Code Monkey home page Code Monkey logo

piaoxue88 / dongtai-agent-java Goto Github PK

View Code? Open in Web Editor NEW

This project forked from hxsecurity/dongtai-agent-java

0.0 0.0 0.0 734 KB

“火线~洞态IAST”是一款专为甲方安全人员、代码审计工程师和0 Day漏洞挖掘人员量身打造的辅助工具,可用于集成devops环境进行漏洞检测、作为代码审计的辅助工具和自动化挖掘0 Day。

License: GNU General Public License v3.0

Dockerfile 0.10% Java 99.90%

dongtai-agent-java's Introduction

洞态IAST

django-project dongtai-project dongtai--agent--java license GPL-3.0

原"灵芝IAST",后更名为"洞态IAST",产品改为SaaS版,agent端采集与污点相关的数据并发送至服务器端,服务器端接收数据并重构形成污点方法图,再根据深度优先算法搜索污点调用链

项目介绍

“火线~洞态IAST”是一款专为甲方安全人员、甲乙代码审计工程师和0 Day漏洞挖掘人员量身打造的辅助工具,可用于集成devops环境进行漏洞检测、作为代码审计的辅助工具和自动化挖掘0 Day。

“火线~洞态IAST”具有五大模块,分别是dongtai-webapidongtai-openapidongtai-enginedongtai-webagent,其中:

  • dongtai-webapi用于与dongtai-web交互,负责用户相关的API请求;
  • dongtai-openapi用于与agent交互,处理agent上报的数据,向agent下发策略,控制agent的运行等
  • dongtai-engine用于对dongtai-openapi接收到的数据进行分析、处理,计算存在的漏洞和可用的污点调用链等
  • dongtai-web为“火线~洞态IAST”的前端项目,负责页面展示
  • agent为各语言的数据采集端,从安装探针的项目中采集相对应的数据,发送至dongtai-openapi服务

应用场景

“火线~洞态IAST”可应用于:devsecops阶段做自动化漏洞检测、开源软件/组件挖掘通用漏洞、上线前安全测试等场景,主要目的是降低现有漏洞检测的工作量,释放安全从业人员的生产力来做更专业的事情。

JavaAgent详细介绍

Agent功能结构

  • 启动器
  • 动态插桩(采集数据)
  • 动态插桩(hook点处理)
  • 数据计算
  • 数据压缩后发送至dc

IAST-CORE包结构

  • enhance,存放字节码增强的相关代码
  • handler,存放AOP捕获数据后的处理代码
  • service,存放报告的后端发送代码逻辑
  • start,存放IAST检测引擎的启动代码

支持的Java版本及中间件

  • Java 1.6+
  • Tomcat、Jetty、WebLogic、WebSphere、SpringBoot等主流软件和中间件

notice: jdk 1.6开发的Agent需要使用Maven 3.2.5进行构建

dongtai-agent-java's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.