ChYing is an integrated security toolbox combining directory scanning, JWT analysis, Swagger API testing, lightweight BurpSuite features, and various encoding/decoding utilities for application security.
承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能
ChYing is designed for security professionals and developers to perform comprehensive application security assessments, including directory enumeration, API vulnerability testing, and traffic interception. It is particularly useful for penetration testers needing an all-in-one tool to automate scans, analyze JWT tokens, bypass 403 restrictions, and inspect HTTP/HTTPS traffic with BurpSuite-like capabilities.
Users must install the mitmproxy CA certificate on first run to enable HTTPS traffic interception. The tool currently supports only one-level directory scanning but plans multi-level traversal. Some UI issues exist, such as needing to activate tabs before use and Intruder module tab switching bugs. The frontend is still under development and relies on ChatGPT assistance.
Install Wails framework following https://wails.io/zh-Hans/docs/gettingstarted/installation/
Run `wails build` to compile the projectwails build
Builds the ChYing project using the Wails framework
Start BurpSuite proxy on port 9080
Launches the HTTP proxy for intercepting traffic; requires installing the generated mitmproxy CA certificate located at ~/.mitmproxy/mitmproxy-ca-cert.pem