### Build for Production with Yarn
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md
Bundles the React application for production, optimizing it for performance. The output is placed in the `build` folder, minified, and with hashed filenames, ready for deployment.
```bash
yarn build
```
--------------------------------
### Start Development Server with Yarn
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md
Runs the React application in development mode, typically accessible at http://localhost:3000. It enables hot reloading for edits and displays lint errors in the console.
```bash
yarn start
```
--------------------------------
### Install Electron using npm
Source: https://github.com/yaklang/yakit/blob/master/ELECTRON_GUIDE.md
Installs the Electron framework as a development dependency using npm. It requires sourcing an environment file first.
```go
source ./electron.env
npm install --save-dev electron
```
--------------------------------
### Run Tests with Yarn
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md
Launches the test runner in an interactive watch mode, allowing for continuous testing during development. Refer to the Create React App documentation for more details on running tests.
```bash
yarn test
```
--------------------------------
### Install GRPC Client with npm
Source: https://github.com/yaklang/yakit/blob/master/ELECTRON_GUIDE.md
Installs the 'ts-proto-gen' package, which is used for generating GRPC client code, via npm.
```bash
npm install ts-proto-gen
```
--------------------------------
### Resolve M1 Chip Errors for npm Install
Source: https://github.com/yaklang/yakit/blob/master/ELECTRON_GUIDE.md
Installs necessary packages (pkg-config, pixman, cairo, pango) using Homebrew to resolve potential M1 chip compatibility issues during npm installations.
```bash
brew install pkg-config pixman cairo pango
```
--------------------------------
### Eject from Create React App Configuration with Yarn
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md
This is a one-way operation that removes the single build dependency from the project, copying all configuration files (webpack, Babel, ESLint, etc.) into the project for full control. Use with caution as it cannot be undone.
```bash
yarn eject
```
--------------------------------
### Backend IPC Handler Examples (JavaScript)
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md
Provides examples of backend IPC (Inter-Process Communication) handlers implemented in JavaScript for managing knowledge bases and entries. These handlers interact with asynchronous functions to perform database operations.
```javascript
// 获取知识库名称列表
ipcMain.handle("GetKnowledgeBaseNameList", async (e, params) => {
return await asyncGetKnowledgeBaseNameList(params)
})
// 创建知识库
ipcMain.handle("CreateKnowledgeBase", async (e, params) => {
return await asyncCreateKnowledgeBase(params)
})
// 搜索知识条目
ipcMain.handle("SearchKnowledgeBaseEntry", async (e, params) => {
return await asyncSearchKnowledgeBaseEntry(params)
})
```
--------------------------------
### Web Fuzzer with Fuzz Tags for Parameter Brute-forcing
Source: https://github.com/yaklang/yakit/blob/master/README.md
The Web Fuzzer module allows users to send custom HTTP requests. Yakit backend automatically repairs and completes essential data transmission information like CRLF, Content-Type, chunk transfer, boundary, and Content-Length. It supports fuzzing using 'Fuzz tags' for features like Host collision, Intruder, and directory busting. For example, {{int(1-10)}} can generate IDs for single-parameter brute-forcing. It also supports Cartesian product for multi-parameter fuzzing and importing external dictionaries like {{file(/tmp/username.txt)}}.
```Go
package main
import (
"bytes"
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
)
// Simulate Fuzz tag processing for demonstration
func processFuzzTags(payload string) []string {
// In a real scenario, this would parse and generate values based on tags
if strings.Contains(payload, "{{int(1-10)}}") {
var results []string
for i := 1; i <= 10; i++ {
results = append(results, strings.Replace(payload, "{{int(1-10)}}", fmt.Sprintf("%d", i), 1))
}
return results
}
return []string{payload}
}
func main() {
url := "http://example.com/api/users"
payloadTemplate := `{"id": {{int(1-10)}}, "name": "test"}`
generatedPayloads := processFuzzTags(payloadTemplate)
for _, payload := range generatedPayloads {
req, err := http.NewRequest("POST", url, bytes.NewBuffer([]byte(payload)))
if err != nil {
fmt.Fprintf(os.Stderr, "Error creating request: %v\n", err)
continue
}
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Fprintf(os.Stderr, "Error sending request: %v\n", err)
continue
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error reading response body: %v\n", err)
continue
}
fmt.Printf("Payload: %s, Status: %s, Response: %s\n", payload, resp.Status, string(body))
}
}
```
--------------------------------
### Yakit Teamserver: Local and Remote Modes
Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md
Yakit supports both local and remote modes for its teamserver. In local mode, it starts a yak grpc server on a random port. In remote mode, users can run 'yak grpc' to start the server on any platform or network location, facilitating distributed security testing.
