admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
gh0stkey
2025-03-05 11:21:25 +08:00
parent c5de042b4b
commit 116aec0848
2 changed files with 168 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
README.md
View File

@@ -1,98 +1,87 @@
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://gh0st.cn/HaE/">赋能白帽,高效作战!</a></h4>
<h5>第一作者 <a href="https://github.com/gh0stkey">EvilChen</a>中孚信息元亨实验室)<br>第二作者 <a href="https://github.com/0chencc">0chencc</a>米斯特安全团队)<br>第三作者 <a href="https://github.com/vaycore">vaycore</a>独立安全研究员</h5>
<h4><a href="https://gh0st.cn/HaE/">Empower ethical hacker for efficient operations.</a></h4>
<h5>First Author: <a href="https://github.com/gh0stkey">EvilChen</a>Zhongfu Information Yuanheng Laboratory<br>Second Author <a href="https://github.com/0chencc">0chencc</a>Mystery Security Team<br>Third Author <a href="https://github.com/vaycore">vaycore</a>Independent Security Researcher</h5>
</div>
## 项目介绍
## Project Introduction
**HaE**是一款**网络安全(数据安全)领域**下的框架式项目,采用了**乐高积木式**模块化设计理念实现对HTTP消息包含WebSocket精细化的标记和提取。
**HaE** is a framework-style project in the field of **cybersecurity (data security)**, adopting a **Lego brick-style** modular design philosophy to achieve fine-grained tagging and extraction of HTTP messages (including WebSocket).
通过运用**多引擎**的自定义正则表达式HaE能够准确匹配并处理HTTP请求与响应报文包含WebSocket对匹配成功的内容进行有效的标记和信息抽取从而提升网络安全数据安全领域下的**漏洞和数据分析效率**。
By utilizing **multi-engine** customized regular expressions, HaE can accurately match and process HTTP requests and response messages (including WebSocket), effectively tagging and extracting information from successfully matched content. This enhances the **efficiency of vulnerability and data analysis** in the field of cybersecurity (data security).
> 随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**
> With the adoption of front-end and back-end separation development models in modern web applications, the amount of captured HTTP request traffic during routine vulnerability discovery has correspondingly increased. Fully assessing a web application often requires spending considerable time on irrelevant messages. **The emergence of HaE aims to address such situations**, by using HaE, you can **effectively reduce** testing time, focusing more effort on **valuable and meaningful** messages, thus **improving the efficiency of vulnerability discovery**.
GitHub项目地址:https://github.com/gh0stkey/HaE
GitHub project address: https://github.com/gh0stkey/HaE
GitCode项目地址:https://gitcode.com/gh0stkey/HaE
GitCode project address: https://gitcode.net/gh0stkey/HaE
**所获荣誉**:
**Awards and Recognitions**:
1. [入选2022KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
2. [入选GitCode G-Star项目](https://gitcode.com/gh0stkey/HaE)
1. [Selected for the 2022 KCon Arsenal](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
2. [Recognized as a GitCode G-Star Project](https://gitcode.net/gh0stkey/HaE)
**注意事项**:
**Notes and Precautions**:
1. HaE 3.0版本开始采用`Montoya API`进行开发使用新版HaE需要升级你的BurpSuite版本>=2023.12.1)。
2. HaE 2.6版本后对规则字段进行了更新,因此无法适配<=2.6版本的规则,请用户自行前往[规则转换页面](https://gh0st.cn/HaE/ConversionRule.html)进行转换。
3. 自定义HaE规则必须用左右括号`()`将所需提取的表达式内容包含,例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`在HaE的规则中就需要变成`(rememberMe=delete)`
1. Starting with HaE version 3.0, development is done using the `Montoya API`. To use the new version of HaE, you need to upgrade your BurpSuite version (>=2023.12.1).
2. After HaE version 2.6, the rule fields have been updated, so they are not compatible with rules from versions <=2.6. Users should visit the [Rule Conversion Page](https://gh0st.cn/HaE/ConversionRule.html) to convert their rules.
3. Custom HaE rules must enclose the expressions to be extracted within parentheses `()`. For example, if you want to match a response message from a **Shiro application**, the normal matching rule would be `rememberMe=delete`, but in HaE's rule format, it needs to be written as `(rememberMe=delete)`.
