Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/yhy0/ChYing
承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能
https://github.com/yhy0/ChYing
bbscan burpsuite dirsearch golang jwt swagger vulnerability-scanner wails web-vulnerability-scanners
Last synced: 3 months ago
JSON representation
承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能
- Host: GitHub
- URL: https://github.com/yhy0/ChYing
- Owner: yhy0
- License: agpl-3.0
- Created: 2023-04-24T06:33:44.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-06-11T03:39:40.000Z (over 1 year ago)
- Last Synced: 2024-06-19T17:50:23.902Z (6 months ago)
- Topics: bbscan, burpsuite, dirsearch, golang, jwt, swagger, vulnerability-scanner, wails, web-vulnerability-scanners
- Language: Go
- Homepage:
- Size: 6.54 MB
- Stars: 335
- Watchers: 7
- Forks: 23
- Open Issues: 3
-
Metadata Files:
- Readme: README-en.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - yhy0/ChYing - 承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能 (Go)
README
## ChYing
将旦昧爽之交,日夕昏明之际,北面而察之,淡淡焉若有物存,莫识其状。其所触也,窃窃然有声,经物而物不疾也。
[简体中文](./README.md) · [English](./README-en.md)
ChYing is a comprehensive security toolbox designed to simplify various security testing tasks. It provides a range of features and tools, including directory scanning, JWT , Swagger API testing, encoding/decoding utilities, a lightweight BurpSuite alternative, and antivirus assistance. ChYing aims to assist security professionals and developers in identifying vulnerabilities and strengthening the security of their applications.
https://github.com/yhy0/ChYing/assets/31311038/54cc1130-fb95-4a8f-b90e-3479e9c5a2c7
## Project Setup
https://wails.io/docs/gettingstarted/installation/
Install **Wails**.
Then run `wails build`.
## Features
### Directory Scanning
Scanning using dictionary rules extracted from [dirsearch](https://github.com/maurosoria/dirsearch). Currently, only scans a single level of directories. Future considerations include traversing multiple levels of directories based on the discovered directories.
Scanning with [bbscan](https://github.com/lijiejie/bbscan) rules.
### Swagger Testing
Unauthenticated, SSRF, and injection testing on `swagger api`.
### 403 Bypass
Automatic 403 bypass for the Swagger features.
https://github.com/devploit/dontgo403
https://infosecwriteups.com/403-bypass-lyncdiscover-microsoft-com-db2778458c33
### JWT
- JWT token parsing with visual display similar to [jwt.io](https://jwt.io/).
- JWT key cracking.### NucleiY
Key vulnerability scanning based on nuclei
https://github.com/yhy0/nucleiY
### BurpSuite
Utilizing the features of the [go-mitmproxy](https://github.com/lqqyt2423/go-mitmproxy) project to replicate BurpSuite functionality.
[Certificate Installation](https://github.com/lqqyt2423/go-mitmproxy#usage):
After launching, the default HTTP proxy address is set to port 9080.
For the first launch, you need to install a certificate to decrypt HTTPS traffic. The certificate will be automatically generated after the first launch command and saved in ~/.mitmproxy/mitmproxy-ca-cert.pem. The installation steps can be found in the Python mitmproxy documentation: [Certificates](https://docs.mitmproxy.org/stable/concepts-certificates/).
- [x] Proxy module
- [x] Repeater module
- [x] Intruder module### Configurable Dictionaries
Various dictionary files are used. On the first run, the built-in dictionaries will be released to the `.config/ChYing` directory in the user's folder, and they will be read on each subsequent run.
### Encoding and Decoding
Unicode, URL, Hex, Base64 encoding/decoding.MD5 encryption.
### Antivirus Recognition
https://github.com/gh0stkey/avList/blob/master/avlist.js
## Issues
Lack of frontend expertise; heavily reliant on ChatGPT.- Currently, each tab page needs to be clicked to activate it, which means BurpSuite requires clicking through each page before using it.
- Intruder module
- The Attack display cannot switch to other Intruder tab pages, otherwise the results won't be displayed. It's a frontend data binding issue. Still figuring out the best way to address it.## License
This code is distributed under the [AGPL-3.0 license](https://github.com/yhy0/ChYing/blob/main/LICENSE). See [LICENSE](https://github.com/yhy0/ChYing/blob/main/LICENSE) in this directory.
## Acknowledgements
Special thanks to [JetBrains](https://www.jetbrains.com/) for providing a range of powerful IDEs and supporting this project.
![JetBrains Logo (Main) logo](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)
https://github.com/lijiejie/bbscan
https://github.com/maurosoria/dirsearch
https://github.com/devploit/dontgo403
https://github.com/lqqyt2423/go-mitmproxy
https://github.com/gh0stkey/avList/
https://wails.io/
https://www.naiveui.com/
## Star History
[![Star History Chart](https://api.star-history.com/svg?repos=yhy0/ChYing&type=Date)](https://star-history.com/#yhy0/ChYing&Date)