判断一个IP是否能ping通

未分类 
package main

import (
	"time"
	"net"
	"fmt"
)

func isping(ip string) (bool) {
	recvBuf1 := make([]byte, 2048)
	payload:=[]byte{0x08,0x00,0x4d,0x4b,0x00,0x01,0x00,0x10,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69}
	Time, _ := time.ParseDuration("3s")
	conn, err := net.DialTimeout("ip4:icmp", ip,Time)
	if err !=nil {
		fmt.Println("bibi")
		return false
	}
	_,err=conn.Write(payload)
	if err !=nil {
		return false
	}
	conn.SetReadDeadline(time.Now().Add(time.Second * 2))
	num, err := conn.Read(recvBuf1[0:])
	if err !=nil {
		//check 80 3389 443 22 port
		Timetcp, _ := time.ParseDuration("1s")
		conn1, err := net.DialTimeout("tcp", ip+":80",Timetcp)
		if err == nil {
			defer conn1.Close()
			return true
		}

		conn2, err := net.DialTimeout("tcp", ip+":443",Timetcp)
		if err == nil {
			defer conn2.Close()
			return true
		}

		conn3, err := net.DialTimeout("tcp", ip+":3389",Timetcp)
		if err == nil {
			defer conn3.Close()
			return true
		}

		conn4, err := net.DialTimeout("tcp", ip+":22",Timetcp)
		if err == nil {
			defer conn4.Close()
			return true
		}

		return false
	}
	conn.SetReadDeadline(time.Time{})
	if string(recvBuf1[0:num]) !="" {
		return  true
	}
	return false

}

func main()  {
	ip := "172.8.47.213"
	fmt.Println(isping(ip))
}

遍历中国所有IP地址

未分类

#main 

package main

import (
	"libmy"
	"fmt"
)

var iplistchan chan string
var iplistsuccess chan string
var hostsuccess chan string

func insertintochan(iplist []string,iplistchan chan string)  {
	for _,ipcidr := range iplist {
		hosts, _ := libmy.Hosts(ipcidr)
		for _, ip := range hosts {
			iplistchan <- ip
		}
	}
	close(iplistchan)
	iplistsuccess <- "good"

}

func worker(iplistchan chan string)  {
	for {
		if elem, ok := <-iplistchan; ok {
			fmt.Println(elem)
		} else {
			break
		}
	}
	hostsuccess <- "good"
}


func main()  {
	iplistchan=make(chan string ,1000)
	iplistsuccess=make(chan string)
	hostsuccess=make(chan string)
	iplist:=libmy.ReadList("cn1.zone")
	go insertintochan(iplist,iplistchan)

	for i:=0;i<13;i++ {
		go worker(iplistchan)
	}
	<-iplistsuccess
	for j:=0;j<13;j++ {
		<-hostsuccess
	}
}

#lib.go 

package libmy

import "net"
import "os"
import "bufio"
import "fmt"
import "strings"

func Hosts(cidr string) ([]string, error) {
	ip, ipnet, err := net.ParseCIDR(cidr)
	if err != nil {
		return nil, err
	}

	var ips []string
	for ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); inc(ip) {
		ips = append(ips, ip.String())
	}
	return ips[1 : len(ips)-1], nil
}

func inc(ip net.IP) {
	for j := len(ip) - 1; j >= 0; j-- {
		ip[j]++
		if ip[j] > 0 {
			break
		}
	}
}

func ReadList(fileName string) ( [] string) {
	ipListFile, err := os.Open(fileName)
	if err != nil {
		fmt.Println("ERR::" + err.Error())
		os.Exit(1)
	}
	defer ipListFile.Close()
	ipList:=make([]string,0)
	scanner := bufio.NewScanner(ipListFile)
	scanner.Split(bufio.ScanLines)
	for scanner.Scan() {
		ipinfo := strings.TrimSpace(scanner.Text())
		ipList = append(ipList, ipinfo)
	}
	return ipList
}

