个人常用工具及命令脚本:

1、DDOS攻击工具:
trafgen:
https://www.cnblogs.com/lsgxeva/p/9188556.html
https://github.com/zzygithub/ddos-dos-tools
https://github.com/trafgen/DPDK-Suricata_3.0
https://github.com/trafgen/simpleNids

    hping3:

    yum install hping3 -y

  hping3 -q -n -S -p port --flood ip
2、性能测试工具:
思科TRex:
https://tech-zh.netlify.app/articles/zh-cn510086/
3、Bash漏洞利用工具:
https://www.secpulse.com/archives/917.html
4、监控工具:
https://www.jianshu.com/p/500db0de28b5
5、CVE工具:
https://www.tooleyes.com/tag/CVE/
6、解压缩命令:
https://www.linuxprobe.com/linux-tar.html

# Centos7安装python3:https://www.huaweicloud.com/articles/0b72bf69bb70f1c89ef1872ce2c21560.html
yum install -y libpcap-devel
yum install -y gcc gcc-c++
yum install -y tcl tcl-devel
yum install -y libpcap libpcap-devel
yum -y groupinstall development
yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel ibffi-devel
wget https://www.python.org/ftp/python/3.9.7/Python-3.9.7.tgz
tar -zxvf Python-3.9.7.tgz 
mkdir /usr/local/python3
mv Python-3.9.7 /usr/local/python3/
cd /usr/local/python3/
cd Python-3.9.7/
 ./configure --prefix=/usr/local/python3
make && make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
cd /etc/profile.d
echo 'export PATH=$PATH:/usr/local/python3/bin/' > python3.sh
python3

# ab安装:
yum -y install httpd-tools 

#安装hping3:
https://blog.csdn.net/rendong_yang/article/details/88943062
https://www.linuxprobe.com/linux-hping.html
https://tools.kali.org/information-gathering/hping3
https://wangchujiang.com/linux-command/c/hping3.html
https://blog.csdn.net/wuyou1995/article/details/105359014
yum install libpcap-devel tc-devel
yum install wget -y
wget http://www.hping.org/hping3-20051105.tar.gz
tar zxvf hping3-20051105.tar.gz
cd hping3-20051105
yum install -y libpcap-devel
yum install -y gcc gcc-c++
yum install -y tcl tcl-devel
vi bytesex.h
./configure
yum install -y libpcap libpcap-devel
make
find / -name bpf.h
ln -sf /usr/include/pcap-bpf.h /usr/include/net/bpf.h
vi Makefile.in 
make
make strip
make install
mkdir /usr/local/man
mkdir /usr/local/man/man8
mkdir install
hping3 -v

while :
do
	hping3 -2 -s 7788 -p 4153 -k -c 1 -d 5000 10.50.36.40
	hping3 -S -s 7789 -p 4154 -k -c 1 -d 4000 10.50.36.40
	hping3 -1 -d 4500 -c 1 10.50.36.40
sleep 5
done

# nmap安装:
https://www.cnblogs.com/freeweb/p/6903915.html

# vlan工具安装:
http://blog.sina.com.cn/s/blog_69c81c3e0102y6gq.html
yum -y install epel-release
yum -y install vconfig -y

#snmpwalk下载:
yum install net-snmp* -y


----------------------------------------------------------
mysql操作手册:
https://zhuanlan.zhihu.com/p/277889664
https://www.cnblogs.com/alibai/p/4038954.html
# 导出数据库
# mysqldump -u 用户名 -p 数据库名 > 导出的文件名	
mysqldump -u root -p mywaf > test_db.sql
# mysqldump -u 用户名 -p 数据库名 表名> 导出的文件名
mysqldump -u root -p mywaf alarms> test_users.sql

一对:追加:不能重复导入
# 表数据导出到文件中:
select * from alarms into outfile "test.txt";
# 表数据导入到文件中:
load data infile 'test.txt' into table 表 ;
# 清空数据表:
truncate table alarms;
# 导出数据到文件中
mysqldump -u root -p mywaf alarms> test.bak
# 导入数据到表文件中
source /data/mysql/mywaf/test.bak;
#去掉密码自动输入
mysqldump -u root  --password=mywaf mywaf alarms> test2.bak
#basi中启用日志:
/waf/system_service/basic_inspector/basic_inspector.conf 
	log 127.0.0.1 local3 info
	option httplog
	log global
	capture request header Host len 15
	capture request header Content-Type len 30
	capture request header Content-Length len 10
	log-format %ci:%cp/%b/%si:%sp\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %U/%B\ %hr\ %{+Q}r
	
#syslog中添加路径:
/etc/syslog-ng/syslog-ng.conf:
	destination d_basc { file("/data/logs/basc.log"); };
	filter f_basc { facility(loacl3); };
	log { source(s_udp); filter(f_basc); destination(d_basc); };

