AntSwordProject / Ant
实时上线的 XSS 盲打平台
Stars: ✭ 340
Programming Languages
javascript
184084 projects - #8 most used programming language
Labels
Projects that are alternatives of or similar to Ant
Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (-21.47%)
Mutual labels: xss
Findom Xss
A fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-8.82%)
Mutual labels: xss
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-95.88%)
Mutual labels: xss
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+1034.71%)
Mutual labels: xss
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-21.47%)
Mutual labels: xss
xssmap
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (-68.53%)
Mutual labels: xss
XSS-Cheatsheet
XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
Stars: ✭ 26 (-92.35%)
Mutual labels: xss
Vuejs Serverside Template Xss
Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability
Stars: ✭ 278 (-18.24%)
Mutual labels: xss
wasec
Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Stars: ✭ 74 (-78.24%)
Mutual labels: xss
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (-2.65%)
Mutual labels: xss
Javacodeaudit
Getting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (-15%)
Mutual labels: xss
蚁逅@1.0
代码仅供学习参考与合法的研究测试。
使用 Docker
$ wget https://raw.githubusercontent.com/AntSwordProject/ant/master/docker-compose.yml
$ docker-compose -f docker-compose.yml up -d
如果需要配置邮件, 只需要修改 docker-compose.yml
中部分环境变量
- ANT_MAIL_HOST=smtp.qq.com
- ANT_MAIL_PORT=465
- ANT_MAIL_SECURE=true
- [email protected]
- ANT_MAIL_PASSWORD=email-password
手动安装与布署
0. 依赖环境
本人使用测试环境
应用 | 版本 |
---|---|
Ubuntu | 14.04 |
Nodejs | 0.12.x |
Mongodb | 2.6.7 |
提示:高版本也可正常使用
所需环境请自行安装。
1. 获取代码
$ git clone https://github.com/antoor/ant.git
或者使用下面的链接下载源码并解压:
$ wget https://github.com/antoor/ant/archive/master.zip
2. 安装必要模块
$ cd web
$ npm install
3. 安装数据库
-
启动数据库
$ cd database $ mongod -f db.conf
-
导入数据
$ mongorestore
4. 启动程序
$ cd web
$ node app
启动成功后访问
http://127.0.0.1:3000
默认管理账号 [email protected]
,密码 123456
其它配置
1. 邮箱账号
这个功能采用了nodemailer
模块,目前个人使用的是QQ邮箱的SMTP功能,用户可自行更改
设置以下环境变量, 然后启动即可
export ANT_MAIL_NAME='ANT' \
ANT_MAIL_HOST='smtp.qq.com' \
ANT_MAIL_PORT=465 \
ANT_MAIL_SECURE=true \
ANT_MAIL_EMAIL='[email protected]' \
ANT_MAIL_PASSWORD='email-password'
2. 扩展功能
本程序采用了模块化的插件设计,你可以进入 addons
目录,根据名称寻找对应的插件进行更改即可。
route.js
为服务端脚本,client.js
为未压缩客户端脚本,请编辑后使用uglifyjs
进行压缩成client.min.js
文件覆盖原文件。
注意事项
-
Chrome 70 之后,非 https 环境下不能访问 applicationCache, 请务必配置 https 后访问后台。客户端不受影响。
-
建议在前面配置 nginx 反向代理,同时开启 http 和 https
说明
开发一个有用的程序很简单,能坚持维护下去却很难。
我把此代码开源出来,目的很简单:能与同样有兴趣的朋友一起学习分享。
代码写得很烂,现在看来惨不忍睹~不过也算是自己学习中的小作品,你可以参考参考,也可以搭建玩耍玩耍。
本项目不再更新维护。
如果你有兴趣,可以进行修改优化增强,但不能用于盈利以及非法用途
再次感谢大家的支持!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].