通过cidr遍历IP地址

未分类 
package main

import (
	"net"
	"fmt"
)

func hosts(cidr string) ([]string, error) {
ip, ipnet, err := net.ParseCIDR(cidr)
if err != nil {
return nil, err
}

var ips []string
for ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); inc(ip) {
ips = append(ips, ip.String())
}
return ips[1 : len(ips)-1], nil
}

func inc(ip net.IP) {
	for j := len(ip) - 1; j >= 0; j-- {
		ip[j]++
		if ip[j] > 0 {
			break
		}
	}
}

func main()  {
	hosts, _ := hosts("192.168.11.9/27")
	for _, ip := range hosts {
		 fmt.Println("sent: " + ip)
	}
}

检测一个端口是否为HTTPS

未分类 
package main

import (
	"fmt"
	"time"
	"net"
	"strconv"
	"os"
)

func main(){
	t:=[]byte{0x16,0x03,0x01,0x00,0xb5,0x01,0x00,0x00,0xb1,0x03,0x03,0xb2,0xd3,0x4d,0xfd,0x63,0xbe,0x89,0xdb,0xe5,0x46,0xcc,0xaf,0x39,0x6e,0xba,0x63,0x63,0x75,0xce,0x30,0xda,0xe0,0x4f,0xab,0xa2,0x3e,0x50,0xea,0x41,0x20,0x10,0xc4,0x00,0x00,0x18,0xc0,0x2b,0xc0,0x2f,0xc0,0x2c,0xc0,0x30,0xc0,0x13,0xc0,0x14,0x00,0x9c,0x00,0x9d,0x00,0x2f,0x00,0x35,0x00,0x0a,0x00,0xff,0x01,0x00,0x00,0x70,0x00,0x00,0x00,0x15,0x00,0x13,0x00,0x00,0x10,0x77,0x77,0x77,0x2e,0x73,0x6f,0x2d,0x63,0x6f,0x6f,0x6c,0x73,0x2e,0x63,0x6f,0x6d,0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02,0x00,0x0a,0x00,0x06,0x00,0x04,0x00,0x17,0x00,0x18,0x00,0x23,0x00,0x00,0x00,0x0d,0x00,0x20,0x00,0x1e,0x06,0x01,0x06,0x02,0x06,0x03,0x05,0x01,0x05,0x02,0x05,0x03,0x04,0x01,0x04,0x02,0x04,0x03,0x03,0x01,0x03,0x02,0x03,0x03,0x02,0x01,0x02,0x02,0x02,0x03,0x00,0x05,0x00,0x05,0x01,0x00,0x00,0x00,0x00,0x00,0x0f,0x00,0x01,0x01,0x00,0x10,0x00,0x0b,0x00,0x09,0x08,0x68,0x74,0x74,0x70,0x2f,0x31,0x2e,0x31}

	Target:="115.239.210.27"
	port:=443
	Time, _ := time.ParseDuration("1s")
	conn, err := net.DialTimeout("tcp", Target+":"+strconv.Itoa(port), Time )

	if err != nil {
		fmt.Println("ERR::" + strconv.Itoa(port) + ">" + err.Error())
		os.Exit(1)
	}
	conn.Write(t)
	recvBuf := make([]byte, 2048)
	conn.SetReadDeadline(time.Now().Add(time.Second * 2))
	_, err = conn.Read(recvBuf[:])
	conn.SetReadDeadline(time.Time{})
	fmt.Println("tlsinfo:")
	fmt.Println( string(recvBuf[:]))
	if string(recvBuf[0:4]) == string([] byte {22,3,3,0}) {
		fmt.Println("this is tls ^_^")
	}else{
		fmt.Println("this is not tls")
	}
	conn.Close()
}

iptables 禁止国外IP访问

未分类

某业务需求,禁止国外IP访问,也能在发生攻击时阻挡部分流量

由于IP地址太多, 直接用iptables 一条一条的去匹配会影响性能,故使用ipset 结合 iptables使用 

yum install ipset
ipset create china hash:net hashsize 10000 maxelem 1000000
#ipset add china 1.2.3.0/24
#ipset list china

