{"id":20996345,"url":"https://github.com/hktalent/aicsa_pub","last_synced_at":"2025-06-18T21:42:13.418Z","repository":{"id":150108498,"uuid":"622920690","full_name":"hktalent/AiCSA_pub","owner":"hktalent","description":"AiCSA，Move to https://github.com/hktalent/AiCSA","archived":false,"fork":false,"pushed_at":"2023-04-03T12:17:49.000Z","size":586,"stargazers_count":10,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-14T21:52:23.516Z","etag":null,"topics":["ai","chatgpt","code-security-audit","deserialization-vulnerability","gpt-4","jar-vulnerability-analysis"],"latest_commit_sha":null,"homepage":"https://AiCSA.51pwn.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hktalent.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-03T10:34:43.000Z","updated_at":"2024-07-11T06:07:53.000Z","dependencies_parsed_at":"2023-07-07T08:46:16.827Z","dependency_job_id":null,"html_url":"https://github.com/hktalent/AiCSA_pub","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/hktalent/AiCSA_pub","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hktalent%2FAiCSA_pub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hktalent%2FAiCSA_pub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hktalent%2FAiCSA_pub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hktalent%2FAiCSA_pub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hktalent","download_url":"https://codeload.github.com/hktalent/AiCSA_pub/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hktalent%2FAiCSA_pub/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260639721,"owners_count":23040461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","chatgpt","code-security-audit","deserialization-vulnerability","gpt-4","jar-vulnerability-analysis"],"created_at":"2024-11-19T07:29:26.876Z","updated_at":"2025-06-18T21:42:08.408Z","avatar_url":"https://github.com/hktalent.png","language":"Shell","funding_links":["https://www.paypal.me/pwned2019"],"categories":[],"sub_categories":[],"readme":"[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social\u0026label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social\u0026label=Follow)](https://github.com/hktalent/)\n# Ai(ChatGPT-4) Code Security Audit\n\n源码近期放出：https://github.com/hktalent/AiCSA\n\n\u003cimg width=\"800\" alt=\"image\" src=\"https://user-images.githubusercontent.com/18223385/229501108-1c415db2-d455-40a4-9772-57af1c563532.png\"\u003e\n\n\n\n# feature\n- 相同 jar、相同 java 文件，chatGPT ( GPT-4 ) 只执行一次，结果保留在索引库中,所以不用担心多次重复执行的问题\n- 免费的 chatGPT 限速20次/分钟，付费用户可以通过修改 config/config.json 调整频率\n- 文件大于 3500 字节自动拆分发送给 chatGPT,避免过长的文件导致 chatGPT 无法处理\n- 支持 若干个 openai api key，提高并发能力\n- 基于大数据索引存储结果\n- 提供 HTTP/2.0 HTTP/3.0 web 界面\n\n# web UI\n\u003cimg width=\"715\" alt=\"image\" src=\"https://user-images.githubusercontent.com/18223385/229487667-acdfdfdb-6125-4806-9666-09ecd349e82a.png\"\u003e\n\n```\nmkdir -p src config\nvi config/config.json\n ./AiCSA  \n \nopen https://127.0.0.1:8080/indexes/\n```\n\n# How Test\n- 运行前，请先调整 ./tools/doFernflower.sh 文件，确保 java 是 11 或高版本\n- 确定 rt.jar 的路径，修改 ./tools/doFernflower.sh 文件中的 rt.jar 路径\n\n```\nfind /Library/Java/JavaVirtualMachines -name \"rt.jar\"\n```\n\nout\n```\n/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home/jre/lib/rt.jar\n/Library/Java/JavaVirtualMachines/jdk1.8.0_72.jdk/Contents/Home/jre/lib/rt.jar\n```\n\n## config/config.json example\nLimitPerMinute: 建议 api key 个数 * 3\n```\n{\n  \"proxy\": \"socks5://127.0.0.1:7890\",\n  \"LimitPerMinute\": 6,\n  \"HttpPort\": 8080,\n  \"org\": \"org-xx\",\n  \"api_key\": \"sk-xxx,sk-xxx2\",\n  \"Prefix\": \"用中文问答，分析%s java代码存在哪些安全风险,如何验证、确认他们\",\n  \"CheckRpt\": true\n}\n```\n\n# How build\n```\ngo get -u ./...\ngo mod vendor\ngo build -o AiCSA main.go\n```\n\n## 反编译jar to java\n- 源码将自动保存在 src 目录中\n- 不同的 ja r会根据hash构建一个源码目录，避免多个jar的源码冲突\n\n```\nfind $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3 -type f -name \"*.jar\" | xargs -I {} ./tools/doFernflower.sh {}\nls $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3/coherence/lib/*.jar|xargs -I {} ./tools/doFernflower.sh {}\n./tools/doFernflower.sh $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3/coherence/lib/coherence.jar\n```\n\n# Tips\n- Mac OS 所有子目录图片转换为mp4\n```\nbrew install ffmpeg\nbrew update \u0026\u0026 brew upgrade ffmpeg\n\nfind $HOME/Downloads/outImg -name '*.png' | sort | sed 's/.*/\"\u0026\"/' | tr '\\n' ' ' | xargs ffmpeg -r 30 -i - -c:v libx264 -pix_fmt yuv420p output.mp4\n```\n\n## 💖Star\n[![Stargazers over time](https://starchart.cc/hktalent/AiCSA_pub.svg)](https://starchart.cc/hktalent/AiCSA_pub)\n\n# Donation\n| Wechat Pay | AliPay | Paypal | BTC Pay |BCH Pay |\n| --- | --- | --- | --- | --- |\n|\u003cimg src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/wc.png\u003e|\u003cimg width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/zfb.png\u003e|[paypal](https://www.paypal.me/pwned2019) **miracletalent@gmail.com**|\u003cimg width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/BTC.png\u003e|\u003cimg width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/BCH.jpg\u003e|\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhktalent%2Faicsa_pub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhktalent%2Faicsa_pub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhktalent%2Faicsa_pub/lists"}