最近在github上发现了个牛逼到不行的v2ray调优的帖子,配置好后速度和延迟翻了整整6倍,记录一下
搬瓦工CN2机房下载速度大概在10MB/s左右,youtube 4k不卡
urllib2.ProxyBasicAuthHandler用来挂载访问网页时的代理
def build_opener(self): cookiejar = cookielib.FileCookieJar(cookiefile) cookie_handler = urllib2.HTTPCookieProcessor(cookiejar) redirect_handler = urllib2.HTTPRedirectHandler() #proxy_handler = urllib2.ProxyHandler() #proxy_auth_handker = urllib2.ProxyBasicAuthHandler() return urllib2.build_opener(cookie_handler, redirect_handler)
def install_proxy(): USE_PROXY=True import urllib2 global urlretrieve proxy_handler = urllib2.ProxyHandler({'http': 'http://proxy.cma-cgm.com:8080/'}) proxy_auth_handler = urllib2.ProxyBasicAuthHandler() #proxy_auth_handler.add_password('realm', 'host', 'username', 'password') opener = urllib2.build_opener(proxy_handler, proxy_auth_handler) # This time, rather than install the OpenerDirector, we use it directly: urlretrieve=opener.open
def get_urlopen(): proxy_type = get_prefs('proxy_type') if proxy_type == 'http': scheme = 'http' host = str(get_prefs('proxy_host')) port = str(get_prefs('proxy_port')) url = scheme + '://' + host + ':' + port if get_prefs('proxy_auth'): proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url }) username = str(get_prefs('proxy_auth_name')) password = str(get_prefs('proxy_auth_password')) auth_handler = urllib2.ProxyBasicAuthHandler() auth_handler.add_password(None, url, username, password) return urllib2.build_opener(proxy_support, auth_handler).open else: proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url }) return urllib2.build_opener(proxy_support).open elif proxy_type == 'system': if 'http_proxy' in os.environ and os.environ["http_proxy"]: url = os.environ["http_proxy"] elif 'HTTP_PROXY' in os.environ and os.environ["HTTP_PROXY"]: url = os.environ["HTTP_PROXY"] else: url = None if not url: return urllib2.urlopen else: proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url }) return urllib2.build_opener(proxy_support).open else: return urllib2.urlopen
def get_urlopen(): proxy_type = get_prefs('proxy_type'); if proxy_type == 'http': scheme = 'http' host = str(get_prefs('proxy_host')) port = str(get_prefs('proxy_port')) url = scheme + '://' + host + ':' + port if get_prefs('proxy_auth'): proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url }) username = str(get_prefs('proxy_auth_name')) password = str(get_prefs('proxy_auth_password')) auth_handler = urllib2.ProxyBasicAuthHandler() auth_handler.add_password(None, url, username, password) return urllib2.build_opener(proxy_support, auth_handler).open else: proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url }) return urllib2.build_opener(proxy_support).open elif proxy_type == 'system': if 'http_proxy' in os.environ and os.environ["http_proxy"]: url = os.environ["http_proxy"] elif 'HTTP_PROXY' in os.environ and os.environ["HTTP_PROXY"]: url = os.environ["HTTP_PROXY"] else: url = None if not url: return urllib2.urlopen else: proxy_support = urllib2.ProxyHandler({ 'http': url, 'https': url }) return urllib2.build_opener(proxy_support).open else: return urllib2.urlopen
def _opener(self): build = [urllib2.HTTPHandler()] if self.request.redirect: build.append(urllib2.HTTPRedirectHandler()) if self.request.proxy_host and self.request.proxy_port: build.append(urllib2.ProxyHandler( {self.request.proxy_protocol: self.request.proxy_host + ':' + str(self.request.proxy_port)})) if self.request.proxy_username: proxy_auth_handler = urllib2.ProxyBasicAuthHandler() proxy_auth_handler.add_password('realm', 'uri', self.request.proxy_username, self.request.proxy_password) build.append(proxy_auth_handler) if self.request.cookies: self.request.cookies = os.path.join(self._dirname, self.request.cookies) self.cookies = cookielib.MozillaCookieJar() if os.path.isfile(self.request.cookies): self.cookies.load(self.request.cookies) build.append(urllib2.HTTPCookieProcessor(self.cookies)) urllib2.install_opener(urllib2.build_opener(*build))
