├── .gitignore ├── LICENSE ├── README.md ├── apikiller.sql ├── ca.crt ├── config ├── config.dev.yaml └── config.release.yaml ├── dbDeploy.sh ├── go.mod ├── go.sum ├── hooks └── .gitkeep ├── internal ├── core │ ├── ahttp │ │ ├── ahttp.go │ │ ├── ahttpModify.go │ │ ├── ahttpModify_test.go │ │ ├── ahttp_test.go │ │ ├── dumpHttp.go │ │ └── hook │ │ │ ├── hook.go │ │ │ └── requestHook.go │ ├── aio │ │ └── repeatReadCloser.go │ ├── async │ │ ├── asyncCheckEngineX.go │ │ └── asyncCheckEngineX_test.go │ ├── data │ │ ├── buildResult.go │ │ └── meta.go │ ├── database │ │ ├── db.go │ │ ├── mysql.go │ │ └── mysql_test.go │ ├── filter │ │ ├── duplicateFilter.go │ │ ├── filter.go │ │ ├── httpFilter.go │ │ └── staticResourceFilter.go │ ├── handler.go │ ├── module │ │ ├── CSRF │ │ │ └── CSRFDetector.go │ │ ├── DoS │ │ │ ├── DoSDetector.go │ │ │ ├── rateLimitDetector.go │ │ │ └── resourceSizeDetector.go │ │ ├── OpenRedirect │ │ │ └── OpenRedirectDetector.go │ │ ├── SSRF │ │ │ └── SSRFDetector.go │ │ ├── authorize │ │ │ ├── authGroup.go │ │ │ ├── authoriedDetector.go │ │ │ └── authoriedDetector_test.go │ │ └── detect.go │ ├── notify │ │ ├── dingding.go │ │ ├── lark.go │ │ └── notify.go │ └── origin │ │ ├── fileInputOrigin │ │ ├── burpFile.go │ │ ├── burpFile_test.go │ │ └── fileInputOrigin.go │ │ ├── origin.go │ │ └── realTimeOrigin │ │ ├── realTimeOrigin.go │ │ └── realTimeOrigin_test.go ├── runner │ ├── banner.go │ ├── option.go │ └── runner.go └── web │ ├── backend │ ├── web.go │ └── web_test.go │ └── frontend │ └── www │ └── index.html ├── main.go ├── pkg ├── logger │ ├── formatter.go │ ├── logger.go │ └── rotate.go └── util │ ├── encode.go │ ├── randomIdGenerator.go │ └── randomIdGenerator_test.go └── static └── img ├── 2.jpg ├── architecture.jpg ├── img-0401.png ├── img.png ├── img_030101.png ├── img_030102.png ├── img_030103.png ├── img_030301.png ├── img_030801.png ├── img_030901.png ├── img_070201.jpg ├── img_1.png ├── img_2.png ├── img_20.png ├── img_21.png ├── img_22.png ├── img_23.png ├── img_24.png ├── img_25.png ├── img_3.png ├── img_4.png ├── img_5.png ├── img_6.png └── img_logo.png /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/README.md -------------------------------------------------------------------------------- /apikiller.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/apikiller.sql -------------------------------------------------------------------------------- /ca.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/ca.crt -------------------------------------------------------------------------------- /config/config.dev.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/config/config.dev.yaml -------------------------------------------------------------------------------- /config/config.release.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/config/config.release.yaml -------------------------------------------------------------------------------- /dbDeploy.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/dbDeploy.sh -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/go.sum -------------------------------------------------------------------------------- /hooks/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /internal/core/ahttp/ahttp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/ahttp/ahttp.go -------------------------------------------------------------------------------- /internal/core/ahttp/ahttpModify.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/ahttp/ahttpModify.go -------------------------------------------------------------------------------- /internal/core/ahttp/ahttpModify_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/ahttp/ahttpModify_test.go -------------------------------------------------------------------------------- /internal/core/ahttp/ahttp_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/ahttp/ahttp_test.go -------------------------------------------------------------------------------- /internal/core/ahttp/dumpHttp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/ahttp/dumpHttp.go -------------------------------------------------------------------------------- /internal/core/ahttp/hook/hook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/ahttp/hook/hook.go -------------------------------------------------------------------------------- /internal/core/ahttp/hook/requestHook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/ahttp/hook/requestHook.go -------------------------------------------------------------------------------- /internal/core/aio/repeatReadCloser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/aio/repeatReadCloser.go -------------------------------------------------------------------------------- /internal/core/async/asyncCheckEngineX.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/async/asyncCheckEngineX.go -------------------------------------------------------------------------------- /internal/core/async/asyncCheckEngineX_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/async/asyncCheckEngineX_test.go -------------------------------------------------------------------------------- /internal/core/data/buildResult.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/data/buildResult.go -------------------------------------------------------------------------------- /internal/core/data/meta.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/data/meta.go -------------------------------------------------------------------------------- /internal/core/database/db.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/database/db.go -------------------------------------------------------------------------------- /internal/core/database/mysql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/database/mysql.go -------------------------------------------------------------------------------- /internal/core/database/mysql_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/database/mysql_test.go -------------------------------------------------------------------------------- /internal/core/filter/duplicateFilter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/filter/duplicateFilter.go -------------------------------------------------------------------------------- /internal/core/filter/filter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/filter/filter.go -------------------------------------------------------------------------------- /internal/core/filter/httpFilter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/filter/httpFilter.go -------------------------------------------------------------------------------- /internal/core/filter/staticResourceFilter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/filter/staticResourceFilter.go -------------------------------------------------------------------------------- /internal/core/handler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/handler.go -------------------------------------------------------------------------------- /internal/core/module/CSRF/CSRFDetector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/CSRF/CSRFDetector.go -------------------------------------------------------------------------------- /internal/core/module/DoS/DoSDetector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/DoS/DoSDetector.go -------------------------------------------------------------------------------- /internal/core/module/DoS/rateLimitDetector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/DoS/rateLimitDetector.go -------------------------------------------------------------------------------- /internal/core/module/DoS/resourceSizeDetector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/DoS/resourceSizeDetector.go -------------------------------------------------------------------------------- /internal/core/module/OpenRedirect/OpenRedirectDetector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/OpenRedirect/OpenRedirectDetector.go -------------------------------------------------------------------------------- /internal/core/module/SSRF/SSRFDetector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/SSRF/SSRFDetector.go -------------------------------------------------------------------------------- /internal/core/module/authorize/authGroup.