```Shell
# To start Yakit in local mode (default):
yak grpc
# To start Yakit in remote mode on a remote host:
# ssh user@remote_host "yak grpc"
# To start Yakit in bridge mode for internal network traversal:
yak grpc --bridge
```
--------------------------------
### Use KnowledgeBaseDemo Component
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md
Shows how to use the KnowledgeBaseDemo component for demonstration purposes. This involves importing the demo component and rendering it directly.
```tsx
import { KnowledgeBaseDemo } from '@/components/playground/knowlegeBase'
function App() {
return
}
```
--------------------------------
### Initialize and Configure xterm.js Terminal
Source: https://github.com/yaklang/yakit/blob/master/app/main/handlers/openConsoleNewWin/index.html
Initializes the xterm.js terminal, loads the FitAddon for automatic resizing, and opens the terminal in the specified DOM element. It also sets up a custom key event handler for copying selected text to the clipboard via IPC.
```javascript
const { ipcRenderer } = require('electron')
const getLocalValue = async (k, defaultValue) => {
try {
const result = await ipcRenderer.invoke("fetch-local-cache", k)
return result ?? defaultValue
} catch {
return defaultValue
}
}
getLocalValue("theme", "light").then((t) => {
document.documentElement.setAttribute("data-theme", t)
})
ipcRenderer.on('xterm-theme', (event, data) => {
term.options.theme = data.xtermThemeVars
document.body.style.backgroundColor = data.xtermThemeVars.background
const terminalDom = document.getElementById("terminal")
terminalDom.style.backgroundColor = data.xtermThemeVars.background
})
ipcRenderer.on('xterm-data', (event, data) => {
term.write(data)
})
const term = new window.Terminal({
convertEol: true
})
const fitAddon = new window.FitAddon.FitAddon()
term.loadAddon(fitAddon)
term.open(document.getElementById('terminal'))
fitAddon.fit()
window.addEventListener('resize', () => fitAddon.fit())
term.attachCustomKeyEventHandler((event) => {
if ((event.ctrlKey || event.metaKey) && event.code === "KeyC") {
const selection = term.getSelection()
if (selection) {
ipcRenderer.send('console-terminal-window-copy', selection)
return false
}
}
return true
})
```
--------------------------------
### Use KnowledgeBaseManager Component
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md
Demonstrates how to directly use the main KnowledgeBaseManager component within an application. It requires importing the component and rendering it within a container with a defined height.
```tsx
import { KnowledgeBaseManager } from '@/components/playground/knowlegeBase'
function App() {
return (
)
}
```
--------------------------------
### Yakit Fuzz Tag: Parameter Brute-forcing and Dictionary Integration
Source: https://github.com/yaklang/yakit/blob/master/README-EN.md
Yakit's Web Fuzzer integrates functionalities like Host collision, Intruder, and directory brute-forcing via Fuzz tags. It supports automatic generation of parameter ranges (e.g., {{int(1-10)}}) and Cartesian products for multiple parameters, simplifying brute-forcing compared to BurpSuite's Intruder. It also allows importing external dictionaries (e.g., {{file(/tmp/username.txt)}}) and embedding Yak scripts for dynamic data generation.
```Yakit
## Fuzztag
The Web Fuzzer module supports seamless integration of functionalities such as Host collision, Intruder, and directory brute-forcing through Fuzz tags. For example, in a single parameter brute-forcing scenario, let's take the user ID as an example. You can use the {{int(1-10)}} tag to automatically generate a range of IDs for brute-forcing. In scenarios where multiple parameters need to be brute-forced, the Cartesian product of the parameters is used for the brute-forcing. This eliminates the need to select the brute-forcing method and import dictionaries, reducing user operation steps and aligning with user habits compared to BurpSuite's Intruder module.
In addition to generating parameters using tags, the Web Fuzzer module also supports importing external dictionaries. For example: {{file(/tmp/username.txt)}}. In more complex data scenarios, the Web Fuzzer module allows the insertion of hot-loaded tags. For example, if you need to brute-force ID numbers from a specific region, you can directly insert Yak scripts in the Web Fuzzer module to generate the data for brute-forcing. In contrast, BurpSuite's Intruder module would require writing code to generate dictionaries and then importing them into the Intruder module.
```
--------------------------------
### JavaScript Conditional Loading Indicator
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/public/index.html
Checks if the current window is a child window by examining the URL query parameters. If it is, it dynamically injects HTML for a loading message and spinner.