def setup_opener(self, url, timeout): """ Sets up a urllib OpenerDirector to be used for requests. There is a fair amount of custom urllib code in Package Control, and part of it is to handle proxies and keep-alives. Creating an opener the way below is because the handlers have been customized to send the "Connection: Keep-Alive" header and hold onto connections so they can be re-used. :param url: The URL to download :param timeout: The int number of seconds to set the timeout to """ if not self.opener: http_proxy = self.settings.get('http_proxy') https_proxy = self.settings.get('https_proxy') if http_proxy or https_proxy: proxies = {} if http_proxy: proxies['http'] = http_proxy if https_proxy: proxies['https'] = https_proxy proxy_handler = ProxyHandler(proxies) else: proxy_handler = ProxyHandler() password_manager = HTTPPasswordMgrWithDefaultRealm() proxy_username = self.settings.get('proxy_username') proxy_password = self.settings.get('proxy_password') if proxy_username and proxy_password: if http_proxy: password_manager.add_password(None, http_proxy, proxy_username, proxy_password) if https_proxy: password_manager.add_password(None, https_proxy, proxy_username, proxy_password) handlers = [proxy_handler] basic_auth_handler = ProxyBasicAuthHandler(password_manager) digest_auth_handler = ProxyDigestAuthHandler(password_manager) handlers.extend([digest_auth_handler, basic_auth_handler]) debug = self.settings.get('debug') if debug: console_write(u"Urllib Debug Proxy", True) console_write(u" http_proxy: %s" % http_proxy) console_write(u" https_proxy: %s" % https_proxy) console_write(u" proxy_username: %s" % proxy_username) console_write(u" proxy_password: %s" % proxy_password) secure_url_match = re.match('^https://([^/]+)', url) if secure_url_match != None: secure_domain = secure_url_match.group(1) bundle_path = self.check_certs(secure_domain, timeout) bundle_path = bundle_path.encode(sys.getfilesystemencoding()) handlers.append(ValidatingHTTPSHandler(ca_certs=bundle_path, debug=debug, passwd=password_manager, user_agent=self.settings.get('user_agent'))) else: handlers.append(DebuggableHTTPHandler(debug=debug, passwd=password_manager)) self.opener = build_opener(*handlers)
In today’s technological expansion everything seems to be connected to the Internet, for instance in my own home I have my refrigerator, thermostat, video cameras, tablets, cell phone, TV, xbox, DirecTV box, printer, security system, laptops, servers, workstations, Ethernet tap, a switch and a router all connected to the Internet! This is all collectively referred to as the Internet of Things, basically everything connected to the interwebs.A lot of devices that connect to the internet now are a combination of hardware and software (firmware) and are not commonly updated and patched as that requires typically flashing the firmware. New vulnerabilities are being discovered daily in these devices and being used in botnets to conduct massive Distributed Denial of Service attacks.
There is a new botnet being used to conduct IoT attacks and it is called Mirai and the source code has been leaded onto github here https://github.com/jgamblin/Mirai-Source-Code
Mirai functions by infecting IoT devices by trying to brute force their passwords.The tactic it uses to brute force passwords is entering commonly used and default passwords. Several things have been noted in Mirai.Such as the bots being written in C and the command & control being written in Go and the fact it contains a list of IPs for which to avoid activating its scans on.
