diff --git a/config.go b/config.go
new file mode 100644
index 0000000..57ff1f3
--- /dev/null
+++ b/config.go
@@ -0,0 +1,8 @@
+package main
+
+// 封装了两个接口，自行切换 “tb” or "zz"
+// 区别在于tb稳定但IDC识别不精确，zzIDC识别精确但不稳定
+
+//var apiConfig ="tb"
+var apiConfig ="zz"
+
diff --git a/netstat.go b/netstat.go
new file mode 100644
index 0000000..0d31485
--- /dev/null
+++ b/netstat.go
@@ -0,0 +1,66 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"regexp"
+	"strings"
+)
+
+
+func netstat()string{
+	cmd := exec.Command("netstat","-anop","tcp")
+	buf, _ := cmd.Output()
+	return string(buf)
+}
+
+
+func main() {
+	ipadrs:=make(map[string]string)
+	tasks:=make(map[string]string)
+	tasks=taskdic()
+	res := strings.Split(strings.Replace(netstat(),"\r\n","",-1), "TCP")
+	var nw [][] string
+	var gw [][] string
+	for _,tcp:=range res[1:]{
+		if strings.Contains(tcp, "0.0.0.0") || strings.Contains(tcp, "127.0.0.1"){
+
+		}else{
+			detail:=strings.Split((delete_extra_space(tcp)), " ")
+			re := regexp.MustCompile(`^(127\.0\.0\.1)|(localhost)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3})$`)
+			if re.MatchString(detail[2]) {
+				var s[]string
+				s=append(s,detail[1],detail[2],detail[4],tasks[detail[4]],"本地局域网")
+				nw= append(nw, s)
+			}else{
+				var s[]string
+				var adr string
+				if apiConfig=="tb"{
+					adr=GetAdr_TB(ipadrs,strings.Split(detail[2],":")[0])
+				}else if apiConfig=="zz"{
+					adr=GetAdr_ZZ(ipadrs,strings.Split(detail[2],":")[0])
+				}else {
+					fmt.Println("接口配置失败")
+					break
+				}
+
+				s=append(s,detail[1],detail[2],detail[4],tasks[detail[4]],adr)
+				//fmt.Println(s)
+				gw= append(gw, s)
+			}
+		}
+
+	}
+
+	fmt.Println("# 内网")
+	for _,v:=range nw{
+		fmt.Println(v[0]+"\t"+v[1]+"\t"+v[2]+"\t"+v[3]+"\t"+v[4])
+	}
+	fmt.Println("\n# 公网")
+	for _,v:=range gw{
+		//fmt.Println(v)
+		fmt.Println(v[0]+"\t"+v[1]+"\t"+v[2]+"\t"+v[3]+"\t"+v[4])
+	}
+	fmt.Println("\n"+"w(ﾟДﾟ)w！！！有内鬼，终止交易！！！\n一个简单的netstat + tasklist + ipwhois 反入侵检测小工具.\n项目地址：https://github.com/rabbitmask/Netstat")
+}
+
diff --git a/taobaoapi.go b/taobaoapi.go
new file mode 100644
index 0000000..d150a86
--- /dev/null
+++ b/taobaoapi.go
@@ -0,0 +1,55 @@
+package main
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"strings"
+)
+
+type IPInfo struct {
+	Data IP  `json:"data"`
+}
+
+type IP struct {
+	Country   string `json:"country"`
+	Region    string `json:"region"`
+	City      string `json:"city"`
+	Isp       string `json:"isp"`
+}
+
+func TabaoAPI(ip string) *IPInfo {
+	client := &http.Client{}
+	req, err := http.NewRequest("POST", "http://ip.taobao.com/outGetIpInfo", strings.NewReader("ip="+ip+"&accessKey=alibaba-inc"))
+	checkErr(err)
+	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0")
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.AddCookie(&http.Cookie{Name: "test",Value: "test"})
+	resp, err := client.Do(req)
+	checkErr(err)
+	defer resp.Body.Close()
+
+
+	out, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil
+	}
+	var result IPInfo
+	if err := json.Unmarshal(out, &result); err != nil {
+		return nil
+	}
+
+	return &result
+}
+
+// 基于淘宝api的物理地址及运营商查询
+func GetAdr_TB(ipadrs map[string]string,ip string)string {
+	if _, ok :=ipadrs[ip];ok{
+		return ipadrs[ip]
+	}else {
+		result:=TabaoAPI(ip)