# 重启basic:
/waf/system_service/basic_inspector/run
# 重启syslog:
syslog-ng -p /var/run/syslog-ng.pid

-----------****************************
#!/bin/bash
TOP_PATH=$(cd `dirname $0`; pwd) ; cd $TOP_PATH
echo "脚本正在执行,请耐心等待!"
rm -rf /data/tmp_wz
mkdir -p /data/tmp_wz/net/
mysqldump -u root --password=mywaf mywaf web_traffic                >/data/tmp_wz/web_traffic.sql
mysqldump -u root --password=mywaf mywaf web_traffics               >/data/tmp_wz/web_traffics.sql
mysqldump -u root --password=mywaf mywaf web_traffic_tops           >/data/tmp_wz/web_traffic_tops.sql
mysqldump -u root --password=mywaf mywaf web_traffic_index          >/data/tmp_wz/web_traffic_index.sql
mysqldump -u root --password=mywaf mywaf web_traffics_index         >/data/tmp_wz/web_traffics_index.sql
mysqldump -u root --password=mywaf mywaf historial_web_traffic_tops >/data/tmp_wz/historial_web_traffic_tops.sql
cp -af /data/net_traffic_* /data/tmp_wz/net/
find /data/access_input/ -type f | sed '$d' | xargs echo  | xargs tar zcvf /data/tmp_wz/access_input.tgz
sleep 3
tar zcvf /data/tmp_wz.tgz /data/tmp_wz/ --remove-files
echo "脚本执行完毕! 请将 /data/tmp_wz.tgz 下的文件夹拷贝出来,交给相关人员"
-*----------------------------***************************************
#!/usr/bin/bash
echo "脚本正在执行,请耐心等待!"
cd /root/
rm -rf wz
mkdir wz
mkdir wz/net
a="/data/mysql/mywaf/web_traffic.txt"
b="/data/mysql/mywaf/web_traffic_tops.txt"
c="/data/mysql/mywaf/web_traffics.txt"
rm -f $a
rm -f $b
rm -f $c
passwd=mywaf
/usr/bin/mysql -umywaf -p$passwd <<__EOF
use mywaf;
select * from web_traffic into outfile 'web_traffic.txt';
select * from web_traffic_tops into outfile 'web_traffic_tops.txt';
select * from web_traffics into outfile 'web_traffics.txt';
__EOF
mv $a /root/wz/
mv $b /root/wz/
mv $c /root/wz/
cp /data/net_traffic_* /root/wz/net/
tar -zcvf access_input.tar.gz /data/access_input/   # 解压命令:tar zxvf access_input.tar.gz
mv /data/access_input.tar.gz  /root/
mv /root/access_input.tar.gz /root/wz/
echo "脚本执行完毕! 请将/root/wz/下的文件夹拷贝出来,交给相关测试人员"
exit;
-----------------------------------------------------*******************

1、TCP TIME_WAIT:https://cloud.tencent.com/developer/article/1369410?from=article.detail.1752154
2、bind_tcp正向连接在实战中的应用:https://cloud.tencent.com/developer/article/1778292?from=article.detail.1369410
3、reverse_tcp反向连接在实战中的应用:https://cloud.tencent.com/developer/article/1806272?from=article.detail.1778292
3、我们为什么要禁用 THP:https://cloud.tencent.com/developer/article/1727260?from=article.detail.1759056
4、Linux 内核参数优化(for oracle):https://cloud.tencent.com/developer/article/1184190?from=information.detail.%E6%9B%B4%E6%94%B9linux%E5%86%85%E6%A0%B8%E7%89%88%E6%9C%AC%E5%8F%B7
5、Linux 系统运行速度太慢的关键原因,看看这篇:https://cloud.tencent.com/developer/article/1462864?from=article.detail.1511100
6、linux性能优化学习笔记-pidstat:https://cloud.tencent.com/developer/article/1463928?from=article.detail.1507511
#define ICMP_PAYLOAD_SIZE  (htons(ip_hdr(sb)->tot_len) \
                   - sizeof(struct iphdr) \
                   - sizeof(struct icmphdr))


//Cookie中不包含password,但其包含的uid及domain往往并非采用密码登录的用户,先将其排除
if(strstr(data,"Cookie") != NULL){
    data = strstr(data,"Cookie");    
    if(strstr(data,"\r\n")!= NULL) 
        data = strstr(data,"\r\n");  //匹配Cookie结尾处的回车换行\r\n
    else return;
}
https://cloud.tencent.com/developer/article/1541602?from=information.detail.linux%E6%9F%A5%E7%9C%8Barp%E7%BC%93%E5%AD%98%E8%A1%A8

https://blog.csdn.net/ddazz0621/article/details/84977358
https://blog.csdn.net/geekcome/category_786460_3.html
https://www.cnblogs.com/wanpengcoder/category/1691162.html?page=4
https://blog.csdn.net/u010246947/article/details/18220221
https://blog.csdn.net/sophisticated_/category_8236164.html
https://blog.csdn.net/hzj_001/article/details/104327771
https://www.cnblogs.com/wanpengcoder/category/1691162.html?page=4
https://zhuanlan.zhihu.com/p/372279088
https://github.com/beacer/notes/blob/master/kernel/data-receive.md
https://www.ucloud.cn/yun/9865.html
https://www.bbsmax.com/A/kmzLkRMEdG/
http://www.blogjava.net/jb2011/archive/2020/12/09/435744.html
https://jgsun.github.io/2019/01/21/linux-tcpdump/
https://www.ithothub.com/network/2020051913363160.html
https://www.zybuluo.com/myecho/note/1068383
https://colobu.com/2019/12/09/monitoring-tuning-linux-networking-stack-receiving-data/
https://www.jianshu.com/p/3b5cee1e88a2

