v1.0

JavaMemHunter v1.0

First stable release. Runtime Java memory-shell scanner / cleaner / verifier via Java Agent attach.

Detects

• Behinder (冰蝎) agent shell — HttpServlet.service bytecode tampering via redefineClasses (ASM method-body diff vs disk jar)
• Godzilla (哥斯拉) filter shell — Jackson renamed into org.apache.coyote.* (masqueraded-package detection); injected dependency classes downgraded out of critical
• JSP webshell — org.apache.jsp.* reverse-mapped to its .jsp access URL
• Tomcat Filter / Servlet / Listener / Valve injection
• Spring Interceptor / Mapping injection

Capabilities

• Rule-engine scoring → critical / high / suspicious / low
• Terminal summary with each finding's access path
• Atomic 5-phase clean (rescan → backup → replace → destroy → verify) with rollback-ready JSON evidence bundle
• Independent verify command
• Validated zero false positives at critical/high on a live Tomcat 9.0.94 target (Behinder + Godzilla + JSP)

Supported

JDK 8/11/17/21 targets (agent is JDK 8 bytecode; JDK 17+ needs --add-opens), Tomcat 9.x/10.x, Spring Boot 2.7.x/3.2.x, Linux + Windows.

See the README for usage.

Full Changelog: v0.18...v1.0