SPATool

• Class file generation IR
• IR file generation CFG
• Command line mode

In the future, we may continue to study in the field of static analysis. This is a problem that novices will face when they don’t know how to look at CFG (Control-Flow-Graph control flow graph) and AST (Abstract Syntax Tree abstract syntax tree), which leads to no idea. This is an opportunity for the birth of this tool. Currently, the tool uses Soot to generate CFG and JavaParser to generate AST.

• The first step is to download and install Graphviz and configure environment variables.

​ Download address: https://graphviz.org/download/, reference configuration is as follows.

Check whether the configuration is successful, execute the command dot -h

• GitHub Release Download

  https://github.com/SummerSec/SPATool/releases

• CDN Historical Version Download Page

  https://spat.sumsec.me/version.html

Effect page

GUI instructions

• Instructions for use of AST module

• Instructions for use of CFG module

Cli Instructions

• CLIREADME

This tool is only used for safe self-checking and testing

Any direct or indirect consequences and losses caused by the dissemination or utilization of the information provided by this tool are the responsibility of the user himself, and the author shall not bear any responsibility for this.

I have the right to modify and interpret this tool. Without the permission of the cybersecurity department and relevant departments, you may not use this tool for any attack activities and may not use it for commercial purposes in any way.

This tool is only authorized to investigate problems within the enterprise. Please do not use it for illegal purposes. Please abide by the Cybersecurity Law. Otherwise, the author will not be responsible for the consequences.