{"id":14637888,"url":"https://github.com/keven1z/simpleIAST","last_synced_at":"2025-09-07T06:31:26.512Z","repository":{"id":175313035,"uuid":"653699685","full_name":"keven1z/simpleIAST","owner":"keven1z","description":"simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。","archived":false,"fork":false,"pushed_at":"2024-11-30T09:37:04.000Z","size":462,"stargazers_count":14,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-11-30T10:27:40.040Z","etag":null,"topics":["agent","iast","java","security-audit","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keven1z.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-14T14:48:22.000Z","updated_at":"2024-11-30T09:34:18.000Z","dependencies_parsed_at":null,"dependency_job_id":"ab11efef-0eba-4b6a-ba16-181f9f1ec0ba","html_url":"https://github.com/keven1z/simpleIAST","commit_stats":null,"previous_names":["keven1z/simpleiast"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2FsimpleIAST","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2FsimpleIAST/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2FsimpleIAST/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2FsimpleIAST/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keven1z","download_url":"https://codeload.github.com/keven1z/simpleIAST/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232183006,"owners_count":18484721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","iast","java","security-audit","security-tools"],"created_at":"2024-09-10T02:01:23.227Z","updated_at":"2025-01-02T10:31:08.663Z","avatar_url":"https://github.com/keven1z.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n#  simpleIAST  ![0.1.0 (shields.io)](https://img.shields.io/badge/0.1.0-brightgreen.svg)\n\n\u003c/div\u003e\n\n\n\u003cp align=\"center\"\u003e\nsimpleIAST是一种交互式应用程序安全测试工具。\n\u003c/p\u003e\n\n\n## 快速开始\n\n### 1. clone项目\n\n```shell\ngit clone https://github.com/keven1z/simpleIAST.git\n```\n### 2. docker运行\n```shell\ncd ./simpleIAST/docker/\ndocker-compose up -d\n```\n### 3. 访问\n访问地址: http://\\[your_ip\\]:8443/\n默认用户名: admin\n默认密码: 123456\n\n\u003e 前端端口:  8443\n\u003e \n\u003e 后端端口: 81\n\u003e \n\u003e 数据库端口: 33060\n\u003e \n\u003e redis端口: 63790\n\n## Agent启动\n\u003e 将iast-agent.jar和iast-engine.jar 放在同一目录\n### 跟随应用启动运行\n```shell\njava -javaagent:iast-agent.jar -jar [app.jar] # \n```\n### 应用启动完成attach方式运行\n```shell\n# attach方式安装agent\njava -jar iast-engine.jar -m install -p [pid] \n# attach方式卸载agent\njava -jar iast-engine.jar -m uninstall -p [pid] \n```\n## 兼容\n### 支持中间件\n\n* Tomcat\n* Springboot\n* Jetty\n* Weblogic\n* glassfish\n* WildFly\n* TongWeb\n* Resin\n* Undertow\n\n### 支持JDK\n* jdk 1.8\n* jdk 11\n\n## 支持漏洞\n* SQL注入\n* 反序列化漏洞\n* SSRF\n* URL跳转漏洞\n* XXE\n* 命令注入\n* 文件上传\n* XSS\n* Spring EL表达式注入\n* 数据库弱口令\n* XPATH注入\n* 硬编码漏洞\n\n## 漏洞详情展示\n![img.png](img/detail.png)\n\n## 使用文档\n\u003e 快马加鞭编写中...\n\n## 计划\n- [ ] 心跳包采用websocket\n- [x] API改造\n- [x] 漏洞检测数量，覆盖[ant-application-security-testing-benchmark](https://github.com/alipay/ant-application-security-testing-benchmark)\n- [x] 服务端交互界面(11月底)\n- [x] 支持多种中间件\n\n## 鸣谢\n\u003e [IntelliJ IDEA](https://zh.wikipedia.org/zh-hans/IntelliJ_IDEA) 是一个在各个方面都最大程度地提高开发人员的生产力的 IDE，适用于 JVM 平台语言。\n\n特别感谢 [JetBrains](https://www.jetbrains.com/?from=mirai) 为开源项目提供免费的 [IntelliJ IDEA](https://www.jetbrains.com/idea/?from=mirai)授权\n\n![](https://resources.jetbrains.com/storage/products/company/brand/logos/jetbrains.svg)\n\n## License\n本项目采用 Apache License 2.0 开源授权许可证。","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeven1z%2FsimpleIAST","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeven1z%2FsimpleIAST","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeven1z%2FsimpleIAST/lists"}