代码审计工具收集
Tool | Language(s) | Avail. | CCR | Finds or Checks for | as of |
ABASH | Bash | free | String expansion errors, option insertion errors, and other weaknesses that may lead to security vulnerabilities. | Mar-12 | |
ApexSec Security Console | PL/SQL(Oracle Apex) | Recx | SQL Injection, Cross-Site Scripting, Access Control and Configuration issues within an Apex application | Mar-10 | |
Astrée | C | AbsInt | undefined code constructs and run-time errors, e.g., out-of-bounds array indexing or arithmetic overflow. | Jun-09 | |
BOON | C | free | integer range analysis determines if an array can be indexed outside its bounds | Feb-05 | |
bugScout | Java, C#, Visual Basic, ASP, php | buguroo | multiple security failures, such as deprecated libraries errors, vulnerable functions, sensitive information within the source code comments, etc. | Mar-12 | |
C/C++test® | C, C++ | Parasoft | defects such as memory leaks, buffer issues, security issues and arithmetic issues, plus SQL injection, cross-site scripting, exposure of sensitive data and other potential issues | Dec-13 | |
dotTEST™ | C#, VB.NET, MC++ | ||||
Jtest® | Java | ||||
HP Code Advisor (cadvise) | C, C++ | HP | many lint-like checks plus memory leak, potential null pointer dereference, tainted data for file paths, and many others | Dec-13 | |
Checkmarx CxSAST | Java, JavaScript, PHP, C#, VB.NET, VB6, ASP.NET, C/C++, Apex, Ruby, Perl, Objective-C, Python, Groovy, HTML5, Swift, APEX, J2SE, J2EE | Checkmarx | All OWASP Top 10 and SANS 25 vulnerabilities and compliance with PCI-DSS, HIPAA, and MISRA requirements along with custom queries, all with a low rate of false-positives and easy to integrate throughout the SDLC. | Mar-16 | |
Clang Static Analyzer | C, Objective-C | free | Resports dead stores, memory leaks, null pointer deref, and more. Uses source annotations like “nonnull”. | Aug-10 | |
Closure Compiler | JavaScript | free | Removes dead code, checks syntax, variable references and types and warns about common JavaScript pitfalls. | Feb-14 | |
CodeCenter | C | ICS | incorrect pointer values, illegal array indices, bad function arguments, type mismatches, and uninitialized variables | Apr-11 | |
CodePeer | Ada | AdaCore | detects uninitialized data, pointer misuse, buffer overflow, numeric overflow, division by zero, dead code, concurrency faults (race conditions), unused variables, etc. | Apr-10 | |
CodeSecure | ASP.NET, C#, PHP, Java, JSP, VB.NET, others | Armorize Technologies | XSS, SQL Injection, Command Injection, tainted data flow, etc. | Aug-12 | |
CodeSonar | C and C++ | GrammaTech | null-pointer dereferences, divide-by-zeros, buffer over- and underruns | Nov-12 | |
Coverity SAVE™ | C, C++, Java, C# | Coverity | flaws and security vulnerabilities – reduces false positives while minimizing the likelihood of false negatives. | Apr-11 | |
Cppcheck | C, C++ | free | pointer to a variable that goes out of scope, bounds, classes (missing constructors, unused private functions, etc.), exception safety, memory leaks, invalid STL usage, overlapping data in sprintf, division by zero, null pointer dereference, unused struct member, passing parameter by value, etc. Aims for no false positives. | Feb-10 | |
