├── README.md ├── Result ├── Ares_mal_ip_2022-10-18 05-02-19.xlsx └── newData.txt ├── data.txt ├── getIpInfo.py ├── img ├── 1.png ├── 10.png ├── 11.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png ├── 9.png ├── web1.png └── web2.png ├── module ├── font.py └── ipSearch.py └── qqwry.dat /README.md: -------------------------------------------------------------------------------- 1 | # getIpInfo 2 | 3 | 将文本中含有的IP进行标记、添加IP物理位置标记,并进行输出。提取存在的外网IP,依赖奇安信威胁分析武器库进行批量自动化情报查询,展示IP信誉详情、实现检测详情、恶意详情以及数据统计,并输出xlsx表格。 4 | 5 | Mark the IP contained in the text and add the IP physical location mark. Extract the existing Internet IP, perform batch automatic intelligence query, and display the IP reputation details, implementation detection details, malicious details, and data statistics. 6 | 7 | # 适用场景 8 | - 适用于[安服工作]中针对DMZ服务器入站IP批量自动化情报查询; 9 | 10 | - 适用于[蓝队监测工作]中针对可疑IP进行批量自动化情报查询; 11 | 12 | - 适用于[蓝队溯源工作]中针对攻击IP代理机和肉鸡过滤进行批量自动化情报查询; 13 | 14 | - 适用于[应急工作]中主机外联自动化情报查询。 15 | 16 | # 基本用法: 17 | 18 | ### 将含有IP的文本放置根目录下的data.txt文件中: 19 | 20 | ![image](/img/1.png) 21 | 22 | ### python getIpInfo 执行脚本: 23 | 24 | ![image](/img/2.png) 25 | 26 | - 第一次使用脚本时,会自动下载最新纯真IP数据库,请耐心等待。 27 | - 若需更新纯真IP数据库,请删除根目录下qqwry.dat文件。 28 | 29 | ### 每天第一次使用批量自动化情报查询,需要先获取个人cookie信息(有坑,认真看): 30 | 31 | - 19号之前存在接口越权问题,个人用户可访问所有武器库功能,可直接使用个人账户cookie信息 32 | 33 | ![image](/img/8.png) 34 | 35 | - **19号上午才上传的初版脚本V1.0,下午就被修复了一个BUG(导致个人用户无权限使用接口),虎厂牛逼plus** 36 | - 但是!还有两个bug呢宝儿(这个就不多说了),针对于这次修复,我们先对比一下个人用户权限及员工权限: 37 | 38 | ![image](/img/9.png) 39 | 40 | ![image](/img/10.png) 41 | 42 | - 奇安信也算是天花板了,所有很多小伙伴都有奇安信蓝信账号(做过奇安信外包的小伙伴应该也有) 43 | - 使用内部员工登录即可(有奇安信蓝信账号即可,原厂和做过奇安信外包的应该都有): 44 | - [https://user.ti.qianxin.com/login/?tab=Staff&next=http%3A%2F%2Fti.qianxin.com%2Flogin](https://user.ti.qianxin.com/login/?tab=Staff&next=http%3A%2F%2Fti.qianxin.com%2Flogin) 45 | 46 | ![image](/img/11.png) 47 | 48 | - 脚本使用时会提示输入cookie-session值,并自动保存无需再次输入,直至cookie过期。 49 | 50 | ### 批量自动化情报查询,粗略打印内容,详细内容保存为xlsx: 51 | 52 | ![image](/img/3.png) 53 | 54 | ![image](/img/4.png) 55 | 56 | ### xlsx——IP信誉详细信息、失陷检测详细信息、恶意详细信息、统计信息: 57 | 58 | ![image](/img/5.png) 59 | 60 | ![image](/img/6.png) 61 | 62 | ![image](/img/7.png) 63 | 64 | # UPDATE 2022年11月02日09:09:27 65 | 66 | - 第一部分功能已做出线上版本: 67 | - [https://potato.gold/navbar/tool/getIpInfo/IpInfo.html](https://potato.gold/navbar/tool/getIpInfo/IpInfo.html) 68 | 69 | ![image](/img/web1.png) 70 | 71 | ![image](/img/web2.png) 72 | 73 | - 线上版本暂不考虑自动化威胁情报查询,如有其他需求,请提Issues/主页留言! 74 | -------------------------------------------------------------------------------- /Result/Ares_mal_ip_2022-10-18 05-02-19.