把国内的IP段添加进去 

wget http://www.ipdeny.com/ipblocks/data/countries/cn.zone
for i in `cat cn.zone`
do
echo "ipset add china $i" >>ipset_result.sh
done

执行 

chmod +x ipset_result.sh
./ipset_result.sh
# ipset list china  #检验

最后的iptables规则:(封禁了UDP和TCP) 

-A INPUT -s 10.202.72.116/32 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -s 10.202.72.118/32 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -s 114.114.114.114/32 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p udp -j DROP
-A INPUT -s 127.0.0.1/32 -p tcp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j DROP
-A INPUT -m set --match-set china src -j ACCEPT 
-A INPUT -j DROP

ubuntu 16.04 无线网卡+AP

未分类

ubuntu 16.04   RTL8188EUS  无线网卡 安装  加 AP 模式

1.安装USB驱动
首先 插入USB无线网卡

lsusb
Bus 001 Device 011: ID 0bda:8179 Realtek Semiconductor Corp. RTL8188EUS 802.11n Wireless Network Adapter  (ID 0bda:8179 )
# usb id  可在这里查询  http://www.linux-usb.org/usb.ids

cd /opt && git clone https://github.com/lwfinger/rtl8188eu.git

首先安装必要的编译器和linux头文件
sudo apt-get install build-essential linux-headers-$(uname -r)

编译、安装驱动
make all
make install

ls ./

8188eu.ko #驱动文件

modprobe 8188eu  #加载驱动

ifconfig -a

wlx3c46d8c7efa5  #新添加的网卡
echo 8188eu >> /etc/modules  #好像即使不加入开机启动列表,网卡在重启后也能正常工作

2. 创建AP

apt-get install isc-dhcp-server  #dhcpd 服务器
apt-get remove hostapd # apt-get 安装的不支持 rtl871xdrv  驱动
git clone https://github.com/christianeisendle/hostapd_rtl871xdr   #git回来修改好的hostapd源码
cd hostapd_rtl871xdrv/hostapd
make
make install

由于rtl8188eu网卡驱动文件夹中已经自带了control_ap  就不另下(git clone https://github.com/oblique/create_ap.git)

#$DHCPD -cf ~/dhcpd.conf $NET_AP (control_ap中注释掉这一句 因为dhcpd启动有点问题)
./control_ap start wlx3c46d8c7efa5 enp4s0   #创建AP, 这时用手机就会搜索到新创建的AP,但是此时连上去还不能分配到IP

#https://www.92ez.com/?action=show&id=23389 

3.设置DHCPD服务
/etc/init.d/apparmor stop
vim /etc/apparmor.d/usr.sbin.dhcpd
/home/yy/dhcpd.conf rwl
/var/lib/dhcpd/db/dhcpd.leases rwl

#这里注意一定要添加,不然启动dhcp时会报 permission denied 权限错误 就算设置为777一样的报错
/usr/sbin/dhcpd -cf /home/yy/dhcpd.conf wlx3c46d8c7efa5  -user root -group root -lf /var/lib/dhcp/db/dhcpd.leases

然后没有报错的话,就可以用手机进行验证了

#https://help.ubuntu.com/community/isc-dhcp-server

#另也可以直接关闭apparmor就没那么多的麻烦事了, 这东西了,这东西跟selinux差不多

/etc/init.d/apparmor stop

/etc/init.d/apparmor teardown

update-rc.d -f apparmor remove

reboot

apt-get remove apparmor

#另python-nfqueue 抓包时

iptables在此种环境下应该设置为FORWARD表,不要设置为INPUT OUTPUT表 

iptables -I FORWARD -j NFQUEUE --queue-num 2
iptables -I FORWARD -i wlx3c46d8c7efa5 -j NFQUEUE --queue-num 2