DongTai-web
##Project introduction "huoxian DongTaiIast" is an auxiliary tool specially designed for Party A's security personnel, Party A's code audit engineers and 0 day.
vulnerability mining personnel. It can be used to integrate Devops environment for vulnerability detection, as an auxiliary tool for code audit and automatic mining 0 day.
"huoxian DongTaiIast" has five modules, namely Dongtai webapi
, Dongtai OpenAPI
, Dongtai engine
, Dongtai web
and agent
, among which:
dongtai webapi
is used to interact withDongtai web
and is responsible for user related API requests;dongtai OpenAPI
is used to interact withagent
, process the data reported by agent, issue policies to agent, control the operation of agent, etcdongtai engine
is used to analyze and process the data received byDongtai OpenAPI
, calculate the existing vulnerabilities and available stain call chains, etcdongtai web
is the front-end project of "huoxian DongTaiIast" and is responsible for page display- The
agent
is the data collection terminal of each language. It collects the corresponding data from the project where the probe is installed and sends it to theDongtai OpenAPI
service
##Local development
- Install
NPM
dependency
$ npm install
- Modify local configuration file
Change the .Env
file in the directory_ TARGET_ HOST = ' http://test.iast.huoxian.cn:8081 '
modified to Vue_ TARGET_ Host = 'address of your backend service'
- Execute the operation command
$ npm run dev
##Deployment scheme
- Install
NPM
dependency
$ npm install
- Compile to a releasable version
$ npm run build
-
Put the
dist
directory into the static resource directory of nginx service -
Modify nginx configuration and set the back-end service corresponding to the front-end interface. For nginx configuration, refer to
nginx.conf
###Documentation