rexiox/sentinel

GitHub: rexiox/sentinel

轻量级 Kotlin 多平台安全工具包,实时检测移动设备的运行环境威胁并提供风险评分。

Stars: 2 | Forks: 0

Logo

[![Security](https://img.shields.io/badge/Security-000000?style=for-the-badge&logo=bitwarden)](#) [![KMP](https://img.shields.io/badge/KMP-000000?style=for-the-badge&logo=kotlin&logoColor=ffffff)](#) [![Android](https://img.shields.io/badge/Android-000000?style=for-the-badge&logo=android&logoColor=ffffff)](https://developer.android.com/) [![iOS](https://img.shields.io/badge/iOS-000000?style=for-the-badge&logo=apple&logoColor=ffffff)](https://developer.apple.com/) [![Version](https://img.shields.io/badge/1.6.0.beta-000000?style=for-the-badge&logo=stackblitz)](#) **Sentinel** 是一个轻量级、模块化的 Kotlin Multiplatform 安全工具包,旨在分析 运行时环境并实时检测 Android 和 iOS 上的潜在安全威胁。

image

## 为什么要使用 Sentinel? 大多数移动应用仅依赖服务端安全,但攻击发生在客户端。 Sentinel 提供设备级实时威胁检测,性能开销极低。 ☑️️ 检测受损设备(Root / 越狱) ☑️️ 检测运行时操纵(Frida、Xposed) ☑️️ 检测应用篡改与逆向工程 ☑️️ 检测模拟器与不安全环境 ☑️️ 专为 Kotlin Multiplatform(KMP)设计
Android iOS
Android Demo iOS Demo
Google Play App Store
## 功能特性 ♦️ **Kotlin Multiplatform:** 单代码库支持 Android 与 iOS。 ♦️ **模块化检测架构:** 可轻松启用、禁用或扩展安全检查。 ♦️ **智能风险聚合:** 加权类别评分防止人为风险膨胀。 ♦️ **可配置威胁阈值:** 设置自定义关键风险级别以控制应用行为。 ♦️ **基于 DSL 的配置:** 使用简洁且表达力强的 API 进行配置。 ♦️ **详细安全报告:** 获取检测威胁的完整分析。 ♦️ **轻量且高性能:** 运行时开销极低,保障最佳性能。 ♦️ **基于 RASP 的威胁检测:** 实时监控动态插装、Hook 与 注入尝试。 ## 各平台支持威胁 | 威胁 / 功能 | Android | iOS | |--------------------------------|:-------:|:---:| | Root / 越狱 | ✅ | ✅ | | 篡改检测 | ✅ | ✅ | | Hook 检测 | ✅ | ✅ | | 模拟器 / 模拟器检测 | ✅ | ✅ | | 调试检测 | ✅ | ✅ | | 模拟位置滥用 | ✅ | ➖ | ## 快速开始 ``` implementation("co.rexiox:sentinel:1.6.0-beta") ``` ### Android 用法 ``` val sentinel = Sentinel.configure(context = context) { config { appId = Sentinel.Identity.appId.toByteList() appIntegrity = Sentinel.Identity.signature?.toByteList() threshold = 90 isLoggingEnabled = true } all() // root() // tamper() // hook() // emulator() // debug() // location() } ``` ### iOS 用法 ``` val sentinel = Sentinel.configure { config { appId = Sentinel.Identity.appId.toByteList() appIntegrity = Sentinel.Identity.hash?.toByteList() threshold = 90 isLoggingEnabled = true } all() // jailbreak() // tamper() // hook() // simulator() // debug() } ``` ### 执行检测 Sentinel 不仅执行基础检查,还会彻底检查环境并根据威胁严重程度提供 详细报告。 ``` val report = sentinel.inspect() ``` ### 报告 检测完成后,Sentinel 返回一个 `SecurityReport`。 该报告聚合所有检测到的威胁,并为当前运行时环境提供统一的 严重性评分与风险等级。 ``` println("Risk Level: ${report.riskLevel}") println("Total Risk Score: ${report.severity} / ${report.threshold}") println("Threat Count: ${report.threats.size}") println("Timestamp: ${report.timestamp}") if (report.isRooted) println("Root detected") if (report.isJailbroken) println("Jailbreak detected") if (report.isTampered) println("App tampering detected") if (report.isHooked) println("Hooking detected") if (report.isEmulator) println("Emulator detected") if (report.isSimulator) println("Simulator detected") if (report.isDebugged) println("Debugger detected") if (report.isMockLocation) println("Mock location detected") if (report.isSafe()) { println("Device is secure") } else { println("Security risks detected!") } if (report.isCritical()) { println("Block app usage.") } ``` 你可以选择将报告记录到控制台 / logcat 以用于调试: ``` SentinelLogger.report(report = report) ``` ### RASP - 运行时应用程序自我保护(检测) Sentinel 通过持续监控应用程序运行时来扩展初始启动检查的保护。 通过后台扫描机制,它在运行时检测未经授权的访问尝试、 运行时篡改与外部操纵活动。 ``` sentinel.runtime { onCompromised { info(msg = "Device integrity failed (Root/Jailbreak detected).") } onTampered { info(msg = "App tampering detected.") } onHooked { info(msg = "Runtime hook detection.") } onSimulated { info(msg = "Running on Emulator/Simulator environment.") } onDebugged { info(msg = "Active debugging session detected.") } onCritical { score -> info(msg = "High risk score reached: $score") } onSafe { info(msg = "All systems nominal.") } } ``` ### Sentinel Monitor Sentinel Monitor 是一个监控基础设施,用于实时跟踪应用层漏洞与 可疑活动并报告这些威胁。 https://github.com/user-attachments/assets/acfb35ac-61c4-492e-ae42-a7576f2badb1 ``` implementation("co.rexiox:sentinel-monitor:1.6.0-beta") ``` ``` SentinelMonitor.start( appId = sentinel.config.appId.orEmpty(), appIntegrity = sentinel.config.hash.orEmpty(), threshold = sentinel.config.threshold ) ``` ## 示例 - [多平台](sample/multiplatform) - [Android](sample/android) ## 风险评分 Sentinel 不会简单地对威胁求和。 相反: - 按类别分组威胁 - 取每类的最高严重性 - 生成真实的风险评分 ## 许可证 ``` MIT License Copyright (c) 2026 REXIOX Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ```
标签:AMSI绕过, Android安全, DOM解析, Frida检测, iOS安全, Jailbreak检测, KMP, Kotlin, Kotlin多平台, LangChain, on-device安全, Root检测, Xposed检测, 反调试, 反逆向, 威胁检测, 安全监测, 实时检测, 客户端安全, 应用完整性, 性能优化, 检测绕过, 模块化, 模拟器检测, 环境分析, 移动应用加固, 移动端安全, 设备安全, 轻量级, 运行时保护