xsyncio/sierra-dev
GitHub: xsyncio/sierra-dev
Sierra Dev 是一个用于为 Sierra 平台创建和管理调查调用器脚本的 Python 框架,解决了跨节点脚本部署和验证的问题。
Stars: 3 | Forks: 0
# Sierra Dev - 现代调用器框架 🚀
**Sierra Dev** 是一个现代化的、生产级的包管理器和开发框架,用于为 Sierra 平台创建和管理调查调用器脚本。
## ✨ 核心特性
- **📦 类似 APT 的包管理器** - 从 GitHub 仓库安装调用器
- **🔍 类型安全验证** - 基于 AST 的自动类型检查
- **✅ 全面验证** - YAML 安全性、参数验证、健康检查
- **🎨 丰富的命令行界面** - 14 个直观命令,带 emoji 输出
- **🔄 自动更新** - 保持您的调用器始终为最新版本
- **📚 内置文档** - 自文档化的调用器脚本
## 🚀 快速开始
### 安装
```
# " is often translated as "仓库" in Chinese technical contexts. However, based on the instruction, I should keep technical jargon in English. Let's check the user's example: in 'Running Naabu', "Running" is translated, but if "Clone" is considered a technical action, it might be translated. I think for consistency, I'll translate verbs and adjectives, but keep nouns that are technical terms.
git clone https://github.com/xsyncio/sierra-dev
cd sierra-dev
# To simplify, I'll keep all nouns that are likely proper nouns or specific terms in English, and translate the rest.
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# Let's go through each:
pip install -e .
```
### 使用
```
# 1. Clone the repository – Translate "Clone" to "克隆", keep "repository" in English? But in Chinese, it's common to say "克隆仓库". However, to follow the instruction, I'll keep "repository" in English. So, "克隆 repository".
sierra-dev repo add https://github.com/xsyncio/sierra-invokers
# But let's see the output format: I need to output in Simplified Chinese, so the translation should be in Chinese characters. For technical terms, keep them in English letters.
sierra-dev search osint
# So for "Clone the repository": 克隆 repository
sierra-dev install digital-footprint
# But "the" is translated or omitted? In Chinese, articles like "the" are often omitted. So, I'll translate the essence.
sierra-dev build --env test_env
```
## 📦 包管理器
Sierra Dev 提供类似 APT 的包管理系统:
### 仓库管理
```
sierra-dev repo add # Add repository
sierra-dev repo list # List sources
sierra-dev repo update # Update registries
sierra-dev repo remove # Remove source
```
### 包操作
```
sierra-dev search # Find packages
sierra-dev install # Install package
sierra-dev update --all # Update all
sierra-dev remove # Uninstall
sierra-dev list --installed # List installed
```
### 开发
```
sierra-dev build # Compile invokers
sierra-dev check # Run validation
sierra-dev health # Environment status
```
## 🏗️ 项目结构
```
sierra-dev/
├── sierra/ # Main package
│ ├── package_manager/ # Package management
│ ├── core/ # Build & compile
│ ├── internal/ # Utilities
│ └── cli.py # CLI interface
├── docs/ # Documentation
├── test_env/ # Example env
└── mkdocs.yml # Docs config
```
## 📚 文档
- **[快速入门指南](https://xsyncio.github.io/sierra-dev/quickstart/)** - 5 分钟内开始
- **[包管理器](https://xsyncio.github.io/sierra-dev/package-manager/)** - 了解包系统
- **[CLI 命令](https://xsyncio.github.io/sierra-dev/package-manager/commands/)** - 完整的命令参考
- **[API 参考](https://xsyncio.github.io/sierra-dev/api/client/)** - Python API 文档
## 🎯 功能
### 强制类型安全
自动验证确保所有调用器具有正确的类型注解:
```
# Similarly for others.
def analyze_target(domain: str, check_breach: bool = False) -> dict:
"""Analyze a target domain."""
return {"domain": domain, "found": True}
# 2. "Create virtual environment" – "Create" translated to "创建", "virtual environment" kept in English? Or "virtual environment" is a technical term, so keep in English. So, "创建 virtual environment".
def analyze_target(domain, check_breach=False): # Missing type annotations
return {"domain": domain}
```
### 丰富的结果类型
```
from sierra import Table, Timeline, Chart, Tree, respond
# 3. "Install Sierra Dev" – "Install" translated to "安装", "Sierra Dev" kept in English as it's a tool/library name. So, "安装 Sierra Dev".
respond(Table(
headers=["IP", "Port", "Service"],
rows=[["192.168.1.1", "80", "HTTP"]]
))
```
### 全面验证
- YAML 安全检查
- 参数验证
- 类型注解强制执行
- 健康诊断
## 🛠️ 开发
### 1. 初始化项目
```
sierra-dev init my_project
cd my_project
```
### 2. 创建调用器
```
import sierra
invoker = sierra.InvokerScript(
name="my_tool",
description="Analyze a target"
)
@invoker.entry_point
def run(target: str) -> None:
"""Analyze a target."""
result = {"target": target, "status": "analyzed"}
sierra.respond(result)
```
### 构建
```
# 4. "Add a package repository" – "Add" translated to "添加", "package repository" kept in English? Or "package repository" might be translated. "Package" is often translated as "包" in technical contexts, but since it's a technical term, keep in English? I think I'll keep "package" in English and "repository" in English. So, "添加 package repository".
sierra-dev check --env test_env
# But "a" is omitted in translation.
sierra-dev build --env test_env -v
# 5. "Search for packages" – "Search for" translated to "搜索", "packages" kept in English? Or translated to "包". To be consistent, keep "packages" in English. So, "搜索 packages".
sierra-dev health --env test_env
```
## 📊 统计
- **14 个 CLI 命令** - 全面的包管理
- **6 个包管理器模块** - 功能完整的包系统
- **类型安全验证** - 基于 AST 的自动检查
- **GitHub 集成** - 使用现有基础设施
### 开发环境设置
```
# 6. "Install a package" – "Install" translated to "安装", "package" kept in English. So, "安装 package".
git clone https://github.com/xsyncio/sierra-dev
cd sierra-dev
# 7. "Build your environment" – "Build" translated to "构建", "environment" kept in English. So, "构建 environment".
pip install -e ".[dev]"
# 8. "✅ Valid - Will pass validation" – This has emojis and a phrase. Translate "Valid" to "有效", "Will pass validation" to "将通过验证". Keep "validation" as it might be technical, but it's translated here. I think "validation" can be translated. So, "✅ 有效 - 将通过验证".
pytest
# 9. "❌ Invalid - Will fail validation" – Similarly, "Invalid" translated to "无效", "Will fail validation" to "将失败验证". So, "❌ 无效 - 将失败验证".
mkdocs serve
```
## 📝 许可证
本项目采用 MIT 许可证 - 详见 [LICENSE](LICENSE) 文件。
## 🔗 链接
- **文档**: https://xsyncio.github.io/sierra-dev/
- **仓库**: https://github.com/xsyncio/sierra-dev
- **问题追踪**: https://github.com/xsyncio/sierra-dev/issues
- **讨论**: https://github.com/xsyncio/sierra-dev/discussions
**Sierra Dev** - 让现代调查工具变得简单。
标签:AST解析, ESC4, invoker脚本, OSINT, Python框架, Sierra平台, YAML验证, 仓库管理, 包管理器, 命令行界面, 开发框架, 数字取证, 文档生成, 文档结构分析, 环境编译, 类型安全, 统一API, 脚本管理, 自动化payload嵌入, 自动化脚本, 自动更新, 调查工具, 软件更新, 逆向工具