/security/log4jcheck { };
+
   logcheck = callPackage ../tools/system/logcheck { };
 
   logmein-hamachi = callPackage ../tools/networking/logmein-hamachi { };