yaklang

module
v1.3.0-sp1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 12, 2024 License: AGPL-3.0

README

为网络安全而生的领域编程语言

快速开始官方文档问题反馈接口手册贡献代码加入社区项目架构

:book:语言选择: English中文


CDSL-Yakang 简介

CDSL:Cybersecurity Domain Specific Language,全称网络安全领域编程语言。

Yaklang 团队综合“领域限定语言”的思想,构建了CDSL的概念,并以此为核心构建了Yak(又称Yaklang)语言来构建基础设施和语言生态。

Yak 是一门针对网络安全领域研发的易书写,易分发的高级计算机编程语言。Yak具备强类型、动态类型的经典类型特征,兼具编译字节码和解释执行的运行时特征。

Yak语言的运行时环境只依赖于YakVM,可以实现“一次编写,处处运行”的特性,只要有YakVM部署的环境,都可以快速执行Yak语言程序。

yaklang-cdsl.png

Yak语言起初只作为一个“嵌入式语言”在宿主程序中存在,后在电子科技大学网络空间安全学院学术指导下,由 Yaklang.io 研发团队进行长达两年的迭代与改造,实现了YakVM虚拟机让语言可以脱离“宿主语言”独立运行,并与2023年完全开源。 支持目前主流操作系统:macOS,Linux,Windows。

Yaklang 的优势

基于CDSL概念构建的网络安全领域编程语言Yak,具备了几乎DSL所有的优势,它被设计为针对安全能力研发领域的专用编程语言,实现了常见的大多数安全能力,可以让各种各样的安全能力彼此之间“互补,融合,进化”;提高安全从业人员的生产力。

CDSL在网络安全领域提供的能力具备很多优势:

  • 简洁性:使用CDSL构建的安全产品更能实现业务和能力的分离,并且解决方案更加直观;

  • 易用性:非专业的人员也可以使用CDSL构建安全产品,而避免安全产品工程化中的信息差;

  • 灵活性:CDSL一般被设计为单独使用和嵌入式使用均可,用户可以根据自己的需求去编写DSL脚本以实现特定的策略和检测规则,这往往更能把用户的思路展示出来,而不必受到冗杂知识的制约;

除此之外,作为一门专门为网络安全研发设计的语言,Yak语言除了满足一些基础的语言本身需要具备的特性之外,还具有很多特殊功能,可以帮助用户快速构建网络安全应用:

  1. 中间人劫持库函数

  2. 复杂端口扫描和服务指纹识别

  3. 网络安全领域的加解密库

  4. 支持中国商用密码体系:支持SM2椭圆曲线公钥密码算法,SM4分组密码算法,SM3密码杂凑算法等

yaklang-fix.jpg

项目架构

yaklang-architecture

快速开始

  • 通过 Yakit 来使用 Yaklang

Yakit (https://github.com/yaklang/yakit) 是 Yaklang.io 团队官方出品的开源 Yaklang IDE,它可以帮助你快速上手 Yaklang 语言。

同时 Yakit 也能将绝大部分安全工程师需要的核心功能图形化。他是免费的,你可以通过 下载安装 Yakit,来开始使用 Yaklang。

关于Yakit的更多内容可移步:Yakit官网文档查看

  • 通过命令行来安装使用

通过命令行来安装使用 Yaklang 请遵循:https://www.yaklang.com/https://www.yaklang.io/ 的指引,或直接执行

MacOS / Linux
bash <(curl -sS -L http://oss.yaklang.io/install-latest-yak.sh)
Windows
powershell (new-object System.Net.WebClient).DownloadFile('https://yaklang.oss-cn-beijing.aliyuncs.com/yak/latest/yak_windows_amd64.exe','yak_windows_amd64.exe') && yak_windows_amd64.exe install && del /f yak_windows_amd64.exe

