工具软件二进制安全C/C++一线开发 [2024]新年快乐!Linux下个人防火墙发布 又过了一年,又老了一岁(也可以叫做从业安全经验又涨了一年),今年是 安全鸭 ### 安全鸭 一款linux下的安全产品目的是满足个人安全需求,基于netfilter ### 测试 目前只测试了Ubuntu和debian,其他系统没有测试,debbian的内核版本是4.19.0-17-amd64,Ubuntu的内核版本是5.4.0-80-generic,其他版本没有测试,如果你的系统内核版本不是这两个版本,那么请自行测试,如果有问题请提交issue,我会尽快修复. ### 功能 1.防火墙 1.SYN扫描保护 2.SSH登录爆破防护 3.本地日志记录 4.端口爆破防护 [] 5.Web CC攻击防护 [] 6.自定义规则 [] 2.入侵检测 [] 1.文件监控 [] 2.进程监控 [] 3.端口监控 [] 4.日志监控 [] 5.自定义规则 [] 3.服务器控制 1.数据可视化 [] 2.服务器管理 [] 3.IOC查询 [] 4.自定义规则 阅读全文 2023-12-03 huoji 0 条评论
工具软件 [2023]FinalShell会造成大量SSH链接 ![](https://key08.com/usr/uploads/2023/12/3259951125.png) 今天上了防火墙才知道的,FinalShell在进行回话的时候会发送大量SSH链接请求服务器,让防火墙把我封了 阅读全文 2023-12-03 huoji 1 条评论
python工具软件 [2021]SSH流量取证工具 在实战中我们经常遇到ssh被爆破登陆后搞这个搞那个 我们需要一个工具来解密ssh流量并且取证 packetStrider就是干这个的 使用: ```bash pip3 install pandas matplotlib pyshark git clone https://github.com/benjeems/packetStrider.git python3 packetStrider-ssh.py -h usage: packetStrider-ssh.py [-h] [-f FILE] [-n NSTREAM] [-m] [-k] [-p] [-z ZOOM] [-d DIRECTION] [-o OUTPUT_DIR] [-w WINDOW] [-s STRIDE] packetStrider-ssh is a packet forensics tool for SSH. It creates a rich feature set from packet metadata such SSH Protocol message content, direction, size, latency and sequencing. It performs pattern matching on these features, using statistical analysis, and sliding windows to predict session initiation, keystrokes, human/script behavior, password length, use of client certificates, context into the historic nature of client/server contact and exfil/infil data movement characteristics in both Forward and Reverse sessions optional arguments: -h, --help show this help message and exit -f FILE, --file FILE pcap file to analyze -n NSTREAM, --nstream NSTREAM Perform analysis only on stream n -m, --metaonly Display stream metadata only -k, --keystrokes Perform keystroke prediction -p, --predict_plot Plot data movement and keystrokes -z ZOOM, --zoom ZOOM Narrow down/zoom the analysis and plotting to only packets "x-y" -d DIRECTION, --direction DIRECTION Perform analysis on SSH direction : "forward", "reverse" OR "both" -o OUTPUT_DIR, --output_dir OUTPUT_DIR Directory to output plots -w WINDOW, --window WINDOW Sliding window size, # of packets to side of window center packet, default is 2 -s STRIDE, --stride STRIDE Stride between sliding windows, default is 1 ``` 解密ssh流量与时间会话: ```bash python3 packetStrider-ssh.py -f tcpdump.pcap -k -p -o out ``` 基本上全出来了 ![](https://key08.com/usr/uploads/2021/04/3355700718.png) github: https://github.com/benjeems/packetStrider 阅读全文 2021-04-11 huoji 0 条评论