CQual | C | free | uses type qualifiers to perform a taint analysis, which detects format string vulnerabilities | Feb-05 | |
Csur | C | free | cryptographic protocol-related vulnerabilities | Apr-06 | |
DoubleCheck | C, C++ | Green Hills Software | like buffer overflows, resource leaks, invalid pointer references, and violations of … MISRA | Jul-07 | |
FindBugs | Java, Groovy, Scala | free | Null pointer deferences, synchronization errors, vulnerabilities to malicious code, etc. It can be used to analyse any JVM languages. | Sep-12 | |
FindSecurityBugs | Java, Groovy, Scala | free | Extends FindBugs with more security detectors (Command Injection, XPath Injection, SQL/HQL Injection, Cryptography weakness and many more). | Jun-16 | |
Flawfinder | C/C++ | free | uses of risky functions, buffer overflow (strcpy()), format string ([v][f]printf()), race conditions (access(), chown(), and mktemp()), shell metacharacters (exec()), and poor random numbers (random()). | 2005 | |
Fluid | Java | call | “analysis based verification” for attributes such as race conditions, thread policy, and object access with no false negatives | Oct-05 | |
Goanna Studio and Goanna Central | C, C++ | Red Lizard Software | memory corruptions, resource leaks, buffer overruns, null pointer dereferences, C++ hazards, MISRA C 2012, … | Mar-15 | |
HP QAInspect | C#, Visual Basic, JavaScript, VB Script | Fortify | application vulnerabilities | Apr-11 | |
Insight | C, C++, Java, and C# | Klocwork | Buffer overflow, un-validated user input, SQL injection, path injection, file injection, cross-site scripting, information leakage, weak encryption and vulnerable coding practices, as well as quality, reliability and maintainability issues. | May-11 | |
Jlint | Java | free | bugs, inconsistencies, and synchronization problems | Aug-12 | |
LAPSE | Java | free | helps audit Java J2EE applications for common types of security vulnerabilities found in Web applications. | Sep-06 | |
ObjectCenter | C/C++ | ICS | “run-time and static error detection … more than 250 types of errors, including more than 80 run-time errors … inter-module inconsistencies” | Apr-11 | |
Parfait | C/C++ ? | Oracle proprietary | Apr-13 | ||
PLSQLScanner 2008 | PLSQL | Red-Database-Security | SQL Injection, hardcoded passwords, Cross-site scripting (XSS), etc. | Jun-08 | |
PHP-Sat | PHP | free | static analysis tool, XSS, etc. description | Sep-06 | |
Pixy | PHP | free | static analysis tool, only detect XSS and SQL Injection. No home page? | Jun-14 | |
PMD | Java | free | questionable constructs, dead code, duplicate code | Feb-06 | |
PolySpace | Ada, C, C++ | MathWorks | run-time errors, unreachable code | Sep-13 | |
PREfix and PREfast | C, C++ | Microsoft proprietary | Feb-06 | ||
pylint | Python | free | Checks for errors and looks for bad code smells. | Feb-14 | |
QA-C, QA-C++, QA-J | C, C++, Java | Programming Research | A suite of static analysis tools, with over 1400 messages. Detects a variety of problems from undefined language features to redundant or unreachable code. | May-09 | |
