GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → HXSecurity → DongTai-agent-java

HXSecurity / DongTai-agent-java

Licence: Apache-2.0 license
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

Programming Languages

java
68154 projects - #9 most used programming language

Labels

agentiastdevsecopsappsec-tutorialsapplicationsecuritymonitoringdongtai-iastsecurity-scan

Projects that are alternatives of or similar to DongTai-agent-java

OneAgent-SDK-for-dotnet
Enables custom tracing of .NET applications in Dynatrace
Stars: ✭ 14 (-97.64%)
Mutual labels:  agent
havengrc
☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬
Stars: ✭ 83 (-85.98%)
Mutual labels:  devsecops
MixewayHub
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Stars: ✭ 80 (-86.49%)
Mutual labels:  devsecops
safelog4j
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Stars: ✭ 38 (-93.58%)
Mutual labels:  iast
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (-78.21%)
Mutual labels:  devsecops
muvio.bundle
A music video extras agent for Plex
Stars: ✭ 14 (-97.64%)
Mutual labels:  agent
introspector
A schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (-89.7%)
Mutual labels:  devsecops
agent-java-cucumber
Cucumber JVM version [1.0.0; 2.0.0) adapter
Stars: ✭ 21 (-96.45%)
Mutual labels:  agent
ios-mdm-agent
Flyve MDM Agent for iOS
Stars: ✭ 21 (-96.45%)
Mutual labels:  agent
glpi-agent
GLPI Agent
Stars: ✭ 89 (-84.97%)
Mutual labels:  agent
DaumMovieTVSeries.bundle
Plex Metadata Agent for daum movie & tv series
Stars: ✭ 38 (-93.58%)
Mutual labels:  agent
cups-rl
Customisable Unified Physical Simulations (CUPS) for Reinforcement Learning. Experiments run on the ai2thor environment (http://ai2thor.allenai.org/) e.g. using A3C, RainbowDQN and A3C_GA (Gated Attention multi-modal fusion) for Task-Oriented Language Grounding (tasks specified by natural language instructions) e.g. "Pick up the Cup or else"
Stars: ✭ 38 (-93.58%)
Mutual labels:  agent
postee
Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.
Stars: ✭ 160 (-72.97%)
Mutual labels:  devsecops
tutorials
Additional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (-93.92%)
Mutual labels:  appsec-tutorials
OctopusTentacle
| Public | The secure, lightweight, cross-platform agent for Octopus Server which turns any computer into a worker or deployment target for automated deployments and operations runbooks.
Stars: ✭ 25 (-95.78%)
Mutual labels:  agent
ios-inventory-agent
Flyve MDM Inventory Agent
Stars: ✭ 27 (-95.44%)
Mutual labels:  agent
vimana-framework
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: ✭ 47 (-92.06%)
Mutual labels:  devsecops
tfquery
tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Stars: ✭ 297 (-49.83%)
Mutual labels:  devsecops
awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (-79.56%)
Mutual labels:  devsecops
CSM.bundle
No description or website provided.
Stars: ✭ 22 (-96.28%)
Mutual labels:  agent
View All Similar Projects ➔

DongTai-agent-java

中文版本(Chinese version)

license Apache-2.0 GitHub stars GitHub forks GitHub Contributors

CI Github Version Release downloads

Project Introduction

Dongtai-agent-java is DongTai Iast's data acquisition tool for Java applications. In a Java application with the iast agent added, the required data is collected by rewriting class bytecode, and then the data is sent to dongtai-OpenAPI service, and then the cloud engine processes the data to determine whether there are security holes.

Dongtai-agent-java consists of agent.jar, dongtai-core-jar, dongtai-spy. Jar and dongtai-servlet.jar:

  • agent.jar It is used to manage agent life cycle and configuration. The life cycle of the Agent includes downloading, installing, starting, stopping, restarting, and uninstalling the agent. Agent configuration includes application startup mode, vulnerability verification mode, whether to enable agent, etc.
  • dongtai-core.jar The main functions of dongtai-core.jar are: bytecode piling, data collection, data preprocessing, data reporting, third-party component management, etc.
  • dongtai-inject.jar It is used to inject into the BootStrap ClassLoader. The data collection method in 'iast-core.jar' is then invoked in the target application.
  • dongtai-servlet.jar It is used to obtain the requests sent by the application and the responses received. It is used for data display and request replay.

Application Scenarios

  • DevOps
  • Security test the application before it goes online
  • Third-party Component Management
  • Code audit
  • 0 Day digging

Quick Start

Please refer to the Quick Start.

Quick Development

  1. Fork the DongTai-agent-java , clone your fork:

    git clone https://github.com/<your-username>/DongTai-agent-java

  2. Write code to your needs.

  3. Compile Dongtai-agent-Java using Maven:

    mvn clean package -Dmaven.test.skip=true
    • notice: JDK version is 1.8.

  4. folder ./release is generated in the project root directory after compilation:

    release
├── dongtai-agent.jar
└── lib
    ├── dongtai-servlet.jar
    ├── dongtai-core.jar
    └── dongtai-spy.jar

  5. Copy dongtai-core.jardongtai-spy.jardongtai-servlet.jar to the system temporary directory. Get the system temporary directory to run the following Java code:

    System.getProperty("java.io.tmpdir.dongtai");

  6. Run the application and test the code (for example, SpringBoot) : java -javaagent:/path/to/dongtai-agent.jar -Ddongtai.debug=true -jar app.jar

  7. Contribute code. If you want to contribute code to the DongTai IAST team, please read the full contribution guide.

Supported Java versions and middleware

  • Java 1.8+
  • Tomcat, Jetty, WebLogic, WebSphere, SpringBoot and Mainstream software and middleware.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].