diff --git a/README.md b/README.md index ee5317fc..6022a49a 100644 --- a/README.md +++ b/README.md @@ -7,37 +7,17 @@ [中文](README_CN.md) | [English](README.md) -**Community**: [Join us on Discord](https://discord.gg/8PjVCMu8Zw) - **CyberStrikeAI is building the agentic execution layer for modern cyber security.** It brings AI agents, security tools, MCP-native integrations, knowledge systems, human oversight, and attack-chain intelligence into a unified workspace for authorized cyber engagements. Instead of treating tools, prompts, evidence, approvals, and reports as separate fragments, CyberStrikeAI turns security intent into auditable multi-agent workflows that can plan, execute, review, replay, and continuously accumulate operational context. Built in Go, CyberStrikeAI provides a full-stack foundation for AI-native security operations: 100+ curated tool recipes, role-based testing, Agent Skills, Eino-powered single-agent and multi-agent orchestration, RAG knowledge retrieval, graph workflows, vulnerability and task lifecycle management, WebShell operations, chatbot access, and a lightweight built-in C2 framework for authorized lab and engagement scenarios. -**Start here:** [Quick start](#quick-start-one-command-deployment) · [Documentation](docs/en-US/README.md) · [Production deployment](docs/en-US/deployment.md) · [API recipes](docs/en-US/api-recipes.md) · [Security hardening](docs/en-US/security-hardening.md) +**Start here:** [Quick start](#quick-start-one-command-deployment) · [Documentation](docs/en-US/README.md) · [Security hardening](docs/en-US/security-hardening.md) > [!IMPORTANT] > Use CyberStrikeAI only on systems you own or are explicitly authorized to test. For shared or production environments, review the [security model](docs/en-US/security-model.md) and [hardening guide](docs/en-US/security-hardening.md) before enabling high-risk tools, WebShell, or C2 capabilities. -
-WeChat group (click to reveal QR code) - -CyberStrikeAI WeChat group QR code - -
- -
-Sponsorship (click to expand) - -If CyberStrikeAI helps you, you can support the project via **WeChat Pay** or **Alipay**: - -
- WeChat Pay and Alipay sponsorship QR codes -
- -
- ## Interface & Integration Preview
@@ -183,6 +163,9 @@ CyberStrikeAI includes optional integrations under `plugins/`. CyberStrikeAI ships with 100+ curated tools covering the whole kill chain: +
+View the complete tool categories + - **Network Scanners** – nmap, masscan, rustscan, arp-scan, nbtscan - **Web & App Scanners** – sqlmap, nikto, dirb, gobuster, feroxbuster, ffuf, httpx - **Vulnerability Scanners** – nuclei, wpscan, wafw00f, dalfox, xsser @@ -199,6 +182,10 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain: - **CTF Utilities** – stegsolve, zsteg, hash-identifier, fcrackzip, pdfcrack, cyberchef - **System Helpers** – exec, create-file, delete-file, list-files, modify-file +
+ +See [tools/README_EN.md](tools/README_EN.md) for tool definitions, customization, and usage notes. + ## Basic Usage ### Quick Start (One-Command Deployment) @@ -222,6 +209,12 @@ The `run.sh` script will automatically: - ✅ Build the project - ✅ Start the server +**Verify the startup:** + +1. Confirm the terminal displays `● ONLINE` followed by the actual Web UI URL. +2. Open that URL; the default HTTPS mode uses a local self-signed certificate, so accept the browser warning once. +3. On a new installation, store the one-time `admin` password shown under `ADMIN SETUP REQUIRED`, sign in, and change it immediately. + **Networking defaults:** `run.sh` starts the server with **`--https`** and the repo **`config.yaml`** (local self-signed TLS; better for many concurrent streams). Use **`./run.sh --http`** for plain HTTP. In production, set **`server.tls_cert_path`** / **`server.tls_key_path`** in **`config.yaml`** (see comments there). For manual runs, add **`--https`** or **`CYBERSTRIKE_HTTPS=1`**; if **`-config`** is wrong, the binary prints a short usage hint on stderr. **First-Time Configuration:** @@ -365,6 +358,26 @@ CyberStrikeAI has joined [404Starlink](https://github.com/knownsec/404StarLink) --- +## Community and Support + +- Join the community on [Discord](https://discord.gg/8PjVCMu8Zw). + +