Qualitychecker | VB6, Java, C# | Qualitychecker | static analysis tool | Sep-07 | |
Rational AppScan Source Edition | C, C++, Java, JSP, ASP.NET, VB.NET, C# | IBM (formerly Ounce Labs) | coding errors, security vulnerabilities, design flaws, policy violations and offers remediation | Aug-10 | |
RATS (Rough Auditing Tool for Security) | C, C++, Perl, PHP, Python | free | potential security risks | Sep-13 | |
Resource Standard Metrics(RSM) | C, C++, C#, and Java | M Squared Technologies | Scan for 50 readability or portability problems or questionable constructs, e.g. different number of “new” and “delete” key words or an assignment operator (=) in a conditional (if). | Apr-11 | |
RIPS | PHP | free and RIPS Tech | all types of injection vulnerabilities, including PHP-specific and second-order vulnerabilities | May-16 | |
Smatch | C | free | simple scripts look for problems in simplified representation of code. primarily for Linux kernel code | Apr-06 | |
SCA | ASP.NET, C, C++, C# and other .NET languages, COBOL, Java, JavaScript/AJAX, JSP, PHP, PL/SQL, Python, T-SQL, XML, and others | Fortify Software | security vulnerabilities, tainted data flow, etc. “more than 470 types of software security vulnerabilities” | Aug-12 | |
SPARK tool set | SPARK (Ada subset) | Altran | ambiguous constructs, data- and information-flow errors, any property expressible in first-order logic (Examiner, Simplifier, and SPADE) | Aug-06 | |
SPARROW | C/C++, Java, JSP, JavaScript, C#, ASP(.NET), Objective-C, PHP, VB.NET, VBScript, HTML, SQL, XML | Fasoo | OWASP Top 10, SANS 25, CWE, CERT vulnerabilities, MISRA, efficient and effective issue management based on machine learning technology | Aug-16 | |
Splint | C | free | security vulnerabilities and coding mistakes. with annotations, it performs stronger checks | 2005 | |
TBmisra®, TBsecure® | C, C++, Java, Ada, Assembler | LDRA | The TBsecure module for LDRA Testbed® comes with the Carnegie Mellon Software Engineering Institute (SEI) CERT C secure coding standard. TBsecure identifies concerns such as buffer overflow, out-of-bounds array access, dangling pointers, double-free, and dereferencing null pointer. Other modules handle High Intergrity C++, HIS, IPA/SEC C, JSF++ AV, MISRA C/C++, and Netrino C. | 2013 | |
UNO | C | free | uninitialized variables, null-pointers, and out-of-bounds array indexing and “allows for the specification and checking of a broad range of user-defined properties”. aims for a very low false alarm rate. | Oct-07 | |
PVS-Studio | C++ | OOO “Program Verification Systems” (Co LTD) | PVS-Studio is a static analyer that detects errors in source code of C/C++/C++0x applitations. There are 3 sets of rules included in PVS-Studio: (1) Diagnosis of 64-bit errors (Viva64) (2) Diagnosis of parallel errors (VivaMP) (3) General-purpose diagnosis | Jan-10 | |
xg++ | C | unk | kernel and device driver vulnerabilities in Linux and OpenBSD through range checking, etc. | Feb-05 | |
Yasca | Java, C/C++, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, etc. | free | a “glorified grep” and aggregator of other tools, including: FindBugs, PMD, JLint, JavaScript Lint, PHPLint, CppCheck, ClamAV, RATS, and Pixy. “It is designed to be very flexible and easy to extend. … writing a new rule is as easy as coming up with a regular expression” | Mar-10 | |
