{"id":13540141,"url":"https://github.com/LoRexxar/Kunlun-M","last_synced_at":"2025-04-02T06:32:08.740Z","repository":{"id":37101568,"uuid":"102699687","full_name":"LoRexxar/Kunlun-M","owner":"LoRexxar","description":"KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\\Solidity的基础扫描。","archived":false,"fork":false,"pushed_at":"2024-11-02T03:37:21.000Z","size":16600,"stargazers_count":2299,"open_issues_count":40,"forks_count":312,"subscribers_count":55,"default_branch":"master","last_synced_at":"2025-03-27T18:02:32.524Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LoRexxar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"LoRexxar","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2017-09-07T06:25:58.000Z","updated_at":"2025-03-27T09:25:13.000Z","dependencies_parsed_at":"2023-10-25T04:25:14.191Z","dependency_job_id":"08f77bd8-dd3c-4240-8e43-6581301003cf","html_url":"https://github.com/LoRexxar/Kunlun-M","commit_stats":null,"previous_names":["lorexxar/cobra-w"],"tags_count":69,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LoRexxar%2FKunlun-M","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LoRexxar%2FKunlun-M/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LoRexxar%2FKunlun-M/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LoRexxar%2FKunlun-M/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LoRexxar","download_url":"https://codeload.github.com/LoRexxar/Kunlun-M/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246768372,"owners_count":20830654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:41.259Z","updated_at":"2025-04-02T06:32:04.487Z","avatar_url":"https://github.com/LoRexxar.png","language":"Python","funding_links":["https://github.com/sponsors/LoRexxar"],"categories":["\u003ca id=\"df8a5514775570707cce56bb36ca32c8\"\u003e\u003c/a\u003e审计\u0026\u0026安全审计\u0026\u0026代码审计","Source Code Security Audit (源代码安全审计)","Python","Python (1887)","web shell、shellcode","Security \u0026 Compliance"],"sub_categories":["\u003ca id=\"6a5e7dd060e57d9fdb3fed8635d61bc7\"\u003e\u003c/a\u003e未分类-Audit","Platform","网络服务_其他","Security Analysis"],"readme":"- \u003cbig\u003e**自Cobra-W 2.0版本起，Cobra-W正式更名为Kunlun-M(昆仑镜)，**\u003c/big\u003e\n- **KunLun-M(昆仑镜)已进入弱维护阶段，如果有bug或者明显的问题会更新，但不会再更新新功能，主要是我认为Kunlun-M的架构拖累了后续的发展方向，仅在PHP扫描中以当前的架构已经几乎做到极限了，后续可能会有新的工具？也可能没有？敬请期待~**\n\n- **请使用python3.6+运行该工具，已停止维护python2.7环境**\n\n# Kunlun-Mirror\n[![GitHub (pre-)release](https://img.shields.io/github/release/LoRexxar/Kunlun-M/all.svg)](https://github.com/LoRexxar/Cobra-W/releases)\n[![license](https://img.shields.io/github/license/mashape/apistatus.svg?maxAge=2592000)](https://github.com/wufeifei/cobra/blob/master/LICENSE)\n![](https://img.shields.io/badge/language-python3.6-orange.svg)\n\n```\n _   __            _                      ___  ___\n| | / /           | |                     |  \\/  |\n| |/ / _   _ _ __ | |    _   _ _ __       | .  . |\n|    \\| | | | '_ \\| |   | | | | '_ \\ _____| |\\/| |\n| |\\  \\ |_| | | | | |___| |_| | | | |_____| |  | |\n\\_| \\_/\\__,_|_| |_\\_____/\\__,_|_| |_|     \\_|  |_/  -v2.0\n\nGitHub: https://github.com/LoRexxar/Kunlun-M\n\nKunLun-M is a static code analysis system that automates the detecting vulnerabilities and security issue.\n\nMain Program\n\npositional arguments:\n  {init,config,scan,show,console}\n    init                Kunlun-M init before use.