-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
707d732
commit c950332
Showing
6 changed files
with
239 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| package main | ||
|
|
||
| // 封装了两个接口,自行切换 “tb” or "zz" | ||
| // 区别在于tb稳定但IDC识别不精确,zzIDC识别精确但不稳定 | ||
|
|
||
| //var apiConfig ="tb" | ||
| var apiConfig ="zz" | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "os/exec" | ||
| "regexp" | ||
| "strings" | ||
| ) | ||
|
|
||
|
|
||
| func netstat()string{ | ||
| cmd := exec.Command("netstat","-anop","tcp") | ||
| buf, _ := cmd.Output() | ||
| return string(buf) | ||
| } | ||
|
|
||
|
|
||
| func main() { | ||
| ipadrs:=make(map[string]string) | ||
| tasks:=make(map[string]string) | ||
| tasks=taskdic() | ||
| res := strings.Split(strings.Replace(netstat(),"\r\n","",-1), "TCP") | ||
| var nw [][] string | ||
| var gw [][] string | ||
| for _,tcp:=range res[1:]{ | ||
| if strings.Contains(tcp, "0.0.0.0") || strings.Contains(tcp, "127.0.0.1"){ | ||
|
|
||
| }else{ | ||
| detail:=strings.Split((delete_extra_space(tcp)), " ") | ||
| re := regexp.MustCompile(`^(127\.0\.0\.1)|(localhost)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3})$`) | ||
| if re.MatchString(detail[2]) { | ||
| var s[]string | ||
| s=append(s,detail[1],detail[2],detail[4],tasks[detail[4]],"本地局域网") | ||
| nw= append(nw, s) | ||
| }else{ | ||
| var s[]string | ||
| var adr string | ||
| if apiConfig=="tb"{ | ||
| adr=GetAdr_TB(ipadrs,strings.Split(detail[2],":")[0]) | ||
| }else if apiConfig=="zz"{ | ||
| adr=GetAdr_ZZ(ipadrs,strings.Split(detail[2],":")[0]) | ||
| }else { | ||
| fmt.Println("接口配置失败") | ||
| break | ||
| } | ||
|
|
||
| s=append(s,detail[1],detail[2],detail[4],tasks[detail[4]],adr) | ||
| //fmt.Println(s) | ||
| gw= append(gw, s) | ||
| } | ||
| } | ||
|
|
||
| } | ||
|
|
||
| fmt.Println("# 内网") | ||
| for _,v:=range nw{ | ||
| fmt.Println(v[0]+"\t"+v[1]+"\t"+v[2]+"\t"+v[3]+"\t"+v[4]) | ||
| } | ||
| fmt.Println("\n# 公网") | ||
| for _,v:=range gw{ | ||
| //fmt.Println(v) | ||
| fmt.Println(v[0]+"\t"+v[1]+"\t"+v[2]+"\t"+v[3]+"\t"+v[4]) | ||
| } | ||
| fmt.Println("\n"+"w(゚Д゚)w!!!有内鬼,终止交易!!!\n一个简单的netstat + tasklist + ipwhois 反入侵检测小工具.\n项目地址:https://github.com/rabbitmask/Netstat") | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "encoding/json" | ||
| "io/ioutil" | ||
| "net/http" | ||
| "strings" | ||
| ) | ||
|
|
||
| type IPInfo struct { | ||
| Data IP `json:"data"` | ||
| } | ||
|
|
||
| type IP struct { | ||
| Country string `json:"country"` | ||
| Region string `json:"region"` | ||
| City string `json:"city"` | ||
| Isp string `json:"isp"` | ||
| } | ||
|
|
||
| func TabaoAPI(ip string) *IPInfo { | ||
| client := &http.Client{} | ||
| req, err := http.NewRequest("POST", "http://ip.taobao.com/outGetIpInfo", strings.NewReader("ip="+ip+"&accessKey=alibaba-inc")) | ||
| checkErr(err) | ||
| req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0") | ||
| req.Header.Set("Content-Type", "application/x-www-form-urlencoded") | ||
| req.AddCookie(&http.Cookie{Name: "test",Value: "test"}) | ||
| resp, err := client.Do(req) | ||
| checkErr(err) | ||
| defer resp.Body.Close() | ||
|
|
||
|
|
||
| out, err := ioutil.ReadAll(resp.Body) | ||
| if err != nil { | ||
| return nil | ||
| } | ||
| var result IPInfo | ||
| if err := json.Unmarshal(out, &result); err != nil { | ||
| return nil | ||
| } | ||
|
|
||
| return &result | ||
| } | ||
|
|
||
| // 基于淘宝api的物理地址及运营商查询 | ||
| func GetAdr_TB(ipadrs map[string]string,ip string)string { | ||
