关联漏洞
描述
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
介绍
# CloudArmor · Runtime Application Self-Protection Module - Log4j2 Version
[简体中文](README_ZH.md)
*This project is a local version from CloudArmor specifically built for defending
Log4j2 CVE-2021-44228 . No network connection is required to run this project.*
**Please DO TESTING before deploying it to production environment.**
The application self-defense module uses RASP technology to inject probes into Java applications. The detection of log4j2 is achieved by detecting the execution context, which can also provide protection for non-Web business programs.
The defense module will block JNDI injection initiated through log4j2 by default.
It is worth noting that although Oracle no longer loads remote classes through JNDI by default in 6u211, 7u201, 8u191, and 11.0.1, attackers have discovered that remote command execution can still be accomplished through third-party components such as tomcat-el.
## Installation
This project includes two JAR packages, ```rasp-loader.jar``` and ```rasp-core.jar```, which have been compiled to dist.
The self-defense module supports normal and restart-free installation.
### Normal installation
Append ```-javaagent:rasp-loader.jar``` to Java program startup script argument list
Example: for SpringBoot applications, modify the argument list to append ```java -javaagent:rasp-loader.jar -jar springboot.jar ```
### Restart-free installation
Execute ```java -jar rasp-loader.jar```, and follow the prompts to inject into specific JVM processes
## Interception test
## Compile from source
Run ```build.sh```
## Compatibility
Support JDK from version 6 to 16
文件快照
[4.0K] /data/pocs/05aaa614416810cadff761f1090e4bba5c6b186b
├── [ 409] build.sh
├── [4.0K] dist
│ ├── [813K] rasp-core.jar
│ └── [ 12K] rasp-loader.jar
├── [4.0K] img
│ ├── [ 18K] 1.png
│ └── [160K] 2.png
├── [ 11K] LICENSE
├── [1.4K] pom.xml
├── [4.0K] rasp-core
│ ├── [1.7K] dependency-reduced-pom.xml
│ ├── [2.4K] pom.xml
│ ├── [4.0K] src
│ │ └── [4.0K] main
│ │ └── [4.0K] java
│ │ └── [4.0K] cn
│ │ └── [4.0K] boundaryx
│ │ └── [4.0K] rasp
│ │ ├── [4.0K] analyzer
│ │ │ └── [ 733] JndiAnalyzer.java
│ │ ├── [2.4K] ClassTransformer.java
│ │ ├── [4.0K] exception
│ │ │ └── [ 319] RASPSecurityException.java
│ │ ├── [4.0K] hooks
│ │ │ └── [2.7K] JndiHook.java
│ │ ├── [ 595] RASPLauncher.java
│ │ └── [4.0K] utils
│ │ ├── [8.9K] BytecodeUtils.java
│ │ └── [2.2K] StackTrace.java
│ └── [4.0K] target
│ ├── [4.0K] classes
│ │ └── [4.0K] cn
│ │ └── [4.0K] boundaryx
│ │ └── [4.0K] rasp
│ │ ├── [4.0K] analyzer
│ │ │ └── [1.4K] JndiAnalyzer.class
│ │ ├── [3.1K] ClassTransformer.class
│ │ ├── [4.0K] exception
│ │ │ └── [ 499] RASPSecurityException.class
│ │ ├── [4.0K] hooks
│ │ │ └── [2.7K] JndiHook.class
│ │ ├── [ 784] RASPLauncher.class
│ │ └── [4.0K] utils
│ │ ├── [7.0K] BytecodeUtils.class
│ │ └── [1.9K] StackTrace.class
│ ├── [4.0K] maven-archiver
│ │ └── [ 101] pom.properties
│ ├── [4.0K] maven-status
│ │ └── [4.0K] maven-compiler-plugin
│ │ ├── [4.0K] compile
│ │ │ └── [4.0K] default-compile
│ │ │ ├── [ 304] createdFiles.lst
│ │ │ └── [ 766] inputFiles.lst
│ │ └── [4.0K] testCompile
│ │ └── [4.0K] default-testCompile
│ │ └── [ 0] inputFiles.lst
│ ├── [ 12K] original-rasp-core.jar
│ └── [813K] rasp-core.jar
├── [4.0K] rasp-loader
│ ├── [2.6K] pom.xml
│ ├── [4.0K] src
│ │ └── [4.0K] main
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] cn
│ │ │ └── [4.0K] boundaryx
│ │ │ └── [4.0K] rasp
│ │ │ ├── [5.9K] Agent.java
│ │ │ ├── [1.4K] EntryPoint.java
│ │ │ ├── [1.1K] RASPJvm.java
│ │ │ ├── [1.2K] RASPLoader.java
│ │ │ └── [2.4K] RASPVMLoader.java
│ │ └── [4.0K] resources
│ │ └── [4.0K] resources
│ │ └── [1.3K] logo
│ └── [4.0K] target
│ ├── [4.0K] classes
│ │ ├── [4.0K] cn
│ │ │ └── [4.0K] boundaryx
│ │ │ └── [4.0K] rasp
│ │ │ ├── [6.4K] Agent.class
│ │ │ ├── [2.9K] EntryPoint.class
│ │ │ ├── [1.6K] RASPJvm.class
│ │ │ ├── [1.8K] RASPLoader.class
│ │ │ └── [3.9K] RASPVMLoader.class
│ │ └── [4.0K] resources
│ │ └── [1.3K] logo
│ ├── [4.0K] maven-archiver
│ │ └── [ 103] pom.properties
│ ├── [4.0K] maven-status
│ │ └── [4.0K] maven-compiler-plugin
│ │ ├── [4.0K] compile
│ │ │ └── [4.0K] default-compile
│ │ │ ├── [ 169] createdFiles.lst
│ │ │ └── [ 509] inputFiles.lst
│ │ └── [4.0K] testCompile
│ │ └── [4.0K] default-testCompile
│ │ └── [ 0] inputFiles.lst
│ ├── [ 12K] original-rasp-loader.jar
│ └── [ 12K] rasp-loader.jar
├── [1.6K] README.md
└── [1.4K] README_ZH.md
51 directories, 50 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。