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/Result/Ares_mal_ip_2022-10-18 05-02-19.xlsx -------------------------------------------------------------------------------- /Result/newData.txt: -------------------------------------------------------------------------------- 1 | 2 | 活动连接 3 | 4 | 协议 本地地址 外部地址 状态 PID 5 | TCP 0.0.0.0[IANA]:21 0.0.0.0[IANA]:0 LISTENING 1176 6 | TCP 0.0.0.0[IANA]:80 0.0.0.0[IANA]:0 LISTENING 4 7 | TCP 0.0.0.0[IANA]:135 0.0.0.0[IANA]:0 LISTENING 568 8 | TCP 0.0.0.0[IANA]:443 0.0.0.0[IANA]:0 LISTENING 4 9 | TCP 0.0.0.0[IANA]:445 0.0.0.0[IANA]:0 LISTENING 4 10 | TCP 0.0.0.0[IANA]:888 0.0.0.0[IANA]:0 LISTENING 4 11 | TCP 0.0.0.0[IANA]:3000 0.0.0.0[IANA]:0 LISTENING 3332 12 | TCP 0.0.0.0[IANA]:3306 0.0.0.0[IANA]:0 LISTENING 1256 13 | TCP 0.0.0.0[IANA]:3389 0.0.0.0[IANA]:0 LISTENING 2244 14 | TCP 0.0.0.0[IANA]:5985 0.0.0.0[IANA]:0 LISTENING 4 15 | TCP 0.0.0.0[IANA]:6060 0.0.0.0[IANA]:0 LISTENING 3308 16 | TCP 0.0.0.0[IANA]:8888 0.0.0.0[IANA]:0 LISTENING 4984 17 | TCP 0.0.0.0[IANA]:47001 0.0.0.0[IANA]:0 LISTENING 4 18 | TCP 0.0.0.0[IANA]:49152 0.0.0.0[IANA]:0 LISTENING 380 19 | TCP 0.0.0.0[IANA]:49153 0.0.0.0[IANA]:0 LISTENING 676 20 | TCP 0.0.0.0[IANA]:49154 0.0.0.0[IANA]:0 LISTENING 712 21 | TCP 0.0.0.0[IANA]:49155 0.0.0.0[IANA]:0 LISTENING 1340 22 | TCP 0.0.0.0[IANA]:49160 0.0.0.0[IANA]:0 LISTENING 472 23 | TCP 0.0.0.0[IANA]:49192 0.0.0.0[IANA]:0 LISTENING 464 24 | TCP 10.0.24.15[局域网]:139 0.0.0.0[IANA]:0 LISTENING 4 25 | TCP 10.0.24.15[局域网]:3000 3.8.123.126[英国]:21345 ESTABLISHED 3332 26 | TCP 10.0.24.15[局域网]:3000 13.40.27.223[美国]:21345 ESTABLISHED 3332 27 | TCP 10.0.24.15[局域网]:3000 35.178.250.170[英国]:21345 ESTABLISHED 3332 28 | TCP 10.0.24.15[局域网]:3000 45.143.201.62[美国]:65256 ESTABLISHED 3332 29 | TCP 10.0.24.15[局域网]:3000 80.66.66.14[俄罗斯]:28714 ESTABLISHED 3332 30 | TCP 10.0.24.15[局域网]:3000 89.248.163.166[荷兰]:40969 ESTABLISHED 3332 31 | TCP 10.0.24.15[局域网]:3000 89.248.165.253[荷兰]:40136 ESTABLISHED 3332 32 | TCP 10.0.24.15[局域网]:3000 92.63.196.3[俄罗斯]:42677 ESTABLISHED 3332 33 | TCP 10.0.24.15[局域网]:3000 104.152.52.56[北美地区]:35942 ESTABLISHED 3332 34 | TCP 10.0.24.15[局域网]:3000 104.152.52.61[北美地区]:40172 ESTABLISHED 3332 35 | TCP 10.0.24.15[局域网]:3000 107.174.176.6[北美地区]:56195 ESTABLISHED 3332 36 | TCP 10.0.24.15[局域网]:3000 198.23.149.111[美国]:46782 ESTABLISHED 3332 37 | TCP 10.0.24.15[局域网]:3389 106.120.73.234[北京市]:41682 ESTABLISHED 2244 38 | TCP 10.0.24.15[局域网]:6060 167.99.201.117[美国]:54802 ESTABLISHED 3308 39 | TCP 10.0.24.15[局域网]:6060 167.248.133.45[美国]:54880 ESTABLISHED 3308 40 | TCP 10.0.24.15[局域网]:8888 18.133.231.83[美国]:21345 ESTABLISHED 4984 41 | TCP 10.0.24.15[局域网]:8888 18.135.17.56[美国]:21345 ESTABLISHED 4984 42 | TCP 10.0.24.15[局域网]:8888 35.178.250.170[英国]:21345 ESTABLISHED 4984 43 | TCP 10.0.24.15[局域网]:8888 36.112.193.206[北京市]:25676 ESTABLISHED 4984 44 | TCP 10.0.24.15[局域网]:8888 36.112.193.206[北京市]:25683 ESTABLISHED 4984 45 | TCP 10.0.24.15[局域网]:8888 36.112.193.206[北京市]:25684 ESTABLISHED 4984 46 | TCP 10.0.24.15[局域网]:8888 36.112.193.206[北京市]:25685 ESTABLISHED 4984 47 | TCP 10.0.24.15[局域网]:8888 36.112.193.206[北京市]:25799 ESTABLISHED 4984 48 | TCP 10.0.24.15[局域网]:8888 36.112.193.206[北京市]:25854 ESTABLISHED 4984 49 | TCP 10.0.24.15[局域网]:8888 45.143.201.62[美国]:62706 ESTABLISHED 4984 50 | TCP 10.0.24.15[局域网]:8888 45.143.201.62[美国]:63128 ESTABLISHED 4984 51 | TCP 10.0.24.15[局域网]:8888 45.143.201.62[美国]:64971 ESTABLISHED 4984 52 | TCP 10.0.24.15[局域网]:8888 45.143.201.62[美国]:65390 ESTABLISHED 4984 53 | TCP 10.0.24.15[局域网]:8888 90.151.171.106[俄罗斯]:8012 ESTABLISHED 4984 54 | TCP 10.0.24.15[局域网]:8888 90.151.171.106[俄罗斯]:19890 ESTABLISHED 4984 55 | TCP 10.0.24.15[局域网]:8888 90.151.171.106[俄罗斯]:41934 ESTABLISHED 4984 56 | TCP 10.0.24.15[局域网]:8888 90.151.171.106[俄罗斯]:55006 ESTABLISHED 4984 57 | TCP 10.0.24.15[局域网]:8888 90.151.171.106[俄罗斯]:55610 ESTABLISHED 4984 58 | TCP 10.0.24.15[局域网]:8888 90.151.171.106[俄罗斯]:62848 ESTABLISHED 4984 59 | TCP 10.0.24.15[局域网]:8888 91.240.118.105[荷兰]:64190 ESTABLISHED 4984 60 | TCP 10.0.24.15[局域网]:8888 93.174.95.106[荷兰]:50886 ESTABLISHED 4984 61 | TCP 10.0.24.15[局域网]:8888 104.152.52.89[北美地区]:59082 ESTABLISHED 4984 62 | TCP 10.0.24.15[局域网]:8888 104.152.52.117[北美地区]:49011 ESTABLISHED 4984 63 | TCP 10.0.24.15[局域网]:8888 104.152.52.135[北美地区]:54783 ESTABLISHED 4984 64 | TCP 10.0.24.15[局域网]:8888 104.152.52.241[北美地区]:56614 ESTABLISHED 4984 65 | TCP 10.0.24.15[局域网]:8888 107.174.176.6[北美地区]:56195 ESTABLISHED 4984 66 | TCP 10.0.24.15[局域网]:8888 122.118.134.163[台湾省]:31469 ESTABLISHED 4984 67 | TCP 10.0.24.15[局域网]:8888 122.118.134.170[台湾省]:43377 ESTABLISHED 4984 68 | TCP 10.0.24.15[局域网]:8888 128.1.61.199[美国]:38490 ESTABLISHED 4984 69 | TCP 10.0.24.15[局域网]:8888 139.59.22.129[印度]:52266 ESTABLISHED 4984 70 | TCP 10.0.24.15[局域网]:8888 163.47.36.33[孟加拉]:60000 ESTABLISHED 4984 71 | TCP 10.0.24.15[局域网]:8888 167.94.138.46[美国]:59472 ESTABLISHED 4984 72 | TCP 10.0.24.15[局域网]:8888 185.149.40.210[乌克兰]:38102 ESTABLISHED 4984 73 | TCP 10.0.24.15[局域网]:8888 185.149.40.210[乌克兰]:53468 ESTABLISHED 4984 74 | TCP 10.0.24.15[局域网]:8888 185.149.40.210[乌克兰]:54180 ESTABLISHED 4984 75 | TCP 10.0.24.15[局域网]:8888 185.170.144.46[英国]:3118 ESTABLISHED 4984 76 | TCP 10.0.24.15[局域网]:8888 185.170.144.46[英国]:62088 ESTABLISHED 4984 77 | TCP 10.0.24.15[局域网]:8888 185.170.144.46[英国]:65096 ESTABLISHED 4984 78 | TCP 10.0.24.15[局域网]:8888 188.92.77.15[拉脱维亚]:63284 ESTABLISHED 4984 79 | TCP 10.0.24.15[局域网]:8888 198.23.149.111[美国]:46782 ESTABLISHED 4984 80 | TCP 10.0.24.15[局域网]:51119 13.249.167.127[日本]:443 CLOSE_WAIT 5832 81 | TCP 10.0.24.15[局域网]:51122 13.249.167.127[日本]:443 CLOSE_WAIT 5832 82 | TCP 10.0.24.15[局域网]:51125 13.249.167.127[日本]:443 CLOSE_WAIT 5832 83 | TCP 10.0.24.15[局域网]:51128 13.249.167.127[日本]:443 CLOSE_WAIT 5832 84 | TCP 10.0.24.15[局域网]:51131 13.249.167.127[日本]:443 CLOSE_WAIT 5832 85 | TCP 10.0.24.15[局域网]:51135 13.249.167.127[日本]:443 CLOSE_WAIT 5832 86 | TCP 10.0.24.15[局域网]:51307 13.224.141.57[日本]:443 CLOSE_WAIT 5832 87 | TCP 10.0.24.15[局域网]:51310 13.224.141.57[日本]:443 CLOSE_WAIT 5832 88 | TCP 10.0.24.15[局域网]:51313 13.249.146.128[日本]:443 CLOSE_WAIT 5832 89 | TCP 10.0.24.15[局域网]:52106 18.65.185.26[美国]:443 CLOSE_WAIT 5832 90 | TCP 10.0.24.15[局域网]:52110 18.65.185.26[美国]:443 CLOSE_WAIT 5832 91 | TCP 10.0.24.15[局域网]:52113 18.65.185.26[美国]:443 CLOSE_WAIT 5832 92 | TCP 10.0.24.15[局域网]:52116 18.65.185.26[美国]:443 CLOSE_WAIT 5832 93 | TCP 10.0.24.15[局域网]:52119 18.65.185.26[美国]:443 CLOSE_WAIT 5832 94 | TCP 10.0.24.15[局域网]:52122 18.65.185.26[美国]:443 CLOSE_WAIT 5832 95 | TCP 10.0.24.15[局域网]:52689 13.249.167.78[日本]:443 CLOSE_WAIT 5832 96 | TCP 10.0.24.15[局域网]:52692 13.249.167.78[日本]:443 CLOSE_WAIT 5832 97 | TCP 10.0.24.15[局域网]:52695 13.249.167.78[日本]:443 CLOSE_WAIT 5832 98 | TCP 