| if _, ok :=ipadrs[ip];ok{ | ||
| return ipadrs[ip] | ||
| }else { | ||
| result:=TabaoAPI(ip) | ||
| adr:= result.Data.Country+" "+result.Data.Region+" "+result.Data.City+" "+result.Data.Isp | ||
| ipadrs[ip]=adr | ||
| return adr | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "strconv" | ||
| "syscall" | ||
| "unsafe" | ||
| ) | ||
|
|
||
| type ulong int32 | ||
| type ulong_ptr uintptr | ||
|
|
||
| type PROCESSENTRY32 struct { | ||
| dwSize ulong | ||
| cntUsage ulong | ||
| th32ProcessID ulong | ||
| th32DefaultHeapID ulong_ptr | ||
| th32ModuleID ulong | ||
| cntThreads ulong | ||
| th32ParentProcessID ulong | ||
| pcPriClassBase ulong | ||
| dwFlags ulong | ||
| szExeFile [260]byte | ||
| } | ||
|
|
||
|
|
||
|
|
||
| func taskdic() map[string]string{ | ||
| tasks:=make(map[string]string) | ||
| kernel32 := syscall.NewLazyDLL("kernel32.dll") | ||
| CreateToolhelp32Snapshot := kernel32.NewProc("CreateToolhelp32Snapshot") | ||
| pHandle, _, _ := CreateToolhelp32Snapshot.Call(uintptr(0x2), uintptr(0x0)) | ||
| if int(pHandle) == -1 { | ||
| } | ||
| Process32Next := kernel32.NewProc("Process32Next") | ||
| for { | ||
| var proc PROCESSENTRY32 | ||
| proc.dwSize = ulong(unsafe.Sizeof(proc)) | ||
| if rt, _, _ := Process32Next.Call(uintptr(pHandle), uintptr(unsafe.Pointer(&proc))); int(rt) == 1 { | ||
| tasks[strconv.Itoa(int(proc.th32ProcessID))]=string(proc.szExeFile[0:]) | ||
| } else { | ||
| break | ||
| } | ||
| } | ||
| CloseHandle := kernel32.NewProc("CloseHandle") | ||
| _, _, _ = CloseHandle.Call(pHandle) | ||
| return tasks | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "regexp" | ||
| "strings" | ||
| ) | ||
|
|
||
| func delete_extra_space(s string) string { | ||
| s1 := strings.Replace(s, " ", " ", -1) | ||
| regstr := "\\s{2,}" | ||
| reg, _ := regexp.Compile(regstr) | ||
| s2 := make([]byte, len(s1)) | ||
| copy(s2, s1) | ||
| spc_index := reg.FindStringIndex(string(s2)) | ||
| for len(spc_index) > 0 { | ||
| s2 = append(s2[:spc_index[0]+1], s2[spc_index[1]:]...) | ||
| spc_index = reg.FindStringIndex(string(s2)) | ||
| } | ||
| return string(s2) | ||
| } | ||
|
|
||
| func checkErr(err error) { | ||
| if err != nil { | ||
| fmt.Println("网络接口故障,请稍后重试") | ||
| return | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| package main | ||
|
|
||
| import ( | ||
| "io/ioutil" | ||
| "net/http" | ||
| "regexp" | ||
| "strings" | ||
| "time" | ||
| ) | ||
|
|
||
| // 基于站长之家api的物理地址及运营商查询 | ||
| func GetAdr_ZZ(ipadrs map[string]string,ip string)string { | ||
| if _, ok :=ipadrs[ip];ok{ | ||
| return ipadrs[ip] | ||
| }else { | ||
| client := &http.Client{} | ||
| req, err := http.NewRequest("POST", "http://ip.tool.chinaz.com", strings.NewReader("ip="+ip)) | ||
| checkErr(err) | ||
| req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0") | ||
| req.Header.Set("Content-Type", "application/x-www-form-urlencoded") | ||
| //req.Header.Set("Cookie", "name=anny") | ||
| req.AddCookie(&http.Cookie{Name: "BAIDUID",Value: "00A1B1EC9FF50D09E8740C2BB49A2120"}) | ||
| resp, err := client.Do(req) | ||
| checkErr(err) | ||
| defer resp.Body.Close() | ||
| body, err := ioutil.ReadAll(resp.Body) | ||
| checkErr(err) | ||
| adr := regexp.MustCompile(`<span class="Whwtdhalf w50-0">(.*?)</span>`).FindAllStringSubmatch(string(body), -1) | ||
| //fmt.Println(ip) | ||
| //fmt.Println(adr) | ||
| ipadrs[ip]=adr[1][1] | ||
| time.Sleep(1) | ||
| return adr[1][1] | ||
| } | ||
| } |