+		adr:= result.Data.Country+" "+result.Data.Region+" "+result.Data.City+" "+result.Data.Isp
+		ipadrs[ip]=adr
+		return adr
+	}
+}
diff --git a/taskview.go b/taskview.go
new file mode 100644
index 0000000..443f000
--- /dev/null
+++ b/taskview.go
@@ -0,0 +1,47 @@
+package main
+
+import (
+	"strconv"
+	"syscall"
+	"unsafe"
+)
+
+type ulong int32
+type ulong_ptr uintptr
+
+type PROCESSENTRY32 struct {
+	dwSize              ulong
+	cntUsage            ulong
+	th32ProcessID       ulong
+	th32DefaultHeapID   ulong_ptr
+	th32ModuleID        ulong
+	cntThreads          ulong
+	th32ParentProcessID ulong
+	pcPriClassBase      ulong
+	dwFlags             ulong
+	szExeFile           [260]byte
+}
+
+
+
+func taskdic() map[string]string{
+	tasks:=make(map[string]string)
+	kernel32 := syscall.NewLazyDLL("kernel32.dll")
+	CreateToolhelp32Snapshot := kernel32.NewProc("CreateToolhelp32Snapshot")
+	pHandle, _, _ := CreateToolhelp32Snapshot.Call(uintptr(0x2), uintptr(0x0))
+	if int(pHandle) == -1 {
+	}
+	Process32Next := kernel32.NewProc("Process32Next")
+	for {
+		var proc PROCESSENTRY32
+		proc.dwSize = ulong(unsafe.Sizeof(proc))
+		if rt, _, _ := Process32Next.Call(uintptr(pHandle), uintptr(unsafe.Pointer(&proc))); int(rt) == 1 {
+			tasks[strconv.Itoa(int(proc.th32ProcessID))]=string(proc.szExeFile[0:])
+		} else {
+			break
+		}
+	}
+	CloseHandle := kernel32.NewProc("CloseHandle")
+	_, _, _ = CloseHandle.Call(pHandle)
+	return tasks
+}
\ No newline at end of file
diff --git a/tools.go b/tools.go
new file mode 100644
index 0000000..edaaf93
--- /dev/null
+++ b/tools.go
@@ -0,0 +1,28 @@
+package main
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+func delete_extra_space(s string) string {
+	s1 := strings.Replace(s, "	", " ", -1)
+	regstr := "\\s{2,}"
+	reg, _ := regexp.Compile(regstr)
+	s2 := make([]byte, len(s1))
+	copy(s2, s1)
+	spc_index := reg.FindStringIndex(string(s2))
+	for len(spc_index) > 0 {
+		s2 = append(s2[:spc_index[0]+1], s2[spc_index[1]:]...)
+		spc_index = reg.FindStringIndex(string(s2))
+	}
+	return string(s2)
+}
+
+func checkErr(err error) {
+	if err != nil {
+		fmt.Println("网络接口故障，请稍后重试")
+		return
+	}
+}
diff --git a/zhanzhang.go b/zhanzhang.go
new file mode 100644
index 0000000..38d4a67
--- /dev/null
+++ b/zhanzhang.go
@@ -0,0 +1,35 @@
+package main
+
+import (
+	"io/ioutil"
+	"net/http"
+	"regexp"
+	"strings"
+	"time"
+)
+
+// 基于站长之家api的物理地址及运营商查询
+func GetAdr_ZZ(ipadrs map[string]string,ip string)string {
+	if _, ok :=ipadrs[ip];ok{
+		return ipadrs[ip]
+	}else {
+		client := &http.Client{}
+		req, err := http.NewRequest("POST", "http://ip.tool.chinaz.com", strings.NewReader("ip="+ip))
+		checkErr(err)
+		req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0")
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		//req.Header.Set("Cookie", "name=anny")
+		req.AddCookie(&http.Cookie{Name: "BAIDUID",Value: "00A1B1EC9FF50D09E8740C2BB49A2120"})
+		resp, err := client.Do(req)
+		checkErr(err)
+		defer resp.Body.Close()
+		body, err := ioutil.ReadAll(resp.Body)
+		checkErr(err)
+		adr := regexp.MustCompile(`<span class="Whwtdhalf w50-0">(.*?)</span>`).FindAllStringSubmatch(string(body), -1)
+		//fmt.Println(ip)
+		//fmt.Println(adr)
+		ipadrs[ip]=adr[1][1]
+		time.Sleep(1)
+		return adr[1][1]
+	}
+}
\ No newline at end of file