PluginScan - Minecraft plugin anti-malware scanner

Related tags

App PluginScan
Overview

PluginScan - Minecraft plugin anti-malware scanner

Logo
Open issues GitHub downloads Code size Version CodeFactor


PluginScan is a cross-platform java executable analyzer designed to detect malware and other malicious code in Minecraft plugins. It uses Kotlin multiplatform CafeBabe library to analyze class metadata and detect suspicious patterns.

Please note that this is not some magic tool that recognizes any malicious code. It recognizes code patterns that can theoretically be used by malicious code, but can also be used for completely legitimate purposes. Also note that the absence of detections of malicious code by the scanner does not guarantee the safety of the plugin, as it can be deceived by complex obfuscation.

Currently, PluginScan can be used as website and CLI tool.

PluginScan Web

Web interface is available on https://scan.rikonardo.com.

It is created using Kotlin/JS with React and can be used offline. But we strongly recommend to use a CLI, because it is much faster and more reliable.

PluginScan CLI

PluginScan CLI tool is a JVM-powered release of PluginScan. Unlike web version, it allows you to scan multiple plugins at once by passing directory to input. It is also has better way of tracking errors during scanning if they happen.

This tool requires Java 8+ to run and can be downloaded from releases page.

Usage:

java -jar PluginScan.jar <input-file-or-directory>

Usage as library

PluginScan also is a Kotlin library that can be used as a dependency in your project. You can install it from maven repository:

repositories {
    maven {
        url = uri("https://maven.rikonardo.com/releases")
    }
}

dependencies {
    implementation("com.rikonardo.pluginscan:PluginScan:1.0.2")
}

To scan jar file, you can use PluginScan.scan method. It takes JarFile object and two optional arguments (sortOutput and groupOutput).

Note that you will need to read jar file by yourself, because currently there is no multiplatform Kotlin zip library. JarFile class is just a wrapper around JarFile list. JarFile is a container for file name inside jar, and it's ByteArray content. You must pass all files from jar, not only classes. Here is an example of PluginScan usage in Kotlin/JVM:

val zipEntries: Enumeration<*> = zipFile.entries() while (zipEntries.hasMoreElements()) { val zipEntry = zipEntries.nextElement() as ZipEntry if (zipEntry.isDirectory) continue val fileName: String = zipEntry.name entries.add(JarEntry(fileName, zipFile.getInputStream(zipEntry).readBytes())) } } val result = PluginScan.scan(JarFile(entries), groupOutput = true) println(result.reports.size) }">
fun main() {
    val entries = mutableListOf<JarEntry>()
    val file = File("plugin.jar")
    ZipFile(file.canonicalPath).use { zipFile ->
        val zipEntries: Enumeration<*> = zipFile.entries()
        while (zipEntries.hasMoreElements()) {
            val zipEntry = zipEntries.nextElement() as ZipEntry
            if (zipEntry.isDirectory) continue
            val fileName: String = zipEntry.name
            entries.add(JarEntry(fileName, zipFile.getInputStream(zipEntry).readBytes()))
        }
    }
    val result = PluginScan.scan(JarFile(entries), groupOutput = true)
    println(result.reports.size)
}

Notice that PluginScan relies on file path inside jar, so you need to make sure you pass it in the correct format. Here is an examples of correct path strings:

META-INF/LICENSE.txt
plugin.yml
com/example/plugin/ExamplePlugin.class

Contributing

This project was originally meant as a platform, that will be grown by community, so we always welcome any contribution.

You can easily add your own check by creating class from template below and put it into com.rikonardo.pluginscan.checks package.

@RegisterCheck
class MyCheck : Check() {

}

Check class has 3 overridable methods:

@RegisterCheck
class MyCheck : Check() {
    override fun before() { }
    override fun processClass(classFile: ClassFile, fileName: String) { }
    override fun after() { }
}

Instance of Check class is created for each scan session, before() method is called before scan, processClass() is called for each class in jar, and after() method is called after scan. You can also access all files inside jar at any scan step by accessing jar field of Check class.

To report suspicious code, you can use report() method.

Here is an simple check, that reports reference to Player.setOp() method:

@RegisterCheck
class SetOp : Check() {
    override fun processClass(classFile: ClassFile, fileName: String) {
        if (
            classFile.doReferenceMethod("org/bukkit/entity/Player", "setOp")
        ) report(
            RiskLevel.MODERATE,
            "Plugin can set player's op status",
            "Found setOp method reference",
            listOf(ReportEntry.In(className(fileName)))
        )
    }
}

Some useful code, like className() which transforms class file name inside jar into java-like class name, ClassFile.doReferenceMethod() which checks if class file references given method, and many other useful methods are located in com.rikonardo.pluginscan.checks.utils package.

Now just fork this project and start coding! Then create pull request and we will merge it into master.

You might also like...
Android barcode scanner with ML-Kit vision api
Android barcode scanner with ML-Kit vision api

MLBarcodeScanner A demo project to show how to implement barcode scanner using Google ML-Kit Vision api Supported barcode types 2D formats: QR Code, A

A Minecraft Kit API written in Kotlin

hglabor-kits Dependency The library is available on Maven Central, add the following dependencies: implementation("net.axay:hglabor-kits:$version") hg

Minecraft JE Server Programming with JS like Skript, Trigger Reactor

mine.js(Developing) Minecraft Java Edition Scripting with JS(V8 Engine) by Netherald How to apply? Download Paper or Bungee Version. and put it to plu

Experience Minecraft in a different way

tesseract Experience Minecraft in a different way. Tesseract is a server software for Minecraft: Bedrock Edition. But it uses a different concept then

Application for downloading and installing skins for minecraft.
Application for downloading and installing skins for minecraft.