\n    config              config for rule\u0026tamper\n    scan                scan target path\n    show                show rule\u0026tamper\n    console             enter console mode\n\noptional arguments:\n  -h, --help            show this help message and exit\n\nUsage:\n  python kunlun.py scan -t tests/vulnerabilities\n  python kunlun.py scan -t tests/vulnerabilities -r 1000, 1001\n  python kunlun.py scan -t tests/vulnerabilities -tp wordpress\n  python kunlun.py scan -t tests/vulnerabilities -d -uc\n\n  python kunlun.py list rule -k php\n```\n\n## Introduction\nCobra是一款**源代码安全审计**工具，支持检测多种开发语言源代码中的**大部分显著**的安全问题和漏洞。\n[https://github.com/wufeifei/cobra](https://github.com/wufeifei/cobra)\n\nCobra-W是从Cobra2.0发展而来的分支，将工具重心从尽可能的发现威胁转变为提高发现漏洞的准确率以及精度。\n[https://github.com/LoRexxar/Kunlun-M/tree/cobra-w](https://github.com/LoRexxar/Kunlun-M/tree/cobra-w)\n\nKunlun-Mirror是从Cobra-W2.0发展而来，在经历了痛苦的维护改进原工具之后，昆仑镜将工具的发展重心放在安全研究员的使用上，将会围绕工具化使用不断改进使用体验。\n\n目前工具主要支持**php、javascript**的语义分析，以及**chrome ext, solidity**的基础扫描.\n\n## Stargazers \n\n\u003cdiv align=center\u003e\u003ca href=\"https://github.com/LoRexxar/Kunlun-M\"\u003e\u003cimg src=\"https://api.star-history.com/svg?repos=LoRexxar/Kunlun-M\u0026type=Timeline\"\u003e\u003c/a\u003e\u003c/div\u003e\n\n## why KunLun-M\n\nKunLun-M可能是市面上唯一的开源并长期维护的自动化代码审计工具，希望开源工具可以推动白盒审计的发展:\u003e.\n\n## 特点\n\n与其他代码审计相比：\n- 静态分析，环境依赖小。\n- 语义分析，对漏洞有效性判断程度更深。\n- 多种语言支持。\n- 开源python实现，更易于二次开发。\n\n与Cobra相比：\n- 深度重写AST，大幅度减少漏洞误报率。\n- 底层api重写，支持windows、linux等多平台。\n- 多层语义解析、函数回溯，secret机制，新增多种机制应用于语义分析。\n- 新增javascript语义分析，用于扫描包含js相关代码。\n\n与Cobra-W相比(todo):\n- 深度优化AST分析流程，使其更符合QL的概念，便于下一阶段的优化。\n- 深度优化辅助审计的流程，使其更符合人类安全研究员审计辅助的习惯。\n- 深度重构代码结构，使其更符合可拓展，可优化的开源理念。\n\n## TODO\n**KunLun-M后续的更新计划会是跨越式更新，根据一段时间的研究和探索，我决定从底层重构这套代码分析方案**\n\n## 社区化工具\n\n社区成员完成的拓展（不保证安全性，参考使用）\n\n- [Kunlun-M-GUI](https://github.com/mark0smith/Kunlun-M-GUI)\n- [docker-kunlun-mirror](https://github.com/lazychanger/docker-kunlun-mirror)\n\n## 更新日志\n\n[changelog.md](./docs/changelog.md)\n\n\n## 安装\n\n首先需要安装依赖\n```\npip install -r requirements.txt\n```\n\n配置文件迁移\n```\ncp Kunlun_M/settings.py.bak Kunlun_M/settings.py\n```\n\n\n初始化数据库，默认采用sqlite作为数据库\n```\npython kunlun.py init initialize\n```\n\n加载规则进数据库（每次修改规则文件都需要加载）\n```\npython kunlun.py config load\n```\n\n### docker安装\n\n通过docker安装，默认启动web模式\n\n```\nsudo docker build -t kunlun-m -f ./docker/Dockerfile .\n```\n\n配合链接同Mysql可以实现本地扫描，web端查看结果。\n\n## Usage\n\n### cli mode\n\n使用scan模式扫描各类源代码\n```\npython3 kunlun.py scan -t ./tests/vulnerabilities/\n```\n\n使用config模式加载本地的rule/tamper\n```\npython3 kunlun.py config load         # 加载rule进数据库\npython3 kunlun.py config recover      # 将数据库中的rule恢复到文件\npython3 kunlun.py config loadtamper   # 加载tamper进数据库\npython3 kunlun.py config retamper     # 将数据库中的tamper恢复到文件\n\n```\n\n使用show模式查看目前的所有rule/tamper\n```\npython3 kunlun.py show rule           # 展示所有的rule\npython3 kunlun.py show rule -k php    # 展示所有php的rule\npython3 kunlun.py show tamper         # 展示所有的tamper\n```\n\n使用不同子模式的-h可以查看详细的帮助文档。\n\n\n### web mode\nKunLun-M Dashbroad，并且允许通过apitoken来访问api获取数据\n\n默认9999端口\n```\npython3 .\\kunlun.py web -p 9999\n```\n\n![](docs/web.png)\n\n修改`KunLun-M/settings.py`中的api-token，通过?token={api_token}访问api获取数据\n```\n# api profile\nAPI_TOKEN = \"secret_api_token\"\n```\n\nApi List\n```\ntask/list                                       查看task列表\ntask/\u003cint:task_id\u003e                              查看task详细信息\ntask/\u003cint:task_id\u003e/result                       查看task扫描结果\ntask/\u003cint:task_id\u003e/resultflow                   查看task扫描结果流\ntask/\u003cint:task_id\u003e/newevilfunc                  查看task扫描后生成的新恶意函数\n\nrule/list                                       查看规则列表\nrule/\u003cint:rule_id\u003e                              查看规则细节\n```\n\n### console mode\n\n**建议使用console模式**\n```\npython3 kunlun.py console\n\n\n _   __            _                      ___  ___\n| | / /           | |                     |  \\/  |\n| |/ / _   _ _ __ | |    _   _ _ __       | .  . |\n|    \\| | | | '_ \\| |   | | | | '_ \\ _____| |\\/| |\n| |\\  \\ |_| | | | | |___| |_| | | | |_____| |  | |\n\\_| \\_/\\__,_|_| |_\\_____/\\__,_|_| |_|     \\_|  |_/  -v2.0\n\nGitHub: https://github.com/LoRexxar/Kunlun-M\n\nKunLun-M is a static code analysis system that automates the detecting vulnerabilities and security issue.\n\nGlobal commands:\n    help                                             Print this help menu\n    scan                                             Enter the scan mode\n    load \u003cscan_id\u003e                                   Load Scan task\n    showt                                            Show all Scan task list\n    show [rule, tamper] \u003ckey\u003e                        Show rules or tampers\n    config [rule, tamper] \u003crule_id\u003e | \u003ctamper_name\u003e  Config mode for rule \u0026 tamper\n    exit                                             Exit KunLun-M \u0026 save Config\n\n\nKunLun-M (root) \u003e\n```\n\n#### 使用KunLun-M 查看 rules 和 tampers\n\n[![asciicast](https://asciinema.org/a/360842.svg)](https://asciinema.org/a/360842)\n\n#### 使用KunLun-M 扫描漏洞\n\n[![asciicast](https://asciinema.org/a/360843.svg)](https://asciinema.org/a/360843)\n\n#### 使用KunLun-M 查看扫描结果\n\n[![asciicast](https://asciinema.org/a/360845.svg)](https://asciinema.org/a/360845)\n\n\n### plugin mode\n\n#### phpunserializechain\n\n一个自动化寻找php反序列化链的简单模型\n\n**如果是旧版本更新并使用该插件扫描同一目标，请使用-r参数renew数据库**\n\n```\npython3 .\\kunlun.py plugin php_unserialize_chain_tools -t {target_path}\n```\n\n![](docs/phpunserchain.png)\n\n\n#### EntranceFinder\n\n一个有趣的小工具，用于解决在审计大量的php代码时，快速发现存在可能的入口页面（或是开发者都遗漏的）。\n\n```\npython3 .\\kunlun.py plugin entrance_finder -t {target_path} -l 3\n```\n\n![](docs/entrancefinder.png)\n\n## 开发文档\n\n开发文档还未更新.相应的文档内容仅供参考。\n\n[dev.md](./docs/dev.md)\n\n### 规则插件开发\n\n规则插件开发遵循\n```\nrules/{语言类型}/CVI_xxxx.py\n```\n\n在规则目录下，只有命名符合规定的规则会被成功加载，命名格式严格为`CVI_编号.py`\n\n规则模板可以参考rules/rule.template\n\n### .kunlunmignore\n\n.kunlunmignore是新引入的用于黑名单扫描目录的功能。目前只支持*语法，可以用来匹配相应的目录以及文件类型。\n\n相匹配到的文件不会被扫描。\n\n当然，可以通过-b来实现\n\n## 404StarLink Project\n![](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)\n\nKunLun-M 是 404Team [星链计划](https://github.com/knownsec/404StarLink-Project)中的一环，如果对KunLun-M有任何疑问又或是想要找小伙伴交流，可以参考星链计划的加群方式。\n\n- [https://github.com/knownsec/404StarLink#%E4%BA%A4%E6%B5%81community](https://github.com/knownsec/404StarLink#%E4%BA%A4%E6%B5%81community)\n\n## Contributors\n\n感谢如下贡献者对本工具发展过程中的贡献：\n\n核心开发者：\n\n![](docs/lorexxar.jpg)\n- Knownsec 404 Team [LoRexxar](https://github.com/LoRexxar)\n\n重要贡献者：\n\n![](docs/luckycat.jpg)\n- Vidar-Team [LuckC4t](https://github.com/LuckyC4t)\n\n![](docs/sissel.jpg)\n- Dubhe [Sissel](https://github.com/boke1208)\n\n次要贡献者：\n- Dubhe [Sndav](https://github.com/Sndav)\n- [#jax777](https://github.com/jax777)\n- [lavon321](https://github.com/lavon321)\n- [Raul1718](https://github.com/Raul1718)\n- [akkuman](https://github.com/akkuman)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLoRexxar%2FKunlun-M","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FLoRexxar%2FKunlun-M","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLoRexxar%2FKunlun-M/lists"}