-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
66 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,68 @@ | ||
| # Inspectra | ||
|
|
||
| <h2>Cách chạy</h2> | ||
|
|
||
| - Sử dụng jdk8, thêm lib "tool.jar" ở trong jdk/lib vào project. Sau đó build artifact. | ||
| - Cần phải sửa các phiên bản của thư viện của web framework (tomcat, spring boot) cho giống với version đang chạy của web server nếu không sẽ lỗi crash cả ứng dụng web. (Sửa trong pom.xml của Taint Analysis module) | ||
| ## Overview | ||
|
|
||
| **Inspectra** is a lightweight monitoring tool, designed to detect and neutralize memory webshell on Apache Tomcat server. This repository includes source code and an executable JAR file of the tool. | ||
|
|
||
| ## Features | ||
|
|
||
| - Detect memory webshell in Tomcat environment at real time. | ||
| - Automatically neutralize process creation ability of the memshell so that it cannot execute command on server. | ||
| - Raise alerts boh on the console of the hosted JVM or write to a file in the form of simple JSON format which can be integrated with centralized security solution like SIEM for real-time monitoring. | ||
|
|
||
| ## Technologies Used | ||
|
|
||
| - JDK 8 (can be used with JDK 11 but makes the detection slower because of Soot framework's set up). | ||
| - Java Agent implementation. | ||
| - Taint Analysis (Soot framework implementation). | ||
| - Signature-based Detection. | ||
|
|
||
|
|
||
| ## Getting Started | ||
|
|
||
| ### Prerequisites | ||
|
|
||
| Ensure you have the following installed on your system: | ||
|
|
||
| - JDK 8 (works best) | ||
| - Apache Tomcat 8/9, (compatible with JDK 8) | ||
|
|
||
| ### Guide | ||
|
|
||
| 1. Clone the repository: | ||
| ```bash | ||
| git clone https://github.com/M1nh-Duk/Inspectra.git | ||
| cd Inspectra | ||
| ``` | ||
| 2. Build: Build with Maven | ||
| 3. Config | ||
| - Config folder path for upload folder of the web | ||
| - Config whitelist classes that are either mistakenly detected classes or important classes of your web application that you don't want to be affect. | ||
| 4. Usage | ||
| ```bash | ||
| Usage: java -jar Inspectra.jar [Options] [Flags] | ||
| Options: | ||
| 1) attach [Java PID] - Attach to desired JVM process | ||
| 2) detach [Java PID] - Detach to desired JVM process | ||
| 3) list - List all current JVM processes | ||
| 4) config - Config server's upload folder and whitelist classes | ||
| (Note: For any config missing just press Enter). | ||
| Flags: | ||
| -auto: Automatically retransformed suspicious class and delete JSP file if found | ||
| -silent: Do not print out to console | ||
| ``` | ||
| 5. Example | ||
| ``` bash | ||
| EXAMPLES : | ||
| java -jar Inspectra.jar attach 10001 | ||
| java -jar Inspectra.jar attach 10001 -auto | ||
| java -jar Inspectra.jar attach 10001 -auto -silent | ||
| java -jar Inspectra.jar attach 10001 -silent | ||
| java -jar Inspectra.jar detach 10001 | ||
| java -jar Inspectra.jar list | ||
| java -jar Inspectra.jar config | ||
| ``` | ||