社区

  1. 你可以在 Yaklang 或者Yakit 的 issues 中添加你想讨论的内容或者你想表达的东西,英文或中文均可,我们会尽快回复
  2. 国内用户可以添加运营 WeChat 加入群组

yaklang-wechat.jpg

  1. 国际用户可以使用 Discord 加入社区

贡献你的代码

这是一个高级话题,在贡献你的代码之前,确保你对 Yaklang 整个项目结构有所了解。

在贡献代码时,如果你希望修改 Yaklang 或 YakVM 本身的核心语法部分,最好与研发团队取得联系。

如果您仅仅想要增加库的功能,或者修复一些库的 Bug,那么您可以直接提交 PR,当然 PR 中最好包含对应的单元测试,这很有助于提升我们的代码质量。

项目成员

Maintainer

v1ll4n: Yak Project Maintainer.

yaklang 核心开发者 / Active yaklang core developers
  1. z3
  2. Longlone
  3. Go0p
  4. Matrix-Cain
  5. bcy2007
  6. naiquan
  7. Rookie-is
  8. wlingze

开源许可证

本仓库代码版本使用 AGPL 开源协议,这是一个严格的开源协议,且具有传染性,如果您使用了本仓库的代码,那么您的代码也必须开源。

  1. 强制开源网络服务:要求提供网络服务的源代码必须开源。保证开源理念在网络环境下的实践。
  2. 其他条款与 GPL 相同:开源免费、开源修改、衍生开源等。

本项目开源仓库仅应该作为个人开源和学习使用。

鸣谢

本项目经由电子科技大学张小松(网络空间安全学院)教授学术指导。

基础理论学科
  1. Alonzo Church, "A set of postulates for the foundation of logic", Annals of Mathematics, 33(2), 346-366, 1932.
  2. Dana Scott, Christopher Strachey, "Toward a mathematical semantics for computer languages", Proceedings of the Symposium on Computers and Automata, Microwave Research Institute Symposia Series Vol. 21, New York, 1971.
  3. Henk Barendregt, Wil Dekkers, Richard Statman, lambda Calculus with Types, Perspectives in Logic. Cambridge University Press, 2013.
  4. Braun, M., Buchwald, S., Hack, S., Leißa, R., Mallon, C., Zwinkau, A. (2013). Simple and Efficient Construction of Static Single Assignment Form. In: Jhala, R., De Bosschere, K. (eds) Compiler Construction. CC 2013. Lecture Notes in Computer Science, vol 7791. Springer, Berlin, Heidelberg.
工程技术
  1. Terence Parr, "The Definitive ANTLR 4 Reference", Pragmatic Bookshelf, 2013.
  2. Terence Parr, "Simplifying Complex Networks Using Temporal Pattern Mining: The Case of AT&T's Observed Data Network", Dissertation, 1995.
  3. Terence Parr, Russell Quong, "ANTLR: A Predicated-LL(k) Parser Generator", Journal of Software Practice and Experience, July 1995.
  4. Google Ins, "Protocol Buffers", https://developers.google.com/protocol-buffers, 2020.
  5. Google Ins, "gRPC", https://grpc.io/, 2020.
  6. Microsoft Ins, "Monaco Editor", https://microsoft.github.io/monaco-editor/, 2020.

