hackdou
diff --git a/‎README.md‎
Lines changed: 56 additions & 54 deletions b/‎README.md‎
Lines changed: 56 additions & 54 deletions
@@ -1,4 +1,4 @@
-# ![](./pic/logo.png)JavaSecLab 一款综合Java漏洞平台
+# ![](./pic/logo.png)JavaSecLab—A comprehensive Java vulnerability platform
 
 <div align="center">
   <a href="https://www.apache.org/licenses/LICENSE-2.0.html"><img src="https://img.shields.io/github/license/alibaba/transmittable-thread-local?color=blueviolet&logo=apache" alt="License"></a>
@@ -10,98 +10,100 @@
 </div>
 
 
+[中文文档😊](./README_ZH.md)
+
 ----------------------------------------
 
-## 项目介绍
-	JavaSecLab是**一款综合型Java漏洞平台**，提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范、漏洞流量分析，覆盖多种漏洞场景，友好用户交互UI…… 
+## Project introduction
+	JavaSecLab is **the most comprehensive Java vulnerability platform **, providing related vulnerability defect code, repair code, vulnerability scenarios, audit SINK point, security coding specifications, vulnerability traffic analysis, covering a variety of vulnerability scenarios, user-friendly interaction UI......
 
 ![image-20241020143155383](./pic/home.png)
 
 ![show](./pic/show.png)
 
-## 面向人群
+## public-facing
 
-- 安全服务方面：帮助安全服务人员理解漏洞原理(产生、修复、审计)，以及对应漏洞流量分析
+- Security services: Help security service personnel understand the principle of vulnerability (generation, repair, audit), and corresponding vulnerability traffic analysis
 
-- 甲方安全方面：可作为开发安全培训演示，友好的交互方式，帮助研发同学更容易理解漏洞
+- Party A's security: It can be used as a development security training demonstration, a friendly interactive way to help R & D students more easily understand the vulnerability
 
-- 安全研究方面：各种漏洞的不同触发场景，可用于xAST等安全工具测试
+- Security research: Different trigger scenarios for various vulnerabilities can be used for testing security tools such as xAST
 
 
-## 支持漏洞模块
+## Support vulnerability module
 
-- 跨站脚本攻击、跨站请求伪造、CORS、JSONP、URL重定向、XFF伪造、拒绝服务、XPATH注入
+- Cross-site scripting attacks, cross-site request forgery, CORS, JSONP, URL redirection, XFF forgery, denial of service, XPATH injection
 
-- SQL注入、任意文件系列、跨服务端请求伪造、XML实体注入、RCE
+- SQL Injection, arbitrary file family, cross-server request forgery, XML entity injection, RCE
 
-- 逻辑漏洞(IDOR、验证码安全、支付安全、并发安全)、敏感信息泄漏系列、登录对抗系列
+- Logic vulnerabilities (IDOR, verification code security, payment security, concurrency security), sensitive information leakage series, login antagonism series
 
-- SPEL注入、SSTI注入、反序列化、组件漏洞
+- SPEL injection, SSTI injection, deserialization, component vulnerabilities
 
 
-## 在线环境体验
+## Online environment experience
 
 http://whgojp.top/
 
-账号密码：admin/admin
+Account password: admin/admin
 
-## 项目灵感
+## Project inspiration
 
-	曾在甲方单位工作过一段时间，有机会接触到完整的**漏洞生命周期**：很多次做完渗透测试后，通过(TAPD、Jira)发送工单通知研发同学修复漏洞，经常面临着一些问题：**1、研发不知道为什么这是个漏洞？2、研发不知道这个漏洞怎么修复？**
-	由此，一个想法💡油然而生，恰巧自己也懂些开发知识，想着可不可以通过代码的方式让研发同学快速了解漏洞的产生与修复……
+	**I have worked in Party A's unit for a period of time, and had access to the complete vulnerability life cycle ** : After completing penetration tests many times, I sent work orders (TAPD, Jira) to notify the R&D students to fix the vulnerability, and I often faced some problems: **1, the R&D did not know why this was a vulnerability? 2, R&D does not know how to fix this vulnerability? **
+	Thus, an idea 💡 arises spontaneously, and I happen to know some development knowledge, wondering whether I can let the R & D students quickly understand the generation and repair of loopholes through the way of code...
 
