https://github.com/jvm-rasp/jrasp-agent
专注于JVM的运行时防御系统RASP
https://github.com/jvm-rasp/jrasp-agent
agent asm dynamic hotupdate java java-agent jvm module rasp
Last synced: 5 months ago
JSON representation
专注于JVM的运行时防御系统RASP
- Host: GitHub
- URL: https://github.com/jvm-rasp/jrasp-agent
- Owner: jvm-rasp
- License: other
- Created: 2021-11-07T09:44:17.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2024-06-14T06:37:15.000Z (over 1 year ago)
- Last Synced: 2025-01-26T02:11:43.662Z (9 months ago)
- Topics: agent, asm, dynamic, hotupdate, java, java-agent, jvm, module, rasp
- Homepage: https://www.jrasp.com
- Size: 19.9 MB
- Stars: 277
- Watchers: 8
- Forks: 67
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- awesome-java - JRASP Agent
README
# jrasp-agent
## 01 Project introduction [中文说明](README_ch.md)
_Java Runtime Application Self Protection_ means Java application self-protection system, which is called 'jrasp' for short.
jrasp-agent is the core part of jrasp project.
jrasp-agent based on Java Agent technology, modifies Java bytecode, adds security detection logic, detects and blocks vulnerability attacks in real time.
## 02 Characteristics
### Functional characteristics
- Security plug-in can be customized
- Detection logic low delay
- Plug in Hot Update
- Java Process Identification and Automatic Injection
- Support native method hooks such as command execution to completely prevent bypassing;
- Compatible with Windows, Mac and Linux
- Small size, core jar package 600KB
### Performance
- Increase CPU by 5% (test under normal request)
- Memory consumption below 200MB
### Self security
- Plug in and daemon HASH verification
- Agent and Daemon socket customized communication protocol and RSA asymmetric encryption;
- The core functions are loaded by custom class loaders and isolated from business classes, which improves the difficulty of attacking RASP from within the JVM;
- Reflection reinforcement: RASP core methods (such as unloading, degradation, etc.) reflect reinforcement to prevent malicious reflection;
- Do not use third-party frameworks, such as servlet, json, sl4j2, apache common, etc
### Security module
Security module of jrasp agent
The currently supported modules are:
- Command execution module (native)
- Deserialization module (jdk deserialization/fastjson/yaml/stream)
- HTTP module (springboot/tomcat/jetty/underwown/spark) (IP blacklist/URL blacklist/scanner identification)
- xxe module (dom4j/jdom/jdk)
- File access module (io/nio)
- Expression injection module (spel/ognl)
- SQL injection (mysql)
- JNDI injection
- SSRF
- shiro
under development:
- danger protocol
- DNS query
- Memory
- Class loader
- attach
### Supported jdk versions
+ jdk6+
jdk11+ `--add-opens=java.base/java.lang=ALL-UNNAMED`
## 03 Install (centos)
[how to install](https://www.jrasp.com/guide/install/v1.1.2/jrasp-agent.html)
## 04 develop & Compilation (Source code only available from partners)
Due to the high number of installations of this product, based on product safety considerations, no longer open source code, partners can provide jrasp basic framework source code
## 05 Version record
[RELEASE](CHANGELOG.md)
## 06 Wechat
wx:hycsxs
## 07 Official website
https://www.jrasp.com
## 08 Explanation
+ Based on the open source project [jvm-sandbox](https://github.com/alibaba/jvm-sandbox)
+ the hook class/method part from [open-rasp](https://github.com/baidu/openrasp)
## 09 Users
If you are using it, please contact us and add it here.
## 10 Copyright Information
GPL3.0(You can learn and use in your own projects, other actions must be authorized)