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/authorize/authGroup.go -------------------------------------------------------------------------------- /internal/core/module/authorize/authoriedDetector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/authorize/authoriedDetector.go -------------------------------------------------------------------------------- /internal/core/module/authorize/authoriedDetector_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/authorize/authoriedDetector_test.go -------------------------------------------------------------------------------- /internal/core/module/detect.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/module/detect.go -------------------------------------------------------------------------------- /internal/core/notify/dingding.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/notify/dingding.go -------------------------------------------------------------------------------- /internal/core/notify/lark.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/notify/lark.go -------------------------------------------------------------------------------- /internal/core/notify/notify.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/notify/notify.go -------------------------------------------------------------------------------- /internal/core/origin/fileInputOrigin/burpFile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/origin/fileInputOrigin/burpFile.go -------------------------------------------------------------------------------- /internal/core/origin/fileInputOrigin/burpFile_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/origin/fileInputOrigin/burpFile_test.go -------------------------------------------------------------------------------- /internal/core/origin/fileInputOrigin/fileInputOrigin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/origin/fileInputOrigin/fileInputOrigin.go -------------------------------------------------------------------------------- /internal/core/origin/origin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/origin/origin.go -------------------------------------------------------------------------------- /internal/core/origin/realTimeOrigin/realTimeOrigin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/origin/realTimeOrigin/realTimeOrigin.go -------------------------------------------------------------------------------- /internal/core/origin/realTimeOrigin/realTimeOrigin_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/core/origin/realTimeOrigin/realTimeOrigin_test.go -------------------------------------------------------------------------------- /internal/runner/banner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/runner/banner.go -------------------------------------------------------------------------------- /internal/runner/option.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/runner/option.go -------------------------------------------------------------------------------- /internal/runner/runner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/runner/runner.go -------------------------------------------------------------------------------- /internal/web/backend/web.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/web/backend/web.go -------------------------------------------------------------------------------- /internal/web/backend/web_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/web/backend/web_test.go -------------------------------------------------------------------------------- /internal/web/frontend/www/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/internal/web/frontend/www/index.html -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/main.go -------------------------------------------------------------------------------- /pkg/logger/formatter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/pkg/logger/formatter.go -------------------------------------------------------------------------------- /pkg/logger/logger.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/pkg/logger/logger.go -------------------------------------------------------------------------------- /pkg/logger/rotate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/pkg/logger/rotate.go -------------------------------------------------------------------------------- /pkg/util/encode.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/pkg/util/encode.go -------------------------------------------------------------------------------- /pkg/util/randomIdGenerator.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/pkg/util/randomIdGenerator.go -------------------------------------------------------------------------------- /pkg/util/randomIdGenerator_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/pkg/util/randomIdGenerator_test.go -------------------------------------------------------------------------------- /static/img/2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/2.jpg -------------------------------------------------------------------------------- /static/img/architecture.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/architecture.jpg -------------------------------------------------------------------------------- /static/img/img-0401.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img-0401.png -------------------------------------------------------------------------------- /static/img/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img.png -------------------------------------------------------------------------------- /static/img/img_030101.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_030101.png -------------------------------------------------------------------------------- /static/img/img_030102.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_030102.png -------------------------------------------------------------------------------- /static/img/img_030103.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_030103.png -------------------------------------------------------------------------------- /static/img/img_030301.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_030301.png -------------------------------------------------------------------------------- /static/img/img_030801.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_030801.png -------------------------------------------------------------------------------- /static/img/img_030901.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_030901.png -------------------------------------------------------------------------------- /static/img/img_070201.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_070201.jpg -------------------------------------------------------------------------------- /static/img/img_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_1.png -------------------------------------------------------------------------------- /static/img/img_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_2.png -------------------------------------------------------------------------------- /static/img/img_20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_20.png -------------------------------------------------------------------------------- /static/img/img_21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_21.png -------------------------------------------------------------------------------- /static/img/img_22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_22.png -------------------------------------------------------------------------------- /static/img/img_23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_23.png -------------------------------------------------------------------------------- /static/img/img_24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_24.png -------------------------------------------------------------------------------- /static/img/img_25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_25.png -------------------------------------------------------------------------------- /static/img/img_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_3.png -------------------------------------------------------------------------------- /static/img/img_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_4.png -------------------------------------------------------------------------------- /static/img/img_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_5.png -------------------------------------------------------------------------------- /static/img/img_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_6.png -------------------------------------------------------------------------------- /static/img/img_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/API-Security/APIKiller/HEAD/static/img/img_logo.png --------------------------------------------------------------------------------