-> 平台提供相关漏洞的安全编码规范，甲方朋友在做SDL/DevSecOps建设的时候，可以考虑加入开发安全培训这一环节
+> The platform provides security coding specifications for relevant vulnerabilities, and Party A friends can consider joining the development of security training when doing SDL/DevSecOps construction
 
-	此外，自己也做过安全服务类项目，我想大部分朋友会和我一下，只是按照 信息收集->外网打点->发现漏洞->输出报告 这个流程测试，对于漏洞怎么产生、怎么修复，似乎并不关心……
+	In addition, I have also done security service projects, I think most of my friends will be with me, just according to the information collection -> network -> Discovery of vulnerabilities -> output report this process test, for how the vulnerability is generated, how to repair, it seems not concerned...
 
-	代码审计过程中，通常是先定位SINK点(即代码执行或输出的关键位置)，然后再回溯寻找对应的SOURCE点(即输入或数据来源的位置)。通过将SOURCE点和SINK点串联起来，来完成代码审计工作
+	In the process of code audit, it is common to locate the SINK point (that is, the key location of code execution or output) and then backtrack to find the corresponding SOURCE point (that is, the location of the input or data source). The code audit is done by concatenating the SOURCE and SINK points
 
-> 平台针对每种漏洞提供对应缺陷代码、多种安全安全修复方式(例如：1、升级修复 2、非升级修复)，同时针对代码审计，平台也提供相关漏洞的SINK点
+> For each vulnerability, the platform provides the corresponding defect code and various security repair methods (such as: 1, upgrade repair 2, non-upgrade repair). At the same time, for code audit, the platform also provides the SINK point of related vulnerabilities
 
-	再后来，接触了应用安全产品，SCA、SAST、DAST、RASP等，看待安全漏洞似乎又是另一种角度，对于客户来说，采购的安全工具，无论是扫源码、容器、镜像……，都希望尽可能的扫到更多的漏洞，当然也希望少点误报，笔者也或多或少接触到可达性分析等相关技术，项目中也针对每种漏洞编写了不同的触发场景，感兴趣的朋友可以测试一下……
+	Later, contact with application security products, SCA, SAST, DAST, RASP, etc., looking at security vulnerabilities seems to be another Angle, for customers, the purchase of security tools, whether it is scanning source code, containers, images... Of course, I also hope to less false positives, the author has more or less access to accessibility analysis and other related technologies, the project has also written different trigger scenarios for each vulnerability, interested friends can test it...
 
-> 平台针对同种漏洞提供多种触发场景
+> The platform provides multiple trigger scenarios for the same vulnerability
 
-🆕 更新漏洞流量分析模块，方便师傅们参考学习，以本项目漏洞流量为例，如果您有更好的漏洞流量数据包，欢迎提PR参与项目🌹
+🆕 update the vulnerability traffic analysis module to facilitate teachers' reference and learning. Take the vulnerability traffic of this project as an example. If you have better vulnerability traffic packets, welcome to submit PR to participate in the project 🌹
 
 ![flow1](./pic/flow1.png)
 
-这里以延时注入为例：可以从响应时间明显的看到其流量特征：5秒后服务器响应
+Here, take delayed injection as an example: the traffic characteristic can be clearly seen from the response time: the server responds after 5 seconds
 
 ![flow2](./pic/flow2.png)
 
-## 技术架构
+## Technical architecture
 
 	SpringBoot + Spring Security + MyBatis + Thymeleaf + Layui
 
-## 部署方式
+## Deployment mode
 
-先clone下项目代码
+clone the project code first
 
 ```shell
 git clone https://github.com/whgojp/JavaSecLab.git
 ```
 
 ![image-20240905230400930](./pic/git-clone.png)
 
-### 本地部署-IDEA
+### Local deployment -IDEA
 
-> JDK环境 1.8
+> JDK Environment 1.8
 
-1. 配置数据库(**Mysql 8.0+**)
+1. Configuration Database (**Mysql 8.0+**)
 
-   执行 sql/JavaSecLab.sql 文件
+   Execute the sql/JavaSecLab.sql file
 
-   修改配置文件application.yml active为dev(项目默认为docker 如果搭建的过程中出现数据库连接错误 师傅们可以注意下这里)
+   Modify the configuration file application.yml active to dev(the project default is docker if there is a database connection error during the construction process, teachers can pay attention to here)
 
    ```yaml
    spring:
-     # 环境 dev|docker
+     # Environment dev|docker
      profiles:
        active: dev
    ```
    