+WeChat group + +CyberStrikeAI WeChat group QR code + +
+ +
+Sponsorship via WeChat Pay or Alipay + +
+ WeChat Pay and Alipay sponsorship QR codes +
+ +
+ ## License CyberStrikeAI is licensed under the Apache License 2.0. @@ -392,3 +405,4 @@ For vulnerability reporting and deployment hardening guidance, see [SECURITY.md] Need help or want to contribute? Open an issue or PR—community tooling additions are welcome! + diff --git a/README_CN.md b/README_CN.md index 86608dc5..fbacb108 100644 --- a/README_CN.md +++ b/README_CN.md @@ -6,37 +6,17 @@ [中文](README_CN.md) | [English](README.md) -**社区**:[加入 Discord](https://discord.gg/8PjVCMu8Zw) - **CyberStrikeAI 正在构建现代网络安全的智能体执行层。** 它将 AI 智能体、安全工具、MCP 原生集成、知识系统、人工监督与攻击链智能汇聚到一个面向授权安全任务的统一工作空间中。CyberStrikeAI 不再把工具、提示词、证据、审批和报告视为割裂环节,而是将安全意图转化为可规划、可执行、可审查、可复盘、可持续沉淀上下文的多智能体工作流。 CyberStrikeAI 基于 Go 构建,为 AI 原生安全运营提供完整底座:100+ 精选工具配方、角色化测试、Agent Skills、基于 Eino 的单智能体与多智能体编排、RAG 知识检索、图工作流、漏洞与任务生命周期管理、WebShell 运营、机器人接入,以及面向授权实验室和安全任务场景的内置轻量 C2 框架。 -**从这里开始:** [快速上手](#快速上手一条命令部署) · [中文文档](docs/zh-CN/README.md) · [生产部署](docs/zh-CN/deployment.md) · [API 示例](docs/zh-CN/api-recipes.md) · [安全加固](docs/zh-CN/security-hardening.md) +**从这里开始:** [快速上手](#快速上手一条命令部署) · [中文文档](docs/zh-CN/README.md) · [安全加固](docs/zh-CN/security-hardening.md) > [!IMPORTANT] > 仅可对自有系统或已获得明确授权的目标使用 CyberStrikeAI。在共享或生产环境启用高风险工具、WebShell 或 C2 前,请先阅读[安全模型](docs/zh-CN/security-model.md)和[安全加固指南](docs/zh-CN/security-hardening.md)。 -
-微信群(点击展开二维码) - -CyberStrikeAI 微信群二维码 - -
- -
-赞助(点击展开) - -若 CyberStrikeAI 对您有帮助,可通过 **微信支付** 或 **支付宝** 赞助项目: - -
- 微信与支付宝赞助二维码 -
- -
- ## 界面与集成预览
@@ -182,6 +162,9 @@ CyberStrikeAI 基于 Go 构建,为 AI 原生安全运营提供完整底座:1 系统预置 100+ 渗透/攻防工具,覆盖完整攻击链: +
+查看完整工具分类 + - **网络扫描**:nmap、masscan、rustscan、arp-scan、nbtscan - **Web 应用扫描**:sqlmap、nikto、dirb、gobuster、feroxbuster、ffuf、httpx - **漏洞扫描**:nuclei、wpscan、wafw00f、dalfox、xsser @@ -198,6 +181,10 @@ CyberStrikeAI 基于 Go 构建,为 AI 原生安全运营提供完整底座:1 - **CTF 实用工具**:stegsolve、zsteg、hash-identifier、fcrackzip、pdfcrack、cyberchef - **系统辅助**:exec、create-file、delete-file、list-files、modify-file +
+ +工具定义、自定义方式与使用说明见 [tools/README.md](tools/README.md)。 + ## 基础使用 ### 快速上手(一条命令部署) @@ -221,6 +208,12 @@ chmod +x run.sh && ./run.sh - ✅ 编译构建项目 - ✅ 启动服务器 +**验证是否启动成功:** + +1. 确认终端显示 `● ONLINE`,并在其后给出实际 Web UI 地址。 +2. 打开该地址;默认 HTTPS 使用本地自签证书,首次访问需接受一次浏览器证书提示。 +3. 全新安装时,妥善保存 `ADMIN SETUP REQUIRED` 下仅展示一次的 `admin` 密码,登录后立即修改。 + **网络默认:** `run.sh` 会以 **`--https`** 并传入项目根 **`config.yaml`** 启动(本机自签证书,多路流式场景更稳)。只要明文 HTTP 用 **`./run.sh --http`**。生产环境在 **`config.yaml`** 的 **`server.tls_cert_path` / `server.tls_key_path`** 配正式证书(见文件内注释)。手动启动可加 **`--https`** 或环境变量 **`CYBERSTRIKE_HTTPS=1`**;`-config` 写错时程序会在终端提示正确写法。 **首次配置:** @@ -361,6 +354,26 @@ CyberStrikeAI 现已加入 [404星链计划](https://github.com/knownsec/404Star --- +## 社区与支持 + +- 在 [Discord](https://discord.gg/8PjVCMu8Zw) 加入社区。 + +
+微信群 + +CyberStrikeAI 微信群二维码 + +
+ +
+通过微信支付或支付宝赞助 + +
+ 微信与支付宝赞助二维码 +
+ +
+ ## 许可证 CyberStrikeAI 采用 **Apache License 2.0** 开源许可。 @@ -388,3 +401,4 @@ CyberStrikeAI 是一个专业的安全测试平台,旨在帮助安全研究人 欢迎提交 Issue/PR 贡献新的工具模版或优化建议! + diff --git a/docs/en-US/contributing-guide.md b/docs/en-US/contributing-guide.md index 226a9b6c..9019d5f8 100644 --- a/docs/en-US/contributing-guide.md +++ b/docs/en-US/contributing-guide.md @@ -111,6 +111,8 @@ python3 scripts/check-docs.py The check verifies local links, fenced code blocks, bilingual filename parity, locale index coverage, and the Go version documented by the root READMEs. Keep versioned examples derived from authoritative files such as `go.mod` and `config.example.yaml` whenever possible. +The same command runs automatically in the `Documentation` GitHub Actions workflow when documentation, `go.mod`, or the checker itself changes. + ## Review Focus Prioritize: diff --git a/docs/zh-CN/contributing-guide.md b/docs/zh-CN/contributing-guide.md index 94e2d9e2..fe02ae3c 100644 --- a/docs/zh-CN/contributing-guide.md +++ b/docs/zh-CN/contributing-guide.md @@ -111,6 +111,8 @@ python3 scripts/check-docs.py 该检查会验证本地链接、代码块闭合、中英文文件名对齐、语言导航覆盖率,以及根 README 中的 Go 版本是否与 `go.mod` 一致。版本化示例应尽量从 `go.mod`、`config.example.yaml` 等权威文件派生,避免手工同步。 +当文档、`go.mod` 或检查脚本变更时,GitHub Actions 中的 `Documentation` 工作流会自动运行同一条命令。 + ## Review 关注点 代码评审优先看: