Question

10.15. 运维

10.15.1. 流量

• Bro
• Moloch Large scale, open source, indexed packet capture and search
• TCPFlow
• TCPDump
• WireShark
• Argus
• PcapPlusPlus
• ngrep
• cisco joy A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
• NFStream a Flexible Network Data Analysis Framework
• BruteShark Network Analysis Tool

10.15.2. 堡垒机

• jumpserver
• CrazyEye
• GateOne

10.15.3. 蜜罐

• Dionaea
• Modern Honey Network
• Cowrie SSH/Telnet蜜罐
• honeything IoT蜜罐
• ConPot 工控设施蜜罐
• MongoDB HoneyProxy
• ElasticHoney
• DCEPT
• Canarytokens
• Honeydrive
• T-Pot The All In One Honeypot Platform
• opencanary
• HFish
• kippo SSH Honeypot
• Ehoney 欺骗防御系统

10.15.4. VPN Install

• pptp
• ipsec
• openvpn

10.15.5. 隧道 / 代理

• ngrok
• rtcp
• Tunna
• reDuh Create a TCP circuit through validly formed HTTP requests
• reGeorg pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
• Neo-reGeorg Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
• ABPTTS TCP tunneling over HTTP/HTTPS for web application servers
• frp A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
• lanproxy 内网穿透工具
• ligolo Reverse Tunneling made easy for pentesters
• EarthWorm 是一款用于开启 SOCKS v5 代理服务的工具，基于标准 C 开发，可提供多平台间的转接通讯，用于复杂网络环境下的数据转发。
• Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
• mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
• nps a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal

10.15.6. 代理链

• Netch Support Socks5, Shadowsocks, ShadowsocksR, V2Ray, Trojan proxies. UDP NAT FullCone
• proxychains a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy
• gost GO Simple Tunnel

10.15.7. 资产管理

• BlueKing CMDB 面向资产及应用的企业级配置管理平台
• ARL 资产侦察灯塔系统

10.15.8. 合规

• bombus 合规审计平台

10.15.9. 风控

• nebula
• Liudao “六道”实时业务风控系统
• aswan 陌陌风控系统静态规则引擎

10.15.10. SIEM

• metron
• MozDef

10.15.11. 安全运维

• Scout URL 监控系统
• OpenDnsdb 基于Python的DNS管理系统

10.15.12. 系统监控

• netdata Real-time performance monitoring
• bcc Tools for BPF-based Linux IO analysis, networking, monitoring, and more

10.15.13. Windows

• Windows Sysinternals

10.15.14. 网络测试

• Toxiproxy A TCP proxy to simulate network and system conditions for chaos and resiliency testing

10.15.15. 网络模拟

• Internet Emulator A Python framework for creating emulation of the Internet