From dccbb80fa454d3e8b65f3c6380b00dad7b931c6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=85=AC=E6=98=8E?= <83812544+Ed1s0nZ@users.noreply.github.com> Date: Thu, 8 Jan 2026 22:54:36 +0800 Subject: [PATCH] Add files via upload --- README.md | 84 +++++++++++--------- README_CN.md | 84 +++++++++++--------- run.sh | 220 ++++++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 275 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index 3d5ecc74..5dd6b077 100644 --- a/README.md +++ b/README.md @@ -65,35 +65,40 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain: ## Basic Usage -### Quick Start -1. **Clone & install** - ```bash - git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git - cd CyberStrikeAI-main - go mod download - ``` -2. **Set up the Python tooling stack (required for the YAML tools directory)** - A large portion of `tools/*.yaml` recipes wrap Python utilities (`api-fuzzer`, `http-framework-test`, `install-python-package`, etc.). Create the project-local virtual environment once and install the shared dependencies: - ```bash - python3 -m venv venv - source venv/bin/activate - pip install -r requirements.txt - ``` - The helper tools automatically detect this `venv` (or any already active `$VIRTUAL_ENV`), so the default `env_name` works out of the box unless you intentionally supply another target. -3. **Configure OpenAI-compatible access** - Either open the in-app `Settings` panel after launch or edit `config.yaml`: - ```yaml - openai: - api_key: "sk-your-key" - base_url: "https://api.openai.com/v1" - model: "gpt-4o" - auth: - password: "" # empty = auto-generate & log once - session_duration_hours: 12 - security: - tools_dir: "tools" - ``` -4. **Install the tooling you need (optional)** +### Quick Start (One-Command Deployment) + +**Prerequisites:** +- Go 1.21+ ([Install](https://go.dev/dl/)) +- Python 3.10+ ([Install](https://www.python.org/downloads/)) + +**One-Command Deployment:** +```bash +git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git +cd CyberStrikeAI-main +chmod +x run.sh && ./run.sh +``` + +The `run.sh` script will automatically: +- ✅ Check and validate Go & Python environments +- ✅ Create Python virtual environment +- ✅ Install Python dependencies +- ✅ Download Go dependencies +- ✅ Build the project +- ✅ Start the server + +**First-Time Configuration:** +1. **Configure OpenAI-compatible API** (required before first use) + - Open http://localhost:8080 after launch + - Go to `Settings` → Fill in your API credentials: + ```yaml + openai: + api_key: "sk-your-key" + base_url: "https://api.openai.com/v1" # or https://api.deepseek.com/v1 + model: "gpt-4o" # or deepseek-chat, claude-3-opus, etc. + ``` + - Or edit `config.yaml` directly before launching +2. **Login** - Use the auto-generated password shown in the console (or set `auth.password` in `config.yaml`) +3. **Install security tools (optional)** - Install tools as needed: ```bash # macOS brew install nmap sqlmap nuclei httpx gobuster