## 使用方法
### Rule Definitions
插件装载: `Extender - Extensions - Add - Select File - Next`
Currently, HaE rules consist of 8 fields, with detailed meanings as follows:
初次装载`HaE`会从Jar包中加载离线的规则库如果更新可以点击`Reinit`进行重新初始化。内置规则库地址可以在Github上找到`https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml`
| Field | Meaning |
| --------- | ------------------------------------------------------------ |
| Name | Rule name, primarily used to briefly summarize the purpose of the current rule. |
| F-Regex | Rule regex, mainly used for entering regular expressions. In HaE, any content that needs to be extracted and matched should be enclosed within `(` and `)`. |
| S-Regex | Rule regex, with the same usage as F-Regex. S-Regex is a secondary regex, which can be used for further matching and extraction from the data results matched by F-Regex. Can be left empty if not needed. |
| Format | Formatted output; in NFA engine regular expressions, we can use `{0}`, `{1}`, `{2}`... to format and output captured groups. By default, using `{0}` is sufficient. |
| Scope | Rule scope, indicating which part of the HTTP message the current rule applies to. Supports request/response lines, headers, bodies, and complete messages. |
| Engine | Regex engine, indicating which engine the current rule's regular expression uses. **DFA engine**: scans each character in the text string only once, fast speed, fewer features; **NFA engine**: repeatedly marks and unmarks characters, slower but richer features (e.g., grouping, replacement, splitting). |
| Color | Match color, indicating the highlight color to mark when the current rule matches the corresponding HTTP message. HaE has a color upgrade algorithm that automatically upgrades the marking color when the same color appears. |
| Sensitive | Case sensitivity, indicating whether the current rule is case-sensitive. If sensitive (`True`), it strictly matches the case; if insensitive (`False`), it does not consider case differences. |
配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下:
## Key Features and Advantages
1. Linux/Mac用户的配置文件目录`~/.config/HaE/`
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
1. **Functionality**: By highlighting, annotating, and extracting information from HTTP messages, it helps users obtain meaningful insights, **focusing on high-value messages**.
2. **Interface**: With a clear and visually intuitive design, and **simple interface interactions**, users can more easily understand and configure the project, **avoiding the complexity of a `multitude of buttons`**.
3. **Query**: Highlights, annotations, and extracted information from HTTP messages are **centralized in a single data panel**, allowing for one-click queries and extraction of information, thereby improving testing and analysis efficiency.
4. **Algorithm**: Built-in color upgrade algorithm automatically upgrades the marking color by one level when the same color appears, **preventing the scenario where `the dragon slayer becomes the dragon`**.
5. **Management**: **Integrated with BurpSuite's project data management**, HaE data is stored along with BurpSuite project data when saving projects.
6. **Practical Application**: The official rule library and rule field functionalities are **summarized and output based on real-world scenarios**, **thereby enhancing the effectiveness and accuracy of data discovery**.
除此之外,您也可以选择将配置文件存放在`HaE Jar包`的同级目录下的`/.config/HaE/`中,**以便于离线携带**。
### 规则释义
HaE目前的规则一共有8个字段详细的含义如下所示
| 字段 | 含义 |
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Name | 规则名称,主要用于简短概括当前规则的作用。 |
| F-Regex | 规则正则主要用于填写正则表达式。在HaE中所需提取匹配的内容需要用`(``)`将正则表达式进行包裹。|
| S-Regex | 规则正则作用及使用同F-Regex。S-Regex为二次正则可以用于对F-Regex匹配的数据结果进行二次的匹配提取如不需要的情况下可以留空。|
| Format | 格式化输出在NFA引擎的正则表达式中我们可以通过`{0}``{1}``{2}`…的方式进行取分组格式化输出。默认情况下使用`{0}`即可。 |
| Scope | 规则作用域主要用于表示当前规则作用于HTTP报文的哪个部分。支持请求、响应的行、头、体以及完整的报文。 |
| Engine | 正则引擎,主要用于表示当前规则的正则表达式所使用的引擎。**DFA引擎**:对于文本串里的每一个字符只需扫描一次,速度快、特性少;**NFA引擎**:要翻来覆去标注字符、取消标注字符,速度慢,但是特性(如:分组、替换、分割)丰富。 |
| Color | 规则匹配颜色主要用于表示当前规则匹配到对应HTTP报文时所需标记的高亮颜色。在HaE中具备颜色升级算法当出现相同颜色时会自动向上升级一个颜色进行标记。 |
| Sensitive | 规则敏感性,主要用于表示当前规则对于大小写字母是否敏感,敏感(`True`)则严格按照大小写要求匹配,不敏感(`False`)则反之。 |
## 优势特点
1. **功能**通过对HTTP报文的颜色高亮、注释和提取帮助使用者获取有意义的信息**聚焦高价值报文**。
2. **界面**:清晰可视的界面设计,以及**简洁的界面交互**,帮助使用者更轻松的了解和配置项目,**避免`多按钮`式的复杂体验**。
3. **查询**将HTTP报文的高亮、注释和提取到的相关信息**集中在一个数据面板**,可以一键查询、提取信息,从而提高测试和梳理效率。
4. **算法**:内置高亮颜色的升级算法,当出现相同颜色时**会自动向上升级一个颜色**进行标记,**避免`屠龙者终成恶龙`场景**。
5. **管理****融入BurpSuite的项目数据管理**当使用BurpSuite进行项目存储时HaE数据也会一并存储。
6. **实战**:官方规则库和规则字段作用功能,都是**基于实战化场景总结输出**的,**以此提高数据的有效性、精准性发现**。
| 界面名称 | 界面展示 |
| Name | Display |
| ------------------------ | ---------------------------------------------------- |
| Rules(规则管理) | <img src="images/rules.png" style="width: 80%" /> |
| Config(配置管理) | <img src="images/config.png" style="width: 80%" /> |
| Databoard(数据集合) | <img src="images/databoard.png" style="width: 80%" /> |
| MarkInfo(数据展示) | <img src="images/markinfo.png" style="width: 80%" /> |
| Rules | <img src="images/rules.png" style="width: 80%" /> |
| Config | <img src="images/config.png" style="width: 80%" /> |
| Databoard | <img src="images/databoard.png" style="width: 80%" /> |
| MarkInfo | <img src="images/markinfo.png" style="width: 80%" /> |
## 赞赏榜单
## Appreciation List
感谢各位对项目的赞赏,以下名单基于赞赏时间进行排序,不分先后,如有遗留可联系项目作者进行补充。
We appreciate everyone's support for the project. The following list is sorted based on the time of appreciation and is not in any particular order. If there are any omissions, please contact the project author for additions.
| ID | 金额 |
| ID | Amount |
| -------- | -------- |
| 毁三观大人 | 200.00 |
| ttt | 50.00 |
| C_soon5 | 66.66 |
| 1wtbb | 25.00 |
| Deep | 66.66 |
| NaTsUk0 | 50.00 |
| Kite | 48.00 |
| 红色键盘 | 99.99 |
| 曾哥 | 188.88 |
| vaycore | 188.88元 |
| xccc | 168.00元 |
| 柯林斯-民间新秀 | 1000.00 |
| 毁三观大人 | 200.00¥ |
| ttt | 50.00¥ |
| C_soon5 | 66.66¥ |
| 1wtbb | 25.00¥ |
| Deep | 66.66¥ |
| NaTsUk0 | 50.00¥ |
| Kite | 48.00¥ |
| 红色键盘 | 99.99¥ |
| 曾哥 | 188.88¥ |
| NOP Team | 200.00¥ |
| vaycore | 188.88¥ |
| xccc | 168.00¥ |
| 柯林斯-民间新秀 | 1000.00¥ |
| Cuber | 100.00¥ |
## 支持项目
## Support the Project
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
If you find HaE useful, you can show your appreciation by donating to the author, giving them the motivation to continue updating and improving it!
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
@@ -102,6 +91,6 @@ HaE目前的规则一共有8个字段详细的含义如下所示
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
`HaE` 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
`HaE` is part of the 404Team's [Starlink Plan 2.0](https://github.com/knownsec/404StarLink2.0-Galaxy). If you have any questions about `HaE` or want to connect with other users, you can refer to the group joining methods provided by the Starlink Plan.