Star History

Star History Chart

Directories

Path Synopsis
common
crawlerx
Package crawlerx @Author bcy2007 2023/7/13 11:10
Package crawlerx @Author bcy2007 2023/7/13 11:10
crawlerx/cmd
Package cmd @Author bcy2007 2023/7/14 11:11
Package cmd @Author bcy2007 2023/7/14 11:11
crawlerx/tools
Package tools @Author bcy2007 2023/7/12 16:40
Package tools @Author bcy2007 2023/7/12 16:40
crawlerx/tools/config
Package config https://github.com/unknwon/goconfig
Package config https://github.com/unknwon/goconfig
cuckoo
Package cuckoo ...
Package cuckoo ...
cve
fp
geo
Package geoip2 provides an easy-to-use API for the MaxMind GeoIP2 and GeoLite2 databases; this package does not support GeoIP Legacy databases.
Package geoip2 provides an easy-to-use API for the MaxMind GeoIP2 and GeoLite2 databases; this package does not support GeoIP Legacy databases.
gmsm/gmtls
add sm2 support
add sm2 support
gmsm/gmtls/gmcredentials/echo
Package echo is a generated protocol buffer package.
Package echo is a generated protocol buffer package.
gmsm/pkcs12
Package go-pkcs12 implements some of PKCS#12.
Package go-pkcs12 implements some of PKCS#12.
gmsm/x509
crypto/x509 add sm2 support
crypto/x509 add sm2 support
ja3
javascript/otto
Package otto is a JavaScript parser and interpreter written natively in Go.
Package otto is a JavaScript parser and interpreter written natively in Go.
javascript/otto/ast
Package ast declares types representing a JavaScript AST.
Package ast declares types representing a JavaScript AST.
javascript/otto/dbg
Package dbg is a println/printf/log-debugging utility library.
Package dbg is a println/printf/log-debugging utility library.
javascript/otto/file
Package file encapsulates the file abstractions used by the ast & parser.
Package file encapsulates the file abstractions used by the ast & parser.
javascript/otto/parser
Package parser implements a parser for JavaScript.
Package parser implements a parser for JavaScript.
javascript/otto/registry
Package registry is an expirmental package to facillitate altering the otto runtime via import.
Package registry is an expirmental package to facillitate altering the otto runtime via import.
javascript/otto/token
Package token defines constants representing the lexical tokens of JavaScript (ECMA5).
Package token defines constants representing the lexical tokens of JavaScript (ECMA5).
jsonpath
Package jsonpath implements Stefan Goener's JSONPath http://goessner.net/articles/JsonPath/
Package jsonpath implements Stefan Goener's JSONPath http://goessner.net/articles/JsonPath/
log
minimartian
Package martian provides an HTTP/1.1 proxy with an API for configurable request and response modifiers.
Package martian provides an HTTP/1.1 proxy with an API for configurable request and response modifiers.
minimartian/fifo
Package fifo provides Group, which is a list of modifiers that are executed consecutively.
Package fifo provides Group, which is a list of modifiers that are executed consecutively.
minimartian/h2
Package h2 contains basic HTTP/2 handling for Martian.
Package h2 contains basic HTTP/2 handling for Martian.
minimartian/h2/grpc
Package grpc contains gRPC functionality for Martian proxy.
Package grpc contains gRPC functionality for Martian proxy.
minimartian/mitm
Package mitm provides tooling for MITMing TLS connections.
Package mitm provides tooling for MITMing TLS connections.
minimartian/proxyutil
Package proxyutil provides functionality for building proxies.
Package proxyutil provides functionality for building proxies.
mq
openapi/openapi2
Package openapi2 parses and writes OpenAPIv2 specification documents.
Package openapi2 parses and writes OpenAPIv2 specification documents.
openapi/openapi3
Package openapi3 parses and writes OpenAPI 3 specification documents.
Package openapi3 parses and writes OpenAPI 3 specification documents.
rpa
s5
sca
simulator
Package simulator @Author bcy2007 2023/8/17 16:17
Package simulator @Author bcy2007 2023/8/17 16:17
t3
twofa
Package dgoogauth implements the one-time password algorithms supported by Google Authenticator This package supports the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
Package dgoogauth implements the one-time password algorithms supported by Google Authenticator This package supports the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
utils
Package bytefmt contains helper methods and constants for converting to and from a human-readable byte format.
Package bytefmt contains helper methods and constants for converting to and from a human-readable byte format.
main.go
rfb.go
utils/htmlquery
Package htmlquery provides extract data from HTML documents using XPath expression.
Package htmlquery provides extract data from HTML documents using XPath expression.
utils/netutil/netroute
Originally found in https://github.com/google/gopacket/blob/master/routing/routing.go
Originally found in https://github.com/google/gopacket/blob/master/routing/routing.go
utils/spacengine/go-shodan
Package shodan is an interface for the Shodan API
Package shodan is an interface for the Shodan API
utils/tlsutils/go-pkcs12
Package pkcs12 implements some of PKCS#12 (also known as P12 or PFX).
Package pkcs12 implements some of PKCS#12 (also known as P12 or PFX).
utils/tlsutils/go-pkcs12/rc2
Package rc2 implements the RC2 cipher
Package rc2 implements the RC2 cipher
wsm
yak
yso

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL