"huoxian DongTaiIast" is an auxiliary tool specially designed for Party A's security personnel, Party A's code audit engineers and 0 day.
vulnerability mining personnel. It can be used to integrate Devops environment for vulnerability detection, as an auxiliary tool for code audit and automatic mining 0 day.
"huoxian DongTaiIast" has five modules, namely Dongtai webapi, Dongtai OpenAPI, Dongtai engine, Dongtai web and agent, among which:
dongtai webapiis used to interact withDongtai weband is responsible for user related API requests;dongtai OpenAPIis used to interact withagent, process the data reported by agent, issue policies to agent, control the operation of agent, etcdongtai engineis used to analyze and process the data received byDongtai OpenAPI, calculate the existing vulnerabilities and available stain call chains, etcdongtai webis the front-end project of "huoxian DongTaiIast" and is responsible for page display- The
agentis the data collection terminal of each language. It collects the corresponding data from the project where the probe is installed and sends it to theDongtai OpenAPIservice
- Install
NPMdependency
$ npm install- Modify local configuration file
Change the .env file in the directory_TARGET_HOST = 'http://test.iast.huoxian.cn:8081' modified to Vue_TARGET_Host = 'address of your backend service'
- Execute the operation command
$ npm run dev- Install
NPMdependency
$ npm install- Compile to a releasable version
$ npm run build-
Put the
distdirectory into the static resource directory of nginx service -
Modify nginx configuration and set the back-end service corresponding to the front-end interface. For nginx configuration, refer to
nginx.conf
