https://github.com/hktalent/aicsa_pub

AiCSA，Move to https://github.com/hktalent/AiCSA
https://github.com/hktalent/aicsa_pub

ai chatgpt code-security-audit deserialization-vulnerability gpt-4 jar-vulnerability-analysis

Last synced: 12 months ago
JSON representation

AiCSA，Move to https://github.com/hktalent/AiCSA

• Host: GitHub
• URL: https://github.com/hktalent/aicsa_pub
• Owner: hktalent
• Created: 2023-04-03T10:34:43.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2023-04-03T12:17:49.000Z (about 3 years ago)
• Last Synced: 2025-05-14T21:52:23.516Z (about 1 year ago)
• Topics: ai, chatgpt, code-security-audit, deserialization-vulnerability, gpt-4, jar-vulnerability-analysis
• Language: Shell
• Homepage: https://AiCSA.51pwn.com
• Size: 572 KB
• Stars: 10
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)

# Ai(ChatGPT-4) Code Security Audit

源码近期放出：https://github.com/hktalent/AiCSA



# feature

- 相同 jar、相同 java 文件，chatGPT ( GPT-4 ) 只执行一次，结果保留在索引库中,所以不用担心多次重复执行的问题

- 免费的 chatGPT 限速20次/分钟，付费用户可以通过修改 config/config.json 调整频率

- 文件大于 3500 字节自动拆分发送给 chatGPT,避免过长的文件导致 chatGPT 无法处理

- 支持 若干个 openai api key，提高并发能力

- 基于大数据索引存储结果

- 提供 HTTP/2.0 HTTP/3.0 web 界面

# web UI



```

mkdir -p src config

vi config/config.json

 ./AiCSA  

 

open https://127.0.0.1:8080/indexes/

```

# How Test

- 运行前，请先调整 ./tools/doFernflower.sh 文件，确保 java 是 11 或高版本

- 确定 rt.jar 的路径，修改 ./tools/doFernflower.sh 文件中的 rt.jar 路径

```

find /Library/Java/JavaVirtualMachines -name "rt.jar"

```

out

```

/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home/jre/lib/rt.jar

/Library/Java/JavaVirtualMachines/jdk1.8.0_72.jdk/Contents/Home/jre/lib/rt.jar

```

## config/config.json example

LimitPerMinute: 建议 api key 个数 * 3

```

{

  "proxy": "socks5://127.0.0.1:7890",

  "LimitPerMinute": 6,

  "HttpPort": 8080,

  "org": "org-xx",

  "api_key": "sk-xxx,sk-xxx2",

  "Prefix": "用中文问答，分析%s java代码存在哪些安全风险,如何验证、确认他们",

  "CheckRpt": true

}

```

# How build

```

go get -u ./...

go mod vendor

go build -o AiCSA main.go

```

## 反编译jar to java

- 源码将自动保存在 src 目录中

- 不同的 ja r会根据hash构建一个源码目录，避免多个jar的源码冲突

```

find $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3 -type f -name "*.jar" | xargs -I {} ./tools/doFernflower.sh {}

ls $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3/coherence/lib/*.jar|xargs -I {} ./tools/doFernflower.sh {}

./tools/doFernflower.sh $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3/coherence/lib/coherence.jar

```

# Tips

- Mac OS 所有子目录图片转换为mp4

```

brew install ffmpeg

brew update && brew upgrade ffmpeg

find $HOME/Downloads/outImg -name '*.png' | sort | sed 's/.*/"&"/' | tr '\n' ' ' | xargs ffmpeg -r 30 -i - -c:v libx264 -pix_fmt yuv420p output.mp4

```

## 💖Star

[![Stargazers over time](https://starchart.cc/hktalent/AiCSA_pub.svg)](https://starchart.cc/hktalent/AiCSA_pub)

# Donation

| Wechat Pay | AliPay | Paypal | BTC Pay |BCH Pay |

| --- | --- | --- | --- | --- |

|||[paypal](https://www.paypal.me/pwned2019) **miracletalent@gmail.com**|||