feroxbuster subfinder amass @@ -101,15 +106,18 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain: sudo apt-get install nmap sqlmap nuclei httpx gobuster feroxbuster ``` AI automatically falls back to alternatives when a tool is missing. -5. **Launch** - ```bash - chmod +x run.sh && ./run.sh - # or - go run cmd/server/main.go - # or - go build -o cyberstrike-ai cmd/server/main.go - ``` -6. **Open the console** at http://localhost:8080, log in with the generated password, and start chatting. + +**Alternative Launch Methods:** +```bash +# Direct Go run (requires manual setup) +go run cmd/server/main.go + +# Manual build +go build -o cyberstrike-ai cmd/server/main.go +./cyberstrike-ai +``` + +**Note:** The Python virtual environment (`venv/`) is automatically created and managed by `run.sh`. Tools that require Python (like `api-fuzzer`, `http-framework-test`, etc.) will automatically use this environment. ### Core Workflows - **Conversation testing** – Natural-language prompts trigger toolchains with streaming SSE output. diff --git a/README_CN.md b/README_CN.md index 281f4448..f4fa1a30 100644 --- a/README_CN.md +++ b/README_CN.md @@ -64,35 +64,40 @@ CyberStrikeAI 是一款 **AI 原生安全测试平台**,基于 Go 构建,集 ## 基础使用 -### 快速上手 -1. **获取代码并安装依赖** - ```bash - git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git - cd CyberStrikeAI-main - go mod download - ``` -2. **初始化 Python 虚拟环境(tools 目录所需)** - `tools/*.yaml` 中大量工具(如 `api-fuzzer`、`http-framework-test`、`install-python-package` 等)依赖 Python 生态。首次进入项目根目录时请创建本地虚拟环境并安装依赖: - ```bash - python3 -m venv venv - source venv/bin/activate - pip install -r requirements.txt - ``` - 两个 Python 专用工具(`install-python-package` 与 `execute-python-script`)会自动检测该 `venv`(或已经激活的 `$VIRTUAL_ENV`),因此默认 `env_name` 即可满足大多数场景。 -3. **配置模型与鉴权** - 启动后在 Web 端 `Settings` 填写,或直接编辑 `config.yaml`: - ```yaml - openai: - api_key: "sk-your-key" - base_url: "https://api.openai.com/v1" - model: "gpt-4o" - auth: - password: "" # 为空则首次启动自动生成强口令 - session_duration_hours: 12 - security: - tools_dir: "tools" - ``` -4. **按需安装安全工具(可选)** +### 快速上手(一条命令部署) + +**环境要求:** +- Go 1.21+ ([下载安装](https://go.dev/dl/)) +- Python 3.10+ ([下载安装](https://www.python.org/downloads/)) + +**一条命令部署:** +```bash +git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git +cd CyberStrikeAI-main +chmod +x run.sh && ./run.sh +``` + +`run.sh` 脚本会自动完成: +- ✅ 检查并验证 Go 和 Python 环境 +- ✅ 创建 Python 虚拟环境 +- ✅ 安装 Python 依赖包 +- ✅ 下载 Go 依赖模块 +- ✅ 编译构建项目 +- ✅ 启动服务器 + +**首次配置:** +1. **配置 AI 模型 API**(首次使用前必填) + - 启动后访问 http://localhost:8080 + - 进入 `设置` → 填写 API 配置信息: + ```yaml + openai: + api_key: "sk-your-key" + base_url: "https://api.openai.com/v1" # 或 https://api.deepseek.com/v1 + model: "gpt-4o" # 或 deepseek-chat, claude-3-opus 等 + ``` + - 或启动前直接编辑 `config.yaml` 文件 +2. **登录系统** - 使用控制台显示的自动生成密码(或在 `config.yaml` 中设置 `auth.password`) +3. **安装安全工具(可选)** - 按需安装所需工具: ```bash # macOS brew install nmap sqlmap nuclei httpx gobuster feroxbuster subfinder amass @@ -100,15 +105,18 @@ CyberStrikeAI 是一款 **AI 原生安全测试平台**,基于 Go 构建,集 sudo apt-get install nmap sqlmap nuclei httpx gobuster feroxbuster ``` 未安装的工具会自动跳过或改用替代方案。 -5. **启动服务** - ```bash - chmod +x run.sh && ./run.sh - # 或 - go run cmd/server/main.go - # 或 - go build -o cyberstrike-ai cmd/server/main.go - ``` -6. **浏览器访问** http://localhost:8080 ,使用日志中提示的密码登录并开始对话。 + +**其他启动方式:** +```bash +# 直接运行(需手动配置环境) +go run cmd/server/main.go + +# 手动编译 +go build -o cyberstrike-ai cmd/server/main.go +./cyberstrike-ai +``` + +**说明:** Python 虚拟环境(`venv/`)由 `run.sh` 自动创建和管理。需要 Python 的工具(如 `api-fuzzer`、`http-framework-test` 等)会自动使用该环境。 ### 常用流程 - **对话测试**:自然语言触发多步工具编排,SSE 实时输出。 diff --git a/run.sh b/run.sh index c2d77608..65fc9437 100644 --- a/run.sh +++ b/run.sh @@ -2,59 +2,205 @@ set -euo pipefail -# CyberStrikeAI 启动脚本 +# CyberStrikeAI 一键部署启动脚本 ROOT_DIR="$(cd "$(dirname "$0")" && pwd)" cd "$ROOT_DIR" -echo "🚀 启动 CyberStrikeAI..." +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# 打印带颜色的消息 +info() { echo -e "${BLUE}ℹ️ $1${NC}"; } +success() { echo -e "${GREEN}✅ $1${NC}"; } +warning() { echo -e "${YELLOW}⚠️ $1${NC}"; } +error() { echo -e "${RED}❌ $1${NC}"; } + +echo "" +echo "==========================================" +echo " CyberStrikeAI 一键部署启动脚本" +echo "==========================================" +echo "" CONFIG_FILE="$ROOT_DIR/config.yaml" VENV_DIR="$ROOT_DIR/venv" REQUIREMENTS_FILE="$ROOT_DIR/requirements.txt" +BINARY_NAME="cyberstrike-ai" # 检查配置文件 if [ ! -f "$CONFIG_FILE" ]; then - echo "❌ 配置文件 config.yaml 不存在" + error "配置文件 config.yaml 不存在" + info "请确保在项目根目录运行此脚本" exit 1 fi -# 检查 Python 环境 -if ! command -v python3 >/dev/null 2>&1; then - echo "❌ 未找到 python3,请先安装 Python 3.10+" - exit 1 -fi +# 检查并安装 Python 环境 +check_python() { + if ! command -v python3 >/dev/null 2>&1; then + error "未找到 python3" + echo "" + info "请先安装 Python 3.10 或更高版本:" + echo " macOS: brew install python3" + echo " Ubuntu: sudo apt-get install python3 python3-venv" + echo " CentOS: sudo yum install python3 python3-pip" + exit 1 + fi + + PYTHON_VERSION=$(python3 --version 2>&1 | awk '{print $2}') + PYTHON_MAJOR=$(echo "$PYTHON_VERSION" | cut -d. -f1) + PYTHON_MINOR=$(echo "$PYTHON_VERSION" | cut -d. -f2) + + if [ "$PYTHON_MAJOR" -lt 3 ] || ([ "$PYTHON_MAJOR" -eq 3 ] && [ "$PYTHON_MINOR" -lt 10 ]); then + error "Python 版本过低: $PYTHON_VERSION (需要 3.10+)" + exit 1 + fi + + success "Python 环境检查通过: $PYTHON_VERSION" +} -# 创建并激活虚拟环境 -if [ ! -d "$VENV_DIR" ]; then - echo "🐍 创建 Python 虚拟环境..." - python3 -m venv "$VENV_DIR" -fi +# 检查并安装 Go 环境 +check_go() { + if ! command -v go >/dev/null 2>&1; then + error "未找到 Go" + echo "" + info "请先安装 Go 1.21 或更高版本:" + echo " macOS: brew install go" + echo " Ubuntu: sudo apt-get install golang-go" + echo " CentOS: sudo yum install golang" + echo " 或访问: https://go.dev/dl/" + exit 1 + fi + + GO_VERSION=$(go version | awk '{print $3}' | sed 's/go//') + GO_MAJOR=$(echo "$GO_VERSION" | cut -d. -f1) + GO_MINOR=$(echo "$GO_VERSION" | cut -d. -f2) + + if [ "$GO_MAJOR" -lt 1 ] || ([ "$GO_MAJOR" -eq 1 ] && [ "$GO_MINOR" -lt 21 ]); then + error "Go 版本过低: $GO_VERSION (需要 1.21+)" + exit 1 + fi + + success "Go 环境检查通过: $(go version)" +} -echo "🐍 激活虚拟环境..." -# shellcheck disable=SC1091 -source "$VENV_DIR/bin/activate" +# 设置 Python 虚拟环境 +setup_python_env() { + if [ ! -d "$VENV_DIR" ]; then + info "创建 Python 虚拟环境..." + python3 -m venv "$VENV_DIR" + success "虚拟环境创建完成" + else + info "Python 虚拟环境已存在" + fi + + info "激活虚拟环境..." + # shellcheck disable=SC1091 + source "$VENV_DIR/bin/activate" + + if [ -f "$REQUIREMENTS_FILE" ]; then + info "安装/更新 Python 依赖..." + pip install --quiet --upgrade pip >/dev/null 2>&1 || true + + # 尝试安装依赖,捕获错误输出 + PIP_LOG=$(mktemp) + if pip install -r "$REQUIREMENTS_FILE" >"$PIP_LOG" 2>&1; then + success "Python 依赖安装完成" + else + # 检查是否是 angr 安装失败(需要 Rust) + if grep -q "angr" "$PIP_LOG" && grep -q "Rust compiler\|can't find Rust" "$PIP_LOG"; then + warning "angr 安装失败(需要 Rust 编译器)" + echo "" + info "angr 是可选依赖,主要用于二进制分析工具" + info "如果需要使用 angr,请先安装 Rust:" + echo " macOS: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh" + echo " Ubuntu: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh" + echo " 或访问: https://rustup.rs/" + echo "" + info "其他依赖已安装,可以继续使用(部分工具可能不可用)" + else + warning "部分 Python 依赖安装失败,但可以继续尝试运行" + warning "如果遇到问题,请检查错误信息并手动安装缺失的依赖" + # 显示最后几行错误信息 + echo "" + info "错误详情(最后 10 行):" + tail -n 10 "$PIP_LOG" | sed 's/^/ /' + echo "" + fi + fi + rm -f "$PIP_LOG" + else + warning "未找到 requirements.txt,跳过 Python 依赖安装" + fi +} -if [ -f "$REQUIREMENTS_FILE" ]; then - echo "📦 安装/更新 Python 依赖..." - pip install -r "$REQUIREMENTS_FILE" -else - echo "⚠️ 未找到 requirements.txt,跳过 Python 依赖安装" -fi +# 构建 Go 项目 +build_go_project() { + info "下载 Go 依赖..." + go mod download >/dev/null 2>&1 || { + error "Go 依赖下载失败" + exit 1 + } + + info "构建项目..." + if go build -o "$BINARY_NAME" cmd/server/main.go 2>&1; then + success "项目构建完成: $BINARY_NAME" + else + error "项目构建失败" + exit 1 + fi +} -# 检查 Go 环境 -if ! command -v go >/dev/null 2>&1; then - echo "❌ Go 未安装,请先安装 Go 1.21 或更高版本" - exit 1 -fi +# 检查是否需要重新构建 +need_rebuild() { + if [ ! -f "$BINARY_NAME" ]; then + return 0 # 需要构建 + fi + + # 检查源代码是否有更新 + if [ "$BINARY_NAME" -ot cmd/server/main.go ] || \ + [ "$BINARY_NAME" -ot go.mod ] || \ + find internal cmd -name "*.go" -newer "$BINARY_NAME" 2>/dev/null | grep -q .; then + return 0 # 需要重新构建 + fi + + return 1 # 不需要构建 +} -# 下载依赖 -echo "📦 下载 Go 依赖..." -go mod download +# 主流程 +main() { + # 环境检查 + info "检查运行环境..." + check_python + check_go + echo "" + + # 设置 Python 环境 + info "设置 Python 环境..." + setup_python_env + echo "" + + # 构建 Go 项目 + if need_rebuild; then + info "准备构建项目..." + build_go_project + else + success "可执行文件已是最新,跳过构建" + fi + echo "" + + # 启动服务器 + success "所有准备工作完成!" + echo "" + info "启动 CyberStrikeAI 服务器..." + echo "==========================================" + echo "" + + # 运行服务器 + exec "./$BINARY_NAME" +} -# 构建项目 -echo "🔨 构建项目..." -go build -o cyberstrike-ai cmd/server/main.go - -# 运行服务器 -echo "✅ 启动服务器..." -./cyberstrike-ai +# 执行主流程 +main