### Build for Production with Yarn Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md Bundles the React application for production, optimizing it for performance. The output is placed in the `build` folder, minified, and with hashed filenames, ready for deployment. ```bash yarn build ``` -------------------------------- ### Start Development Server with Yarn Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md Runs the React application in development mode, typically accessible at http://localhost:3000. It enables hot reloading for edits and displays lint errors in the console. ```bash yarn start ``` -------------------------------- ### Install Electron using npm Source: https://github.com/yaklang/yakit/blob/master/ELECTRON_GUIDE.md Installs the Electron framework as a development dependency using npm. It requires sourcing an environment file first. ```go source ./electron.env npm install --save-dev electron ``` -------------------------------- ### Run Tests with Yarn Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md Launches the test runner in an interactive watch mode, allowing for continuous testing during development. Refer to the Create React App documentation for more details on running tests. ```bash yarn test ``` -------------------------------- ### Install GRPC Client with npm Source: https://github.com/yaklang/yakit/blob/master/ELECTRON_GUIDE.md Installs the 'ts-proto-gen' package, which is used for generating GRPC client code, via npm. ```bash npm install ts-proto-gen ``` -------------------------------- ### Resolve M1 Chip Errors for npm Install Source: https://github.com/yaklang/yakit/blob/master/ELECTRON_GUIDE.md Installs necessary packages (pkg-config, pixman, cairo, pango) using Homebrew to resolve potential M1 chip compatibility issues during npm installations. ```bash brew install pkg-config pixman cairo pango ``` -------------------------------- ### Eject from Create React App Configuration with Yarn Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/README.md This is a one-way operation that removes the single build dependency from the project, copying all configuration files (webpack, Babel, ESLint, etc.) into the project for full control. Use with caution as it cannot be undone. ```bash yarn eject ``` -------------------------------- ### Backend IPC Handler Examples (JavaScript) Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md Provides examples of backend IPC (Inter-Process Communication) handlers implemented in JavaScript for managing knowledge bases and entries. These handlers interact with asynchronous functions to perform database operations. ```javascript // 获取知识库名称列表 ipcMain.handle("GetKnowledgeBaseNameList", async (e, params) => { return await asyncGetKnowledgeBaseNameList(params) }) // 创建知识库 ipcMain.handle("CreateKnowledgeBase", async (e, params) => { return await asyncCreateKnowledgeBase(params) }) // 搜索知识条目 ipcMain.handle("SearchKnowledgeBaseEntry", async (e, params) => { return await asyncSearchKnowledgeBaseEntry(params) }) ``` -------------------------------- ### Web Fuzzer with Fuzz Tags for Parameter Brute-forcing Source: https://github.com/yaklang/yakit/blob/master/README.md The Web Fuzzer module allows users to send custom HTTP requests. Yakit backend automatically repairs and completes essential data transmission information like CRLF, Content-Type, chunk transfer, boundary, and Content-Length. It supports fuzzing using 'Fuzz tags' for features like Host collision, Intruder, and directory busting. For example, {{int(1-10)}} can generate IDs for single-parameter brute-forcing. It also supports Cartesian product for multi-parameter fuzzing and importing external dictionaries like {{file(/tmp/username.txt)}}. ```Go package main import ( "bytes" "fmt" "io/ioutil" "net/http" "os" "strings" ) // Simulate Fuzz tag processing for demonstration func processFuzzTags(payload string) []string { // In a real scenario, this would parse and generate values based on tags if strings.Contains(payload, "{{int(1-10)}}") { var results []string for i := 1; i <= 10; i++ { results = append(results, strings.Replace(payload, "{{int(1-10)}}", fmt.Sprintf("%d", i), 1)) } return results } return []string{payload} } func main() { url := "http://example.com/api/users" payloadTemplate := `{"id": {{int(1-10)}}, "name": "test"}` generatedPayloads := processFuzzTags(payloadTemplate) for _, payload := range generatedPayloads { req, err := http.NewRequest("POST", url, bytes.NewBuffer([]byte(payload))) if err != nil { fmt.Fprintf(os.Stderr, "Error creating request: %v\n", err) continue } req.Header.Set("Content-Type", "application/json") client := &http.Client{} resp, err := client.Do(req) if err != nil { fmt.Fprintf(os.Stderr, "Error sending request: %v\n", err) continue } defer resp.Body.Close() body, err := ioutil.ReadAll(resp.Body) if err != nil { fmt.Fprintf(os.Stderr, "Error reading response body: %v\n", err) continue } fmt.Printf("Payload: %s, Status: %s, Response: %s\n", payload, resp.Status, string(body)) } } ``` -------------------------------- ### Yakit Teamserver: Local and Remote Modes Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md Yakit supports both local and remote modes for its teamserver. In local mode, it starts a yak grpc server on a random port. In remote mode, users can run 'yak grpc' to start the server on any platform or network location, facilitating distributed security testing. ```Shell # To start Yakit in local mode (default): yak grpc # To start Yakit in remote mode on a remote host: # ssh user@remote_host "yak grpc" # To start Yakit in bridge mode for internal network traversal: yak grpc --bridge ``` -------------------------------- ### Use KnowledgeBaseDemo Component Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md Shows how to use the KnowledgeBaseDemo component for demonstration purposes. This involves importing the demo component and rendering it directly. ```tsx import { KnowledgeBaseDemo } from '@/components/playground/knowlegeBase' function App() { return } ``` -------------------------------- ### Initialize and Configure xterm.js Terminal Source: https://github.com/yaklang/yakit/blob/master/app/main/handlers/openConsoleNewWin/index.html Initializes the xterm.js terminal, loads the FitAddon for automatic resizing, and opens the terminal in the specified DOM element. It also sets up a custom key event handler for copying selected text to the clipboard via IPC. ```javascript const { ipcRenderer } = require('electron') const getLocalValue = async (k, defaultValue) => { try { const result = await ipcRenderer.invoke("fetch-local-cache", k) return result ?? defaultValue } catch { return defaultValue } } getLocalValue("theme", "light").then((t) => { document.documentElement.setAttribute("data-theme", t) }) ipcRenderer.on('xterm-theme', (event, data) => { term.options.theme = data.xtermThemeVars document.body.style.backgroundColor = data.xtermThemeVars.background const terminalDom = document.getElementById("terminal") terminalDom.style.backgroundColor = data.xtermThemeVars.background }) ipcRenderer.on('xterm-data', (event, data) => { term.write(data) }) const term = new window.Terminal({ convertEol: true }) const fitAddon = new window.FitAddon.FitAddon() term.loadAddon(fitAddon) term.open(document.getElementById('terminal')) fitAddon.fit() window.addEventListener('resize', () => fitAddon.fit()) term.attachCustomKeyEventHandler((event) => { if ((event.ctrlKey || event.metaKey) && event.code === "KeyC") { const selection = term.getSelection() if (selection) { ipcRenderer.send('console-terminal-window-copy', selection) return false } } return true }) ``` -------------------------------- ### Use KnowledgeBaseManager Component Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md Demonstrates how to directly use the main KnowledgeBaseManager component within an application. It requires importing the component and rendering it within a container with a defined height. ```tsx import { KnowledgeBaseManager } from '@/components/playground/knowlegeBase' function App() { return (
) } ``` -------------------------------- ### Yakit Fuzz Tag: Parameter Brute-forcing and Dictionary Integration Source: https://github.com/yaklang/yakit/blob/master/README-EN.md Yakit's Web Fuzzer integrates functionalities like Host collision, Intruder, and directory brute-forcing via Fuzz tags. It supports automatic generation of parameter ranges (e.g., {{int(1-10)}}) and Cartesian products for multiple parameters, simplifying brute-forcing compared to BurpSuite's Intruder. It also allows importing external dictionaries (e.g., {{file(/tmp/username.txt)}}) and embedding Yak scripts for dynamic data generation. ```Yakit ## Fuzztag The Web Fuzzer module supports seamless integration of functionalities such as Host collision, Intruder, and directory brute-forcing through Fuzz tags. For example, in a single parameter brute-forcing scenario, let's take the user ID as an example. You can use the {{int(1-10)}} tag to automatically generate a range of IDs for brute-forcing. In scenarios where multiple parameters need to be brute-forced, the Cartesian product of the parameters is used for the brute-forcing. This eliminates the need to select the brute-forcing method and import dictionaries, reducing user operation steps and aligning with user habits compared to BurpSuite's Intruder module. In addition to generating parameters using tags, the Web Fuzzer module also supports importing external dictionaries. For example: {{file(/tmp/username.txt)}}. In more complex data scenarios, the Web Fuzzer module allows the insertion of hot-loaded tags. For example, if you need to brute-force ID numbers from a specific region, you can directly insert Yak scripts in the Web Fuzzer module to generate the data for brute-forcing. In contrast, BurpSuite's Intruder module would require writing code to generate dictionaries and then importing them into the Intruder module. ``` -------------------------------- ### JavaScript Conditional Loading Indicator Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/public/index.html Checks if the current window is a child window by examining the URL query parameters. If it is, it dynamically injects HTML for a loading message and spinner. ```javascript // 判断是否子窗口 const isChild = window.location.search.includes('window=child') if (isChild) { document.write(`