-2. 修改application-dev.yml配置文件
+2. Modify the application-dev.yml configuration file
 
 ```yaml
 username: root
@@ -111,13 +113,13 @@ url: jdbc:mysql://localhost:13306/JavaSecLab?characterEncoding=utf8&zeroDateTime
 
 <img src="./pic/login.png" alt="logo" style="zoom:100%;" />
 
-初始账号密码：admin/admin(后台可修改)
+Initial password: admin/admin(can be changed in the background)
 
-### Docker部署(推荐)
+### Docker Deployment (**Recommended**)
 
-> 条件：已安装docker和docker-compose
+> Condition: docker and Docker-Compose are installed
 >
-> docker部署过程中 sql文件没有初始化执行的话(即数据库为空) 需要手动导入下sql文件
+> If the sql file is not initialized during docker deployment (that is, the database is empty), you need to manually import the sql file
 
 ```shell
 mvn clean package -DskipTests
@@ -128,40 +130,40 @@ docker-compose -p javaseclab up -d
 
 ![image-20240905225532698](./pic/deploy-docker2.png)
 
-更多部署方案、部署问题解答详见：[部署指南](https://github.com/whgojp/JavaSecLab/wiki/%E9%83%A8%E7%BD%B2%E6%8C%87%E5%8D%97)
+For details about deployment solutions and deployment questions, see：[Deployment guide](https://github.com/whgojp/JavaSecLab/wiki/%E9%83%A8%E7%BD%B2%E6%8C%87%E5%8D%97)
 
-## 开源协议
+## Open source protocol
 
 	**When we speak of free software, we are referring to freedom, not price.**
 
-本项目遵循 [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0) 协议，详细的许可证内容请参见项目中的 [LICENSE](./LICENSE) 文件。
+This project follows [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0) protocol，the detailed content of License please see the [LICENSE](./LICENSE) file。
 
-## 更新记录
+## Update record
 
-项目的详细更新记录请参阅 [更新日志](https://github.com/whgojp/JavaSecLab/wiki/%E6%9B%B4%E6%96%B0%E6%97%A5%E5%BF%97)
+Project detailed record update, please refer to [update log](https://github.com/whgojp/JavaSecLab/wiki/%E6%9B%B4%E6%96%B0%E6%97%A5%E5%BF%97)
 
-## 一些Tips🙋
+## A few Tips🙋
 
-1. 安全问题：由于是漏洞靶场，因此不建议搭建在公网上使用
-1. 项目中的安全修复代码仅供参考，实际业务中漏洞修复起来可能要复杂的多……
-1. **问题/建议反馈：如果遇到一些项目问题或者更好的建议，欢迎各位师傅可以提Issue或加交流群进行反馈**
-1. **看到这里，师傅觉得项目有用的话，麻烦动动手点个star吧，非常感谢🙏**
+1. Security issues: Because it is a vulnerability shooting range, it is not recommended to use it on the public network
+1. The security repair code in the project is for reference only, and the actual business vulnerability repair may be much more complex...
+1. **Problem/Suggestion feedback: If you encounter some project problems or better suggestions, you are welcome to raise an Issue or add a communication group for feedback **
+1. **See here, if the master thinks the project is useful, please move and click a star, thank you very much 🙏**
 
-## 关于作者
+## About the author
 
-作者博客：[今天是几号](https://blog.csdn.net/weixin_53009585)
+Author's blog：[今天是几号](https://blog.csdn.net/weixin_53009585)
 
-**如果师傅同样对开发安全、应用安全、SDL、漏洞靶场等感兴趣的话，欢迎加交流群一起探讨……**
+**If the master is also interested in development security, application security, SDL, vulnerability shooting range, etc., welcome to join the exchange group to discuss... **
 
 <div style="text-align: center;">
     <img src="./pic/wechat.png" alt="description" width="271" height="366" />
       <img src="./pic/group.png" alt="description" width="271" height="366" />
 </div>
 
 
-## 赞助开源
+## Sponsor open source
 
-	如果您觉得这个工具对您有帮助，不妨考虑支持一下作者的开发工作。您的赞助将用于维护在线服务器和持续优化项目功能，非常感谢您的鼓励和支持！
+	If you find this tool helpful, consider supporting the author's development efforts. Your sponsorship will be used to maintain the online server and continuously optimize the project function, thank you very much for your encouragement and support!
 
 <div style="text-align: center;">
     <img src="./pic/donate.jpg" style="width: 40%; height: auto;"/>