/MemoryShellHunter

Java Agent memory horse scanner combined with Call Graph modus

Primary LanguageJavaMozilla Public License 2.0MPL-2.0

MemoryShellHunter

Java Agent memory horse scanner combined with Call Graph modus

Platforms Java version License

About

MemoryShellHunter是一款结合动态Building Call Graph的内存马Scanner/Killer工具。支持Agent和Attach方式启动检测,弥补常规内存马检测工具需要人工验证WebSocket内存马的问题。

MemoryShellHunter项目使用了逆拓扑算法精确捕获恶意方法的调用行为,可弥补SpringBoot内存马查杀的难点和WebSocket新型内存马无法从Class文件是否落地上进行判断。有着性能影响低于一般的RASP检测、属于轻量级Agent、对业务代码侵入性小等特点。

How to used

java -javaagent:./MemoryShellHunter.jar -jar SpringBootRunner.jar
VirtualMachine vmObj = VirtualMachine.attach(targetJvmPid);//targetJvmPid为目标JVM的进程ID  
vmObj.loadAgent(agentJarPath, cfg);  // agentJarPath为MemoryShellHunter jar包的路径,cfg为传递给agent的参数

Supported middleware

1.2 Version:

  • Add gRPC memory shell check algorithm

1.1 Version:

  • Add Controller memory shell check algorithm

1.0 Version:

  • Add WebSocket memory shell check/delete algorithm

Show results

WebSocket Memory Shell Test Report

1666788512005

Controller Memory Shell Test Report

controller

gRPC Memory Shell Test Report

controller