C7重启卡死:
1.系统挂载错误
journalctl -xb
2.https://www.codeleading.com/article/3079298618/:
这个问题其实是systemd219这个版本的问题(查看systemd版本,请使用systemctl --version)。
由于systemd进程的判断比之前更加严格,如果某些进程不响应SIGTERM信号,可能会导致重启是挂死,该问题和业务进程对SIGTERM信号的处理有关。
3.
https://blog.csdn.net/weixin_33786077
https://blog.csdn.net/weixin_33786077/article/details/86269615?utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromMachineLearnPai2%7Edefault-13.control&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromMachineLearnPai2%7Edefault-13.control
https://cloud.tencent.com/developer/article/1533529
https://blog.csdn.net/yaochuh/article/details/100577194?utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromMachineLearnPai2%7Edefault-1.control&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromMachineLearnPai2%7Edefault-1.control
https://blog.csdn.net/davion_zhang/article/details/52233043
https://cloud.tencent.com/developer/article/1381198
 
http://blog.chinaunix.net/uid-7319742-id-2059659.html?_t=t
https://zhuanlan.zhihu.com/p/30791159
https://github.com/Urinx/SomeCodes/blob/master/Python/tcp_ip/README.md
https://segmentfault.com/a/1190000022954874
https://c4pr1c3.github.io/cuc-ns-ppt/chap0x05.md.html?print-pdf#/title-slide
http://www.cxyzjd.com/article/qq_38780085/79270421
http://walkerdu.com/2017/04/07/tcp-create-close-note/


https://www.freebuf.com/articles/system/205146.html:僵尸网络
https://blogs.360.cn/cate/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90?page=2: 僵尸网络
https://www.freebuf.com/articles/network/161286.html
https://www.cnblogs.com/zhongyehai/p/10619917.html
https://www.cnblogs.com/myblog-lyc/p/4176609.html
https://blog.csdn.net/whatday/article/details/103761081?utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7Edefault-2.nonecase&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7Edefault-2.nonecase
https://blog.csdn.net/weixin_33881140/article/details/92767924?utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7Edefault-19.nonecase&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7Edefault-19.nonecase
PyCryptoMiner加密货币挖矿软件及僵尸网络

垃圾邮件轰炸机:
https://www.skyju.cc/mailhzj.html#!

*************************************************************************
# 软中断解决方法按:
https://blog.csdn.net/yanyangtianzi/article/details/88351691
https://github.com/kargig/itop#readme
https://cloud.tencent.com/developer/article/1637681?ivk_sa=1024320u
# 开启/关闭多核cpu
https://zhuanlan.zhihu.com/p/361436253

systemctl status irqbalance
cat /proc/net/nf_conntrack |  awk '{print $7}' | cut -d, -f2 |sort |uniq -c |sort -n
watch -d -n 1 'cat /proc/softirqs'
grep -A 10 -i network /var/log/messages
grep s1p1 /proc/interrupts | awk '{print $1, $NF}'
cat /proc/irq/64/smp_affinity
cat /sys/class/net/eth0/queues/rx-0/rps_cpus
cat /sys/class/net/s1p2/queues/rx-0/rps_cpus
cat distribute
ls /sys/devices/system/cpu/
cat /sys/devices/system/cpu/cpu1
cat /sys/devices/system/cpu/cpu1/online
echo '0' > /sys/devices/system/cpu/cpu5/online
echo '1' > /sys/devices/system/cpu/cpu5/online
ip linst set down dev Protect3


https://www.cnblogs.com/lsgxeva/p/9188556.html


IOC_HEADER = "pdt_20210129!@3_"

def cal_ioc_hash(src_ip:str):
	ioc =IOC_HEADER + src_ip
	ioc_hash = hashlib.md5(ioc.encode('utf-8')).hexdigest()
	return ioc_hash[8:24]

--------------------SYSLOG服务器启用----------------------------------
$ModLoad imudp    # 接收udp信息
$UDPServerRun 514  #监听514服务进程

# Provides TCP syslog reception
#$ModLoad imtcp
$InputTCPServerRun 514   # 接收tcp信息

$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"   #syslog日志存放界面
# 接收来自远程与本机的syslog日志信息
*.* ?RemoteLogs   
& ~
fromhost-ip, !isequal, "127.0.0.1"
?Remote
& ~


/etc/rsyslog.conf
开放514端口
firewall-cmd --add-port=514/tcp --permanent
firwall-cmd --reload
# 重启syslog
systemctl restart rsyslog
View Code

 

posted on 2021-11-22 20:36  古风尘  阅读(199)  评论(0编辑  收藏  举报

导航