```javascript
// 判断是否子窗口
const isChild = window.location.search.includes('window=child')
if (isChild) {
document.write(` `);
}
```
--------------------------------
### KnowledgeBaseEntry Interface Definition
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md
Defines the TypeScript interface for a knowledge base entry, encompassing details such as ID, title, content, keywords, importance score, and source information.
```typescript
interface KnowledgeBaseEntry {
ID: number
KnowledgeBaseId: number
KnowledgeTitle: string
KnowledgeType: string
ImportanceScore: number // 1-10的重要度评分
Keywords: string[] // 关键词数组
KnowledgeDetails: string // 详细内容
Summary: string // 摘要
SourcePage: number // 源页码
PotentialQuestions: string[] // 潜在问题数组
PotentialQuestionsVector: number[] // 问题向量(后端生成)
CreatedAt?: string
UpdatedAt?: string
}
```
--------------------------------
### Generate ERM Diagram with @viz-js/viz
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/entityRepository/README.md
This snippet demonstrates how to generate an ERM diagram by converting DOT code to SVG format using the @viz-js/viz library. It supports specifying entity IDs and depth parameters, and allows switching between SVG and DOT code views.
```javascript
import { Viz } from '@viz-js/viz';
const viz = new Viz();
// Example DOT code
const dotCode = `
digraph G {
A -> B;
B -> C;
}
`;
// Convert DOT to SVG
const svgElement = viz.renderSVGElement(dotCode);
// Append to the DOM or display
document.body.appendChild(svgElement);
// To get the SVG string:
const svgString = viz.renderSVGElement(dotCode).outerHTML;
```
--------------------------------
### KnowledgeBase Interface Definition
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md
Defines the TypeScript interface for a knowledge base, including properties like ID, name, description, type, and timestamps.
```typescript
interface KnowledgeBase {
Id: number
KnowledgeBaseName: string
KnowledgeBaseDescription: string
KnowledgeBaseType: string
CreatedAt?: string
UpdatedAt?: string
}
```
--------------------------------
### Yakit MITM Console: Interactive Hijacking
Source: https://github.com/yaklang/yakit/blob/master/README-EN.md
The MITM Console in Yakit allows for full replacement of tools like BurpSuite, enabling certificate management, request/response hijacking, and packet editing. It supports a streamlined workflow with hijacking, history tracking, and integration with Repeater and Intruder. Features include Gzip decoding, chunk processing, and human-readable request display for modification and replay.
```Yakit
## MITM Interactive Hijacking
The MITM (Man-in-the-Middle) Console in Yakit can fully replace BurpSuite and perform all operations, including downloading and installing certificates, hijacking requests and responses, and editing intercepted packets. It provides a smooth workflow that involves hijacking, history tracking, and using tools like Repeater and Intruder. Users can intercept data, view historical data in the history section, select packets for further analysis, and send them to the Web Fuzzer for Repeater or Intruder operations. In addition to these typical use cases, the MITM module in Yakit offers more flexible features such as plugin-based passive scanning, hot reloading, packet substitution, and tagging.
The underlying principle of Yakit's MITM module is to start an HTTP proxy that automatically forwards traffic. When a user initiates a manual hijack, the automatic forwarding is stopped, and the request is blocked and popped out of the stack. The module then performs tasks such as Gzip decoding, chunk processing, and decoding to make the request human-readable, which is then displayed to the user. Users can view, modify, or replay requests as needed. During replay, the Yakit engine repairs the user-constructed HTTP request to ensure its validity. Yak's engine has a custom-built HTTP library, allowing users to customize malformed requests and responses, which can be useful in exploiting vulnerabilities in specific scenarios.
```
--------------------------------
### Yakit Client: gRPC Server for Yak Language
Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md
Yakit is a client-side tool developed using the Yak language, featuring a gRPC server to lower the barrier to entry for using Yak's security capabilities. It provides a GUI interface for easier interaction and aims to offer an alternative to tools like Burpsuite.
```Go
package main
import (
"context"
"fmt"
"log"
"net"
"google.golang.org/grpc"
"yak/proto/yakitpb"
)
type server struct {
yakitpb.UnimplementedYakitServer
}
func (s *server) InterceptRequest(ctx context.Context, req *yakitpb.InterceptRequest) (*yakitpb.InterceptResponse, error) {
log.Printf("Received request: %v", req)
// Process request, modify if needed
return &yakitpb.InterceptResponse{ModifiedRequest: req.GetRequest()},
nil
}
func main() {
lis, err := net.Listen("tcp", ":50051")
if err != nil {
log.Fatalf("failed to listen: %v", err)
}
ss := grpc.NewServer()
yakitpb.RegisterYakitServer(ss, &server{})
if err := ss.Serve(lis); err != nil {
log.Fatalf("failed to serve: %v", err)
}
}
```
--------------------------------
### Yakit Plugin System: Yak-based Extensibility
Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md
Yakit features a powerful plugin system where core logic is implemented in the Yak language. This allows for rapid development and integration of new security capabilities, with the ability to interact with the GUI. Developers can create custom detection abilities using Yak or YAML.
```Yak
// Example of a Yak plugin for vulnerability detection
package main
import (
"fmt"
"yak/core"
"yak/http"
"yak/nuclei"
)
func main() {
// Register a new plugin
core.RegisterPlugin("weblogic-scan", func(target string) {
fmt.Printf("Scanning %s for WebLogic vulnerabilities...\n", target)
// Use nuclei integration for vulnerability scanning
results, err := nuclei.Scan(target, "weblogic")
if err != nil {
fmt.Printf("Nuclei scan failed: %v\n", err)
return
}
fmt.Println("Vulnerability scan results:")
for _, result := range results {
fmt.Printf("- %s: %s\n", result.TemplateID, result.Name)
}
// Example of interacting with HTTP module
resp, err := http.Get(target + "/console/login.portal")
if err == nil && resp.StatusCode == 200 {
fmt.Println("WebLogic console is accessible.")
}
})
}
```
--------------------------------
### Integrating Yaklang Scripts for Dynamic Traffic Debugging
Source: https://github.com/yaklang/yakit/blob/master/README.md
Yakit allows embedding Yaklang scripts to dynamically debug traffic. This enables users to execute custom code at various stages of the penetration testing process. The platform's gRPC server facilitates the execution of these scripts, allowing for real-time manipulation and analysis of network traffic.
```Yak
// Example Yaklang script for traffic manipulation
def handle_request(request) {
// Modify request headers or body
request.headers["X-Yak-Debug"] = "enabled"
request.body = request.body + "\n// Injected by Yaklang script"
return request
}
def handle_response(response) {
// Analyze or modify response
if response.status_code == 200 {
print("Successful response received.")
}
return response
}
// This script would be loaded and executed by the Yakit client
// through its gRPC interface.
```
--------------------------------
### Yak Language: Network Security Domain-Specific Language
Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md
Yak is an open-source, domain-specific language for network security, developed by engineers with extensive cybersecurity experience. It combines Golang's concurrency, Python's simple syntax, and scripting capabilities, with native network security functions like port scanning and service fingerprinting. It is Turing-complete and easy to learn.
```Yak
package main
import (
"fmt"
"yak/net/port"
"yak/net/finger"
)
func main() {
// Example: Port scanning
ports, err := port.Scan("127.0.0.1", "22-443")
if err != nil {
fmt.Println("Error scanning ports:", err)
} else {
fmt.Println("Open ports:", ports)
}
// Example: Service fingerprinting
fingerprint, err := finger.Scan("127.0.0.1", 80)
if err != nil {
fmt.Println("Error fingerprinting service:", err)
} else {
fmt.Println("Service fingerprint:", fingerprint)
}
}
```
--------------------------------
### Yakit Reverse Shell
Source: https://github.com/yaklang/yakit/blob/master/README-EN.md
Listens on a specified port for incoming reverse shells, providing a user-friendly experience similar to SSH for controlling remote servers.
```Yakit
package main
import (
"fmt"
"net"
)
func main() {
port := ":4444"
listener, err := net.Listen("tcp", port)
if err != nil {
fmt.Printf("Error listening on port %s: %v\n", port, err)
return
}
defer listener.Close()
fmt.Printf("Listening for reverse shells on port %s\n", port)
for {
conn, err := listener.Accept()
if err != nil {
fmt.Printf("Error accepting connection: %v\n", err)
continue
}
go handleConnection(conn)
}
}
func handleConnection(conn net.Conn) {
defer conn.Close()
fmt.Printf("Received connection from %s\n", conn.RemoteAddr())
// In a real scenario, you would implement shell interaction here
// For example, reading commands and writing output
// Example: Send a welcome message
_, err := conn.Write([]byte("Welcome to the Yakit reverse shell!\n"))
if err != nil {
fmt.Printf("Error sending welcome message: %v\n", err)
return
}
// Keep the connection open until closed by the client or an error occurs
buffer := make([]byte, 1024)
for {
n, err := conn.Read(buffer)
if err != nil {
fmt.Printf("Error reading from connection: %v\n", err)
break
}
fmt.Printf("Received command: %s\n", string(buffer[:n]))
// Process command and send response
}
}
```
--------------------------------
### CSS Loading Spinner Animation
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/public/index.html
Defines the styles for the loading indicator container and the animated spinner element. It includes keyframes for a continuous rotation effect.