正在加载中
`); } ``` -------------------------------- ### KnowledgeBaseEntry Interface Definition Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md Defines the TypeScript interface for a knowledge base entry, encompassing details such as ID, title, content, keywords, importance score, and source information. ```typescript interface KnowledgeBaseEntry { ID: number KnowledgeBaseId: number KnowledgeTitle: string KnowledgeType: string ImportanceScore: number // 1-10的重要度评分 Keywords: string[] // 关键词数组 KnowledgeDetails: string // 详细内容 Summary: string // 摘要 SourcePage: number // 源页码 PotentialQuestions: string[] // 潜在问题数组 PotentialQuestionsVector: number[] // 问题向量(后端生成) CreatedAt?: string UpdatedAt?: string } ``` -------------------------------- ### Generate ERM Diagram with @viz-js/viz Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/entityRepository/README.md This snippet demonstrates how to generate an ERM diagram by converting DOT code to SVG format using the @viz-js/viz library. It supports specifying entity IDs and depth parameters, and allows switching between SVG and DOT code views. ```javascript import { Viz } from '@viz-js/viz'; const viz = new Viz(); // Example DOT code const dotCode = ` digraph G { A -> B; B -> C; } `; // Convert DOT to SVG const svgElement = viz.renderSVGElement(dotCode); // Append to the DOM or display document.body.appendChild(svgElement); // To get the SVG string: const svgString = viz.renderSVGElement(dotCode).outerHTML; ``` -------------------------------- ### KnowledgeBase Interface Definition Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/components/playground/knowlegeBase/README.md Defines the TypeScript interface for a knowledge base, including properties like ID, name, description, type, and timestamps. ```typescript interface KnowledgeBase { Id: number KnowledgeBaseName: string KnowledgeBaseDescription: string KnowledgeBaseType: string CreatedAt?: string UpdatedAt?: string } ``` -------------------------------- ### Yakit MITM Console: Interactive Hijacking Source: https://github.com/yaklang/yakit/blob/master/README-EN.md The MITM Console in Yakit allows for full replacement of tools like BurpSuite, enabling certificate management, request/response hijacking, and packet editing. It supports a streamlined workflow with hijacking, history tracking, and integration with Repeater and Intruder. Features include Gzip decoding, chunk processing, and human-readable request display for modification and replay. ```Yakit ## MITM Interactive Hijacking The MITM (Man-in-the-Middle) Console in Yakit can fully replace BurpSuite and perform all operations, including downloading and installing certificates, hijacking requests and responses, and editing intercepted packets. It provides a smooth workflow that involves hijacking, history tracking, and using tools like Repeater and Intruder. Users can intercept data, view historical data in the history section, select packets for further analysis, and send them to the Web Fuzzer for Repeater or Intruder operations. In addition to these typical use cases, the MITM module in Yakit offers more flexible features such as plugin-based passive scanning, hot reloading, packet substitution, and tagging. The underlying principle of Yakit's MITM module is to start an HTTP proxy that automatically forwards traffic. When a user initiates a manual hijack, the automatic forwarding is stopped, and the request is blocked and popped out of the stack. The module then performs tasks such as Gzip decoding, chunk processing, and decoding to make the request human-readable, which is then displayed to the user. Users can view, modify, or replay requests as needed. During replay, the Yakit engine repairs the user-constructed HTTP request to ensure its validity. Yak's engine has a custom-built HTTP library, allowing users to customize malformed requests and responses, which can be useful in exploiting vulnerabilities in specific scenarios. ``` -------------------------------- ### Yakit Client: gRPC Server for Yak Language Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md Yakit is a client-side tool developed using the Yak language, featuring a gRPC server to lower the barrier to entry for using Yak's security capabilities. It provides a GUI interface for easier interaction and aims to offer an alternative to tools like Burpsuite. ```Go package main import ( "context" "fmt" "log" "net" "google.golang.org/grpc" "yak/proto/yakitpb" ) type server struct { yakitpb.UnimplementedYakitServer } func (s *server) InterceptRequest(ctx context.Context, req *yakitpb.InterceptRequest) (*yakitpb.InterceptResponse, error) { log.Printf("Received request: %v", req) // Process request, modify if needed return &yakitpb.InterceptResponse{ModifiedRequest: req.GetRequest()}, nil } func main() { lis, err := net.Listen("tcp", ":50051") if err != nil { log.Fatalf("failed to listen: %v", err) } ss := grpc.NewServer() yakitpb.RegisterYakitServer(ss, &server{}) if err := ss.Serve(lis); err != nil { log.Fatalf("failed to serve: %v", err) } } ``` -------------------------------- ### Yakit Plugin System: Yak-based Extensibility Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md Yakit features a powerful plugin system where core logic is implemented in the Yak language. This allows for rapid development and integration of new security capabilities, with the ability to interact with the GUI. Developers can create custom detection abilities using Yak or YAML. ```Yak // Example of a Yak plugin for vulnerability detection package main import ( "fmt" "yak/core" "yak/http" "yak/nuclei" ) func main() { // Register a new plugin core.RegisterPlugin("weblogic-scan", func(target string) { fmt.Printf("Scanning %s for WebLogic vulnerabilities...\n", target) // Use nuclei integration for vulnerability scanning results, err := nuclei.Scan(target, "weblogic") if err != nil { fmt.Printf("Nuclei scan failed: %v\n", err) return } fmt.Println("Vulnerability scan results:") for _, result := range results { fmt.Printf("- %s: %s\n", result.TemplateID, result.Name) } // Example of interacting with HTTP module resp, err := http.Get(target + "/console/login.portal") if err == nil && resp.StatusCode == 200 { fmt.Println("WebLogic console is accessible.") } }) } ``` -------------------------------- ### Integrating Yaklang Scripts for Dynamic Traffic Debugging Source: https://github.com/yaklang/yakit/blob/master/README.md Yakit allows embedding Yaklang scripts to dynamically debug traffic. This enables users to execute custom code at various stages of the penetration testing process. The platform's gRPC server facilitates the execution of these scripts, allowing for real-time manipulation and analysis of network traffic. ```Yak // Example Yaklang script for traffic manipulation def handle_request(request) { // Modify request headers or body request.headers["X-Yak-Debug"] = "enabled" request.body = request.body + "\n// Injected by Yaklang script" return request } def handle_response(response) { // Analyze or modify response if response.status_code == 200 { print("Successful response received.") } return response } // This script would be loaded and executed by the Yakit client // through its gRPC interface. ``` -------------------------------- ### Yak Language: Network Security Domain-Specific Language Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md Yak is an open-source, domain-specific language for network security, developed by engineers with extensive cybersecurity experience. It combines Golang's concurrency, Python's simple syntax, and scripting capabilities, with native network security functions like port scanning and service fingerprinting. It is Turing-complete and easy to learn. ```Yak package main import ( "fmt" "yak/net/port" "yak/net/finger" ) func main() { // Example: Port scanning ports, err := port.Scan("127.0.0.1", "22-443") if err != nil { fmt.Println("Error scanning ports:", err) } else { fmt.Println("Open ports:", ports) } // Example: Service fingerprinting fingerprint, err := finger.Scan("127.0.0.1", 80) if err != nil { fmt.Println("Error fingerprinting service:", err) } else { fmt.Println("Service fingerprint:", fingerprint) } } ``` -------------------------------- ### Yakit Reverse Shell Source: https://github.com/yaklang/yakit/blob/master/README-EN.md Listens on a specified port for incoming reverse shells, providing a user-friendly experience similar to SSH for controlling remote servers. ```Yakit package main import ( "fmt" "net" ) func main() { port := ":4444" listener, err := net.Listen("tcp", port) if err != nil { fmt.Printf("Error listening on port %s: %v\n", port, err) return } defer listener.Close() fmt.Printf("Listening for reverse shells on port %s\n", port) for { conn, err := listener.Accept() if err != nil { fmt.Printf("Error accepting connection: %v\n", err) continue } go handleConnection(conn) } } func handleConnection(conn net.Conn) { defer conn.Close() fmt.Printf("Received connection from %s\n", conn.RemoteAddr()) // In a real scenario, you would implement shell interaction here // For example, reading commands and writing output // Example: Send a welcome message _, err := conn.Write([]byte("Welcome to the Yakit reverse shell!