10.0.24.15[局域网]:52698 13.249.167.78[日本]:443 CLOSE_WAIT 5832 99 | TCP 10.0.24.15[局域网]:52701 13.249.167.78[日本]:443 CLOSE_WAIT 5832 100 | TCP 10.0.24.15[局域网]:52704 13.249.167.78[日本]:443 CLOSE_WAIT 5832 101 | TCP 10.0.24.15[局域网]:53025 13.225.173.88[美国]:443 CLOSE_WAIT 5832 102 | TCP 10.0.24.15[局域网]:53028 13.225.173.88[美国]:443 CLOSE_WAIT 5832 103 | TCP 10.0.24.15[局域网]:54076 13.249.167.127[日本]:443 CLOSE_WAIT 5832 104 | TCP 10.0.24.15[局域网]:54132 143.204.126.34[美国]:443 CLOSE_WAIT 5832 105 | TCP 10.0.24.15[局域网]:54135 143.204.126.34[美国]:443 CLOSE_WAIT 5832 106 | TCP 10.0.24.15[局域网]:54140 143.204.126.75[美国]:443 CLOSE_WAIT 5832 107 | TCP 10.0.24.15[局域网]:56226 13.224.141.109[日本]:443 CLOSE_WAIT 5832 108 | TCP 10.0.24.15[局域网]:56229 13.224.141.109[日本]:443 CLOSE_WAIT 5832 109 | TCP 10.0.24.15[局域网]:57048 169.254.0.55[本地]:5574 ESTABLISHED 84 110 | TCP 10.0.24.15[局域网]:57073 13.249.167.13[日本]:443 CLOSE_WAIT 5832 111 | TCP 10.0.24.15[局域网]:57076 13.249.167.13[日本]:443 CLOSE_WAIT 5832 112 | TCP 10.0.24.15[局域网]:57079 13.249.167.13[日本]:443 CLOSE_WAIT 5832 113 | TCP 10.0.24.15[局域网]:57082 13.249.167.13[日本]:443 CLOSE_WAIT 5832 114 | TCP 10.0.24.15[局域网]:57085 13.249.167.13[日本]:443 CLOSE_WAIT 5832 115 | TCP 10.0.24.15[局域网]:57089 13.249.167.13[日本]:443 CLOSE_WAIT 5832 116 | TCP 10.0.24.15[局域网]:58442 18.65.185.26[美国]:443 CLOSE_WAIT 5832 117 | TCP 10.0.24.15[局域网]:58445 18.65.185.26[美国]:443 CLOSE_WAIT 5832 118 | TCP 10.0.24.15[局域网]:58450 18.65.185.26[美国]:443 CLOSE_WAIT 5832 119 | TCP 10.0.24.15[局域网]:58454 18.65.185.26[美国]:443 CLOSE_WAIT 5832 120 | TCP 10.0.24.15[局域网]:58457 18.65.185.26[美国]:443 CLOSE_WAIT 5832 121 | TCP 10.0.24.15[局域网]:58460 18.65.185.26[美国]:443 CLOSE_WAIT 5832 122 | TCP 10.0.24.15[局域网]:59691 18.65.185.27[美国]:443 CLOSE_WAIT 5832 123 | TCP 10.0.24.15[局域网]:59694 18.65.185.27[美国]:443 CLOSE_WAIT 5832 124 | TCP 10.0.24.15[局域网]:60078 13.225.173.70[美国]:443 CLOSE_WAIT 5832 125 | TCP 10.0.24.15[局域网]:60081 13.225.173.70[美国]:443 CLOSE_WAIT 5832 126 | TCP 10.0.24.15[局域网]:60084 65.9.42.117[美国]:443 CLOSE_WAIT 5832 127 | TCP 10.0.24.15[局域网]:60451 13.249.167.127[日本]:443 CLOSE_WAIT 5832 128 | TCP 10.0.24.15[局域网]:60454 13.249.167.127[日本]:443 CLOSE_WAIT 5832 129 | TCP 10.0.24.15[局域网]:60457 65.9.42.117[美国]:443 CLOSE_WAIT 5832 130 | TCP 10.0.24.15[局域网]:60784 13.225.165.10[日本]:443 TIME_WAIT 0 131 | TCP 10.0.24.15[局域网]:60785 13.