Giter Site home page Giter Site logo

simpleiast's Introduction

simpleIAST 1.0.beta (shields.io)

simpleIAST是一种交互式应用程序安全测试工具。

目录

快速开始

  • 下载并自行打包
# clone安装包
wget https://github.com/keven1z/simpleIAST/archive/refs/heads/master.zip

mvn clean package
  • 运行

将iast-agent.jar和iast-engine.jar 放在同一目录

  1. 跟随应用启动运行
java -javaagent:iast-agent.jar -jar [app.jar] #
  1. 应用启动后attach方式运行
# attach方式安装agent
java -jar iast-engine.jar -m install -p [pid] 
# attach方式卸载agent
java -jar iast-engine.jar -m uninstall -p [pid]

兼容

支持中间件

  • Tomcat
  • Springboot

支持JDK

  • jdk 1.8
  • jdk 11

支持漏洞

  • SQL注入
  • 反序列化漏洞
  • SSRF
  • URL跳转漏洞
  • XXE
  • 命令注入
  • 文件上传
  • XSS
  • Spring EL表达式注入
  • 数据库弱口令
  • XPATH注入
  • 硬编码漏洞

开始运行

启动页面

启动成功默认显示以下banner

 __ _                 _         _____  _    __  _____ 
/ _(_)_ __ ___  _ __ | | ___    \_   \/_\  / _\/__   \
\ \| | '_ ` _ \| '_ \| |/ _ \    / /\//_\\ \ \   / /\/
_\ \ | | | | | | |_) | |  __/ /\/ /_/  _  \_\ \ / /   
\__/_|_| |_| |_| .__/|_|\___| \____/\_/ \_/\__/ \/    
               |_|

启动模式

配置路径:src/main/java/com/keven1z/Agent.java 修改START_MODE 默认以下两种模式: START_MODE_OFFLINE:离线模式. START_MODE_SERVER:服务器模式.

离线模式(默认)

漏洞结果默认打印到控制台

服务器模式

Config.java中增加服务器地址,默认漏洞上报api如下:

    /**
     * 服务注册
     */
    public static final String AGENT_REGISTER_URL = Config.IAST_SERVER + "/agent/register";
    /**
     * 服务器解绑
     */
    public static final String AGENT_DEREGISTER_URL = Config.IAST_SERVER + "/agent/deregister";

    /**
     * 发送报告的url
     */
    public static final String SEND_REPORT_URL = Config.IAST_SERVER + "/report/receive";
    /**
     * 获取服务端指令url
     */
    public static final String INSTRUCTION_GET_URL = Config.IAST_SERVER + "/instruction/get";

二次开发

参考二次开发

计划

鸣谢

IntelliJ IDEA 是一个在各个方面都最大程度地提高开发人员的生产力的 IDE,适用于 JVM 平台语言。

特别感谢 JetBrains 为开源项目提供免费的 IntelliJ IDEA授权

License

本项目采用 Apache License 2.0 开源授权许可证。

simpleiast's People

Contributors

keven1z avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Forkers

wouijvziqy

simpleiast's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.