```css
html, body { height: 100vh; margin: 0; padding: 0; }
#initial-loading { display: flex;
align-items: center;
justify-content: center;
height: 100vh;
background: var(--yakit-colors-Neutral-0);
}
#initial-loading span { margin-right: 10px;
font-size: 24px;
color: var(--yakit-colors-Neutral-80);
}
#initial-loading .initial-spinner { width: 20px;
height: 20px;
border: 2px solid var(--yakit-colors-Neutral-40);
border-top: 2px solid var(--yakit-colors-Neutral-80);
border-radius: 50%;
animation: initial-spinner 0.8s linear infinite;
box-sizing: border-box;
}
@keyframes initial-spinner {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
```
--------------------------------
### Terminal Styling
Source: https://github.com/yaklang/yakit/blob/master/app/main/handlers/openConsoleNewWin/index.html
Applies basic styling to the terminal and its container to ensure it occupies the full viewport and handles overflow correctly.
```css
html, body { height: 100%; margin: 0; overflow: hidden; }
#terminal { width: 100vw; height: 100vh; }
```
--------------------------------
### Yakit Web Fuzzer: Traffic Replay and Fuzz Testing
Source: https://github.com/yaklang/yakit/blob/master/README-EN.md
The Web Fuzzer module in Yakit enables user-defined HTTP raw request sending with backend support for repairing and completing necessary information. It automatically fixes CRLF, Content-Type, handles chunked transfer encoding, adds boundaries, and corrects Content-Length, allowing users to focus on data manipulation.
```Yakit
## Web Application Interactive Traffic Replay and Fuzz Testing.
The Web Fuzzer module supports user-defined HTTP raw request sending. To make it user-friendly and intuitive, Yakit's backend performs several tasks. It ensures that the necessary information for data transmission and parsing in the HTTP raw request is repaired and completed. For example, Yakit fixes CRLF, completes the Content-Type, handles chunked transfer encoding, adds the missing boundary, corrects the Content-Length, and so on. This allows users to focus on the data-related information without worrying about the underlying intricacies of the HTTP protocol.
```
--------------------------------
### MITM Traffic Interception and Modification
Source: https://github.com/yaklang/yakit/blob/master/README.md
Yakit's MITM module acts as an HTTP proxy to intercept, block, and modify traffic. It processes requests by decompressing Gzip, handling chunks, and decoding data for readability. Users can view, modify, or replay requests, with Yak engine automatically repairing HTTP packets for validity. It supports custom malformed requests and responses for specific vulnerability exploitation scenarios.
```Go
package main
import (
"fmt"
"net/http"
"net/http/httputil"
"os"
)
func main() {
proxy := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fmt.Printf("Intercepted request: %s %s\n", r.Method, r.URL.String())
// Example: Modify a request header
r.Header.Set("X-Intercepted-By", "Yakit")
// Forward the request to the original destination
proxy := httputil.NewSingleHostReverseProxy(r.URL)
proxy.ServeHTTP(w, r)
})
server := &http.Server{
Addr: ":8080",
Handler: proxy,
}
fmt.Println("Starting MITM proxy on :8080")
if err := server.ListenAndServe(); err != nil {
fmt.Fprintf(os.Stderr, "Error starting proxy: %v\n", err)
os.Exit(1)
}
}
```
--------------------------------
### Yakit Native Java Deserialization Support
Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md
Yakit provides native support for Java deserialization protocols, eliminating the need for external tools like ysoserial and Java environments. This allows users to easily generate payloads and test for Java deserialization vulnerabilities directly within Yak scripts.
```Yak
package main
import (
"fmt"
"yak/java/deserialization"
)
func main() {
// Example: Generate a payload for a specific gadget chain
payload, err := deserialization.GeneratePayload("commons-collections4", "org.apache.commons.collections4.functors.InvokerTransformer", "Runtime.exec", "calc.exe")
if err != nil {
fmt.Println("Error generating payload:", err)
} else {
fmt.Println("Generated payload:", payload)
// Send payload to target...
}
}
```
--------------------------------
### Define Event Bus Types in eventBus.tsx
Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/utils/eventBus/index.md
This snippet demonstrates how to define event bus types within the eventBus.tsx file. It involves adding signal source definitions to the Events array and checking for naming conflicts.
```typescript
// The following code blocks are all within the eventBus.tsx file
// Find the eventBus.tsx file
// Find the type Events = [...] line, and sequentially add the defined signal source names to the array
// If the following code shows a red wavy line error after import, it means there is a naming conflict with the imported signal source, please check and adjust the name
let checkVal: CheckVal = true
```
=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.