\n")) if err != nil { fmt.Printf("Error sending welcome message: %v\n", err) return } // Keep the connection open until closed by the client or an error occurs buffer := make([]byte, 1024) for { n, err := conn.Read(buffer) if err != nil { fmt.Printf("Error reading from connection: %v\n", err) break } fmt.Printf("Received command: %s\n", string(buffer[:n])) // Process command and send response } } ``` -------------------------------- ### CSS Loading Spinner Animation Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/public/index.html Defines the styles for the loading indicator container and the animated spinner element. It includes keyframes for a continuous rotation effect. ```css html, body { height: 100vh; margin: 0; padding: 0; } #initial-loading { display: flex; align-items: center; justify-content: center; height: 100vh; background: var(--yakit-colors-Neutral-0); } #initial-loading span { margin-right: 10px; font-size: 24px; color: var(--yakit-colors-Neutral-80); } #initial-loading .initial-spinner { width: 20px; height: 20px; border: 2px solid var(--yakit-colors-Neutral-40); border-top: 2px solid var(--yakit-colors-Neutral-80); border-radius: 50%; animation: initial-spinner 0.8s linear infinite; box-sizing: border-box; } @keyframes initial-spinner { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } ``` -------------------------------- ### Terminal Styling Source: https://github.com/yaklang/yakit/blob/master/app/main/handlers/openConsoleNewWin/index.html Applies basic styling to the terminal and its container to ensure it occupies the full viewport and handles overflow correctly. ```css html, body { height: 100%; margin: 0; overflow: hidden; } #terminal { width: 100vw; height: 100vh; } ``` -------------------------------- ### Yakit Web Fuzzer: Traffic Replay and Fuzz Testing Source: https://github.com/yaklang/yakit/blob/master/README-EN.md The Web Fuzzer module in Yakit enables user-defined HTTP raw request sending with backend support for repairing and completing necessary information. It automatically fixes CRLF, Content-Type, handles chunked transfer encoding, adds boundaries, and corrects Content-Length, allowing users to focus on data manipulation. ```Yakit ## Web Application Interactive Traffic Replay and Fuzz Testing. The Web Fuzzer module supports user-defined HTTP raw request sending. To make it user-friendly and intuitive, Yakit's backend performs several tasks. It ensures that the necessary information for data transmission and parsing in the HTTP raw request is repaired and completed. For example, Yakit fixes CRLF, completes the Content-Type, handles chunked transfer encoding, adds the missing boundary, corrects the Content-Length, and so on. This allows users to focus on the data-related information without worrying about the underlying intricacies of the HTTP protocol. ``` -------------------------------- ### MITM Traffic Interception and Modification Source: https://github.com/yaklang/yakit/blob/master/README.md Yakit's MITM module acts as an HTTP proxy to intercept, block, and modify traffic. It processes requests by decompressing Gzip, handling chunks, and decoding data for readability. Users can view, modify, or replay requests, with Yak engine automatically repairing HTTP packets for validity. It supports custom malformed requests and responses for specific vulnerability exploitation scenarios. ```Go package main import ( "fmt" "net/http" "net/http/httputil" "os" ) func main() { proxy := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { fmt.Printf("Intercepted request: %s %s\n", r.Method, r.URL.String()) // Example: Modify a request header r.Header.Set("X-Intercepted-By", "Yakit") // Forward the request to the original destination proxy := httputil.NewSingleHostReverseProxy(r.URL) proxy.ServeHTTP(w, r) }) server := &http.Server{ Addr: ":8080", Handler: proxy, } fmt.Println("Starting MITM proxy on :8080") if err := server.ListenAndServe(); err != nil { fmt.Fprintf(os.Stderr, "Error starting proxy: %v\n", err) os.Exit(1) } } ``` -------------------------------- ### Yakit Native Java Deserialization Support Source: https://github.com/yaklang/yakit/blob/master/README_LEGACY.md Yakit provides native support for Java deserialization protocols, eliminating the need for external tools like ysoserial and Java environments. This allows users to easily generate payloads and test for Java deserialization vulnerabilities directly within Yak scripts. ```Yak package main import ( "fmt" "yak/java/deserialization" ) func main() { // Example: Generate a payload for a specific gadget chain payload, err := deserialization.GeneratePayload("commons-collections4", "org.apache.commons.collections4.functors.InvokerTransformer", "Runtime.exec", "calc.exe") if err != nil { fmt.Println("Error generating payload:", err) } else { fmt.Println("Generated payload:", payload) // Send payload to target... } } ``` -------------------------------- ### Define Event Bus Types in eventBus.tsx Source: https://github.com/yaklang/yakit/blob/master/app/renderer/src/main/src/utils/eventBus/index.md This snippet demonstrates how to define event bus types within the eventBus.tsx file. It involves adding signal source definitions to the Events array and checking for naming conflicts. ```typescript // The following code blocks are all within the eventBus.tsx file // Find the eventBus.tsx file // Find the type Events = [...] line, and sequentially add the defined signal source names to the array // If the following code shows a red wavy line error after import, it means there is a naming conflict with the imported signal source, please check and adjust the name let checkVal: CheckVal = true ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.