simpleIAST is an interactive application security testing tool based on taint tracking for gray-box vulnerability scanning.
simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。
This tool is designed for developers and security teams to detect and analyze application vulnerabilities in real-time during application runtime. It integrates with Java applications via an agent to provide comprehensive vulnerability detection across multiple middleware platforms, helping to improve application security through automated scanning and detailed vulnerability reporting.
Ensure the Java application runs on supported JDK versions (1.8 or 11) and middleware for compatibility. Running the agent in attach mode requires the target process PID and appropriate permissions. Default web interface credentials should be changed immediately after deployment to maintain security. The tool currently supports a broad set of critical vulnerabilities but ongoing updates are planned to enhance hook customization and detection coverage.
git clone https://github.com/keven1z/simpleIAST.git
cd ./simpleIAST/docker/
docker-compose up -d
Access the web interface at http://[your_ip]:8443/ with default credentials admin/123456
Place iast-agent.jar and iast-engine.jar in the same directory as your application jar
Start your Java application with the agent: java -javaagent:iast-agent.jar -jar [app.jar]
Alternatively, attach the agent to a running process: java -jar iast-engine.jar -m install -p [pid]
To uninstall the agent: java -jar iast-engine.jar -m uninstall -p [pid]java -javaagent:iast-agent.jar -jar [app.jar]
Start the Java application with the simpleIAST agent enabled for vulnerability scanning.
java -jar iast-engine.jar -m install -p [pid]
Attach the simpleIAST agent to a running Java process by its PID.
java -jar iast-engine.jar -m uninstall -p [pid]
Detach the simpleIAST agent from a running Java process.
docker-compose up -d
Start the simpleIAST web service and backend using Docker.