WAP | PHP | free | Finds or checks for: SQL Injection (SQLI) / Cross-site scripting (XSS) / Remote File Inclusion (RFI) / Local File Inclusion (LFI) / Directory Traversal or Path Traversal (DT/PT) / Source Code Disclosure (SCD) / OS Command Injection (OSCI) / PHP Code Injection |
一直想学习逆向分析,先攒点资料吧
摘自:http://www.freebuf.com/articles/system/119374.html
从事搬砖(逆向分析)这行也有好多年了,期间分析各种不同类型的样本,从最开始的window时代的鬼影第三代到第六代,蠕虫病毒,输入法,感染型,灰鸽子远程,熊猫烧香,游戏盗号,QQ盗号等样本,到后面Android时代的各种截持短信,流氓推广,弹广告,刷流量,刷ROM,以及后面手机端蠕虫,敲诈者,百脑虫,FakeDebugger,GhostPush,ios/mac上WireLurker,XcodeGhost,YiSpecter,ZergHelper,BackStab,KeyRaider,TinyV的等样本,以及现在linux上的一些恶意样本等,做为一名从业人员,有些是公司要求分析的,有些是自己觉得好玩下载分析的,我简单说说一些学习技巧与方法,需要的知识点,以及分析的大致流程。
(1)拿到一个样本,不管是什么,先弄清它是什么文件格式,这里就要求你要对不同的文件格式有所了解了:window(PE),linux(ELF),android(dex,ELF),ios/mac(mach-o)
(2)然后看样本有没有壳或加密,如果有壳就脱壳,有加密就看能不能解密
(3)脱完壳,解完密,后面就是动+静态分析了
动态调试:window(od,windbg),linux(gdb,edb),android(jeb,ida),ios/mac(lldb)
静态调试: ida,010Editor,readelf,objdump,string等
前几天,半个美国的吃瓜群众纷纷表示上不了网了。经过各种调查,发现是一个代号为 Mirai(日语:未来)的病毒感染了物联网设备,形成了一个僵尸网络,最终这个超大型的僵尸网络向美国某 DNS 公司的服务器发起了 DDoS 攻击。Mirai 的 C 语言源码在网上很容易获取到,刚好我最近在上计算机病毒课,于是就下载下来研究了一下,顺便看一下以自己现在的能力可以理解到哪一步。
下载下来之后粗略看了一下,第一感觉就是作者的代码风格真的是超级好!不光代码格式很赞(虽说大括号放到了下一行),而且变量名、文件名都很有目的性,重要的地方都写了注释或者打了 log,因此分析起来还是相对比较简单的。
Mirai 源码目录结构是这样的:
Mirai_Source_Code ├─loader # 加载器 │ ├─bins # 一部分二进制文件 │ └─src # 加载器的源码 │ └─headers └─mirai # 病毒本体 ├─bot # 攻击、扫描器、域名解析等模块 ├─cnc # 使用 go 语言写的服务器程序 └─tools # 存活状态检测、加解密、下载文件等功能
在执行安全事务时,利用端口扫描搜集信息是非常重要的。当我们试着将可接受的超时时间设置得较长时,扫描就要花费大量时间。
但是,如果我们需要扫描大量主机呢?或是说要扫描整个网络呢?这类情况下,我们需要找到一种方法能够将负载分发到多台主机上并行扫描。
幸运地是,这样的工具已经被开发出来了,它可以创建并管理一个主机集群,集群中的每台主机使用各自的带宽进行端口扫描。
2009年,Sebastian Garcia利用Python下的Twisted框架开发了DNmap。DNmap使用标准的客户端/服务端(C/S)架构创建分布式的Nmap扫描网 络。DNmap是Backtrack默认包含的工具之一,而且可以在任何装有Python的系统下轻松安装。
要注意的是,在安装并运行DNmap之前,要确保客户端能够运行任何发送给它们的Nmap命令。DNmap的设计导致它无法阻止服务器对客户端的滥用,因此你要确保能够信任你要链接的服务端。
在C#的System.Diagnostics.ProcessStartinfo类可以支持设置进程启动时隐藏窗口,今天再来分享一个使用WMI对象的的方法来隐藏启动程序的窗口。使用Win32_Process可以直接启动一个进程,但是缺少对这个进程的控制:比如让它隐藏自己的窗口。下面的的例子可以做到这一点:
function start-hiddenproc { [CmdletBinding()] param( [string]$processname = 'notepad.exe' ) $startclass = Get-CimClass -ClassName Win32_ProcessStartup $startinfo = New-CimInstance -CimClass $startclass -Property @{ShowWindow = 0} -ClientOnly $class = Get-CimClass -ClassName Win32_Process Invoke-CimMethod -CimClass $class -MethodName Create -Arguments @{ Commandline = $processname; ProcessStartupInformation = [CimInstance]$startinfo } }
该函数将要执行的进程的路径作为参数,这也方便你在脚本中加入验证路径是否存在的逻辑。
脚本所体现的是PowerShell的编程特性,是任务自动化的基础。函数是比脚本粒度更细的代码复用单元,可以定义在命令行中或者脚本中。作用域就是变量和函数的作用范围,是执行上下文的划分。
函数就是命名的命令列表,与一般编程语言中的函数概念具有相同的范畴。函数中不但可以有简单命令,还可以有控制流程的命令,如if、while、switch等。函数可以有匿名参数或者命名参数列表。命令参数列表可以用大括号或者Param关键字定义。匿名函数可以使用$Args变量来访问。函数也可接收来自管道的对象作为输入,管道对象可以通过$input变量类访问。
在脚本中定义的函数,可以定义在#require命令和Param关键字之后的任何位置,但要定义在调用之前。还有,自定义的函数不会自动运行,需要被明确调用。可以使用filter或者function定义函数,用filter关键字定义的函数比较简单,而使用function关键字定义的函数可以有更加复杂的功能。
简单函数定义示例如下:
function SayHello { "Hello" }
函数调用方法与使用Cmdlet方法相似,输入SayHello,并回车。则结果为Hello。