Minecraft skins Application for downloading and installing skins for minecraft. Also user can choose favourites skins. Table of Contents Screenshots G

🚧 A fully open-source project for creating and maintaining a Kotlin-based Minecraft: Java Edition server.

Hexalite: Java Edition ⚠️ WARNING: The Hexalite Network is a work in progress. It is not yet ready for production. You may encounter bugs and other is

Share your minecraft-adventure with your friends in nation-party.

Nation Party Make your adventure as shared with your friends and family in Nation Party. Features * Create your own party with your own name; * Invite

🚧 A fully open-source project for creating and maintaining a Kotlin-based Minecraft: Java Edition server.

Hexalite: Java Edition ⚠️ WARNING: The Hexalite Network is a work in progress. It is not yet ready for production. You may encounter bugs and other is

IMCL is a Minecraft launcher which supports Mod managment, game customizing and so on.

IDEA Minecraft Launcher A simple Minecraft launcher 简体中文 日本語 Esperanto Introduction IMCL is a Minecraft launcher which supports Mod managment, game cu

Comments
  • Suggestion:folder scan

    Suggestion:folder scan

    This project is great!Thank you.But I'm wondering if you can add a "folder-scan" feature to the web interface.It would be useful to detect a mass of plugins from i.e server setups.Also it would be even better if it can sort the processed files by threat level.

    opened by huzpsb 2
  • Suggestions for future features in the site

    Suggestions for future features in the site

    First of all, that's the first time I see this kind of website, second of all this is crazy and it will save people from malicious plugins. Now, for the suggestions:

    1. Make a Discord server regerding the site, people can post issues there much quicker then github, also keep the issues on Github ofc.

    2. Add to the .jar file scanner the feature to find either this is a NULLED plugin or NON-NULLED plugin. (Most NULL plugins coming from leak sites such as DirectLeaks, GhostLeaks, BlackSpigot, etc) Also, check where this plugin was downloaded first, so people can be aware of it.

    3. Make the scanner more clearify for people who don't understand how the .jar of a plugin works, it can be so helpful

    opened by KahpotVanilla 1
Owner
Rikonardo
Rikonardo
FDPClient-EDITED - A free mixin-based injection hacked-client for Minecraft using Minecraft Forge based on LiquidBounce

FDPClient A free mixin-based injection hacked-client for Minecraft using Minecra

SuperSkidder 7 Aug 29, 2022
Yet another barcode scanner for Android

Binary Eye Yet another barcode scanner for Android. As if there weren't enough. This one is free, without any ads and open source. Works in portrait a

Markus Fisch 802 Dec 31, 2022
Pw0 Framewrok - magical android pentest app 🔮! Pixie Dust, Handshakes, Deauth, Nmap, Port scanner and more!

Pw0 Framework Pw0 Framewrok - magical android pentest app ?? ! Features: Pixie Dust Handshakes Deauth Nmap Port scanner and more! Version: 0.2 Beta Au

Huntmix 17 Sep 27, 2021
Pw0 Framewrok - magical android pentest app 🔮! Pixie Dust, Handshakes, Deauth, Nmap, Port scanner and more!

Pw0 Framework Pw0 Framewrok - magical android pentest app ?? ! Features: Pixie Dust Handshakes Deauth Nmap Port scanner and more! Version: 0.2 Beta Au

Zalexdev 17 Sep 27, 2021
Android MRZ scanner

Android MRZ scanner

Davit Kamavosyan 16 Dec 7, 2022
A Good Scanner Built With Kotlin

GoodScanner TODO OpenCV Android 프로젝트에 설치 https://webnautes.tistory.com/923 Gaussian Blurring 과 같은 기술을 이용하여 Image의 noise 제거 OpenCV를 이용한 Document Edge D

JoonBeom Park 3 Dec 21, 2021
This app contains feature barcode and QR scanner, and video recording in-app.

BarcodeQRScannerAndVideoRecord This app contains feature barcode and QR scanner, and video recording in-app. Scanner using ML Kit and CameraX. Video R

Abdullah Fahmi 1 Dec 23, 2021
The Privacy Friendly QR Scanner belongs to the group of Privacy Friendly Apps

Privacy Friendly QR Scanner The Privacy Friendly QR Scanner belongs to the group of Privacy Friendly Apps. The app supports its users in detecting mal

SECUSO 198 Dec 30, 2022
ArchGuard Scanner for scan Git change history, scan source code by Chapi for Java, TypeScript, Kotlin, Go..、Java bytecode use for JVM languages, scan Jacoco test coverage.

Arch Scanner Requirements: JDK 12 Scanner: scan_git - Git commit history scan scan_jacoco - Jacoco scan scan_bytecode - for JVM languages known issues

ArchGuard 27 Jul 28, 2022
Non-decompiling Android vulnerability scanner (DC25 demo lab, CB17)

README trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps. It operates on Android Packaging File (APK) and outputs

Monolith Works Inc. 0 Jan 14, 2022