小狐狸FM 2025-03-07 00:00:00

进程

名称 说明 链接
procdump 微软官方,进程dump https://learn.microsoft.com/en-us/sysinternals/downloads/procdump
ProcDump-for-Linux 进程dump https://github.com/Sysinternals/ProcDump-for-Linux
processhacker 进程树查看 https://processhacker.sourceforge.io/
https://github.com/PKRoma/ProcessHacker
jps -l java自带工具,用于显示调用的java包

反制

名称 备注 链接
csbruter cobaltstrike爆破 https://github.com/ryanohoro/csbruter
Log4Pot Log4j蜜罐 https://github.com/thomaspatzke/Log4Pot
manuka osint蜜罐- https://github.com/spaceraccoon/manuka
tpotce tpotce蜜罐 https://github.com/telekom-security/tpotce
腾讯云找回密码 根据IP反查手机号首位末尾 https://cloud.tencent.com/account/recover
百度账号找回密码 根据用户名/邮箱获取部分手机号 https://passport.baidu.com/?getpassindex

解密

名称 备注 链接
360安全卫士勒索病毒解密 http://lesuobingdu.360.cn
ID Ransomware https://id-ransomware.malwarehunterteam.com/
解密工具 https://www.nomoreransom.org/zh/decryption-tools.html
No Ransom https://noransom.kaspersky.com/
Emsisoft https://www.emsisoft.com/ransomware-decryption-tools/
Avast 免费勒索软件解密工具 https://www.avast.com/zh-cn/ransomware-decryption-tools
NETReactorSlayer .NET Reactor 脱壳工具 https://github.com/SychicBoy/NETReactorSlayer
Quick Heal https://www.quickheal.com/free-ransomware-decryption-tool

病毒

名称 备注 链接
大圣云沙箱 https://sandbox.freebuf.com/detect
微步云沙箱 https://s.threatbook.cn
腾讯哈勃系统 https://habo.qq.com
魔盾安全分析 https://www.maldun.com/submit/submit_file/
jotti https://virusscan.jotti.org
ScanVir http://www.scanvir.com
virscan https://www.virscan.org
Virustotal https://www.virustotal.com/gui/home/upload

情报

名称 备注 链接
webrtc-test webRTC反溯真实IP https://ip8.com/webrtc-test
微步在线威胁情报社区 https://x.threatbook.cn
安恒威胁情报中心 https://ti.dbappsecurity.com.cn/
安天威胁情报中心 https://www.antiycloud.com/#/antiy/index
奇安信威胁情报中心 https://ti.qianxin.com
绿盟威胁情报中心 https://ti.nsfocus.com/
天际友盟威胁情报中心 https://redqueen.tj-un.com/IntelHome.html
深信服威胁情报中心 https://ti.sangfor.com.cn/analysis-platform
腾讯安全威胁情报中心 https://tix.qq.com/
启明星辰威胁情报中心 https://www.venuseye.com.cn/
AlienVault https://otx.alienvault.com/
GreyNoise https://viz.greynoise.io/
IBM https://exchange.xforce.ibmcloud.com/
SANS https://isc.sans.edu/
ThreatCrowd https://www.threatcrowd.org
ThreatMiner https://www.threatminer.org
VirusTotal https://www.virustotal.com

审计

名称 备注 链接
微软日志ID查询 https://docs.microsoft.com/zh-cn/windows/security/threat-protection
/auditing/security-auditing-overview
MySQLMonitor MySQL日志分析 https://github.com/fupinglee/MySQLMonitor
iMonitor 终端行为分析 https://github.com/wecooperate/iMonitor
chainsaw Windows日志分析 https://github.com/countercept/chainsaw
workbench Mysql日志分析 https://dev.mysql.com/downloads/workbench/
web-log-parser Web日志分析 https://github.com/JeffXue/web-log-parser

杀软

名称 适用系统 备注 链接
ASP.NET-Memshell-Scanner ASP内存马查杀 https://github.com/yzddmr6/ASP.NET-Memshell-Scanner
aLIEz Windows https://github.com/r00t4dm/aLIEz
BlueHound Windows GUI版本主机威胁狩猎工具 https://github.com/10000Tigers/BlueHound
chkrootkit-rootkit查杀 Linux http://www.chkrootki.org
clamscan Linux http://www.clamav.net
CloudWalker牧云 Windows http://github.com/chaitin/cloudwalker
copagent Java内存马查杀 https://github.com/LandGrey/copagent
D盾 Windows http://www.d99net.net/index.asp
iDefender Windows 冰盾 https://github.com/wecooperate/iDefender
https://imonitorsdk.com/idefender
java-memshell-scanner Java内存马查杀 https://github.com/c0ny1/java-memshell-scanner
rkhunter-rootkit查杀 Linux http://rkhunter.sourceforge.net
shell-analyzer Windows
Linux		 Java内存马查杀GUI工具 https://github.com/4ra1n/shell-analyzer
shellpub-河马shell查杀 Windows https://www.shellpub.com
WebShellDetector Windows http://www.shelldetector.com

WAF

名称 备注 链接
jxwaf https://github.com/jx-sec/jxwaf
https://github.com/chaitin/safeline
https://demo.waf-ce.chaitin.cn:9443/

预防

名称 备注 链接
Coercer 强制Windows服务器在任意电脑上身份验证 https://github.com/p0dalirius/Coercer
dismap 主机服务信息收集 https://github.com/zhzyker/dismap
whids 开源EDR https://github.com/0xrawsec/whids

日志排查

Windows

事件ID 描述 其他
4624 登录成功
4768 Kerberos身份验证成功 当域用户口令爆破失败的时候,默认不会留存日志;
需要修改域控制器的组策略,将“审核Kerberos身份验证服务”的成功和失败都勾选上,才会显示失败的域用户爆破日志