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

109
README_CN.md Normal file
View File

@@ -0,0 +1,109 @@
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://gh0st.cn/HaE/">赋能白帽,高效作战!</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a>(中孚信息元亨实验室)<br>第二作者: <a href="https://github.com/0chencc">0chencc</a>(米斯特安全团队)<br>第三作者: <a href="https://github.com/vaycore">vaycore</a>(独立安全研究员)</h5>
</div>
## 项目介绍
**HaE**是一款**网络安全(数据安全)领域**下的框架式项目,采用了**乐高积木式**模块化设计理念实现对HTTP消息包含WebSocket精细化的标记和提取。
通过运用**多引擎**的自定义正则表达式HaE能够准确匹配并处理HTTP请求与响应报文包含WebSocket对匹配成功的内容进行有效的标记和信息抽取从而提升网络安全数据安全领域下的**漏洞和数据分析效率**。
> 随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
GitHub项目地址https://github.com/gh0stkey/HaE
GitCode项目地址https://gitcode.com/gh0stkey/HaE
**所获荣誉**:
1. [入选2022年KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
2. [入选GitCode G-Star项目](https://gitcode.com/gh0stkey/HaE)
**注意事项**:
1. HaE 3.0版本开始采用`Montoya API`进行开发使用新版HaE需要升级你的BurpSuite版本>=2023.12.1)。
2. HaE 2.6版本后对规则字段进行了更新,因此无法适配<=2.6版本的规则,请用户自行前往[规则转换页面](https://gh0st.cn/HaE/ConversionRule.html)进行转换。
3. 自定义HaE规则必须用左右括号`()`将所需提取的表达式内容包含,例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`在HaE的规则中就需要变成`(rememberMe=delete)`
## 使用方法
插件装载: `Extender - Extensions - Add - Select File - Next`
初次装载`HaE`会从Jar包中加载离线的规则库如果更新可以点击`Reinit`进行重新初始化。内置规则库地址可以在Github上找到`https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml`
配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下:
1. Linux/Mac用户的配置文件目录`~/.config/HaE/`
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
除此之外,您也可以选择将配置文件存放在`HaE Jar包`的同级目录下的`/.config/HaE/`中,**以便于离线携带**。
### 规则释义
HaE目前的规则一共有8个字段详细的含义如下所示
| 字段 | 含义 |
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Name | 规则名称,主要用于简短概括当前规则的作用。 |
| F-Regex | 规则正则主要用于填写正则表达式。在HaE中所需提取匹配的内容需要用`(``)`将正则表达式进行包裹。|
| S-Regex | 规则正则作用及使用同F-Regex。S-Regex为二次正则可以用于对F-Regex匹配的数据结果进行二次的匹配提取如不需要的情况下可以留空。|
| Format | 格式化输出在NFA引擎的正则表达式中我们可以通过`{0}``{1}``{2}`…的方式进行取分组格式化输出。默认情况下使用`{0}`即可。 |
| Scope | 规则作用域主要用于表示当前规则作用于HTTP报文的哪个部分。支持请求、响应的行、头、体以及完整的报文。 |
| Engine | 正则引擎,主要用于表示当前规则的正则表达式所使用的引擎。**DFA引擎**:对于文本串里的每一个字符只需扫描一次,速度快、特性少;**NFA引擎**:要翻来覆去标注字符、取消标注字符,速度慢,但是特性(如:分组、替换、分割)丰富。 |
| Color | 规则匹配颜色主要用于表示当前规则匹配到对应HTTP报文时所需标记的高亮颜色。在HaE中具备颜色升级算法当出现相同颜色时会自动向上升级一个颜色进行标记。 |
| Sensitive | 规则敏感性,主要用于表示当前规则对于大小写字母是否敏感,敏感(`True`)则严格按照大小写要求匹配,不敏感(`False`)则反之。 |
## 优势特点
1. **功能**通过对HTTP报文的颜色高亮、注释和提取帮助使用者获取有意义的信息**聚焦高价值报文**。
2. **界面**:清晰可视的界面设计,以及**简洁的界面交互**,帮助使用者更轻松的了解和配置项目,**避免`多按钮`式的复杂体验**。
3. **查询**将HTTP报文的高亮、注释和提取到的相关信息**集中在一个数据面板**,可以一键查询、提取信息,从而提高测试和梳理效率。
4. **算法**:内置高亮颜色的升级算法,当出现相同颜色时**会自动向上升级一个颜色**进行标记,**避免`屠龙者终成恶龙`场景**。
5. **管理****融入BurpSuite的项目数据管理**当使用BurpSuite进行项目存储时HaE数据也会一并存储。
6. **实战**:官方规则库和规则字段作用功能,都是**基于实战化场景总结输出**的,**以此提高数据的有效性、精准性发现**。
| 界面名称 | 界面展示 |
| ------------------------ | ---------------------------------------------------- |
| Rules规则管理 | <img src="images/rules.png" style="width: 80%" /> |
| Config配置管理 | <img src="images/config.png" style="width: 80%" /> |
| Databoard数据集合 | <img src="images/databoard.png" style="width: 80%" /> |
| MarkInfo数据展示 | <img src="images/markinfo.png" style="width: 80%" /> |
## 赞赏榜单
感谢各位对项目的赞赏,以下名单基于赞赏时间进行排序,不分先后,如有遗留可联系项目作者进行补充。
| ID | 金额 |
| -------- | -------- |
| 毁三观大人 | 200.00元 |
| ttt | 50.00元 |
| C_soon5 | 66.66元 |
| 1wtbb | 25.00元 |
| Deep | 66.66元 |
| NaTsUk0 | 50.00元 |
| Kite | 48.00元 |
| 红色键盘 | 99.99元 |
| 曾哥 | 188.88元 |
| NOP Team | 200.00元 |
| vaycore | 188.88元 |
| xccc | 168.00元 |
| 柯林斯-民间新秀 | 1000.00元 |
| Cuber | 100.00元 |
## 支持项目
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
</div>
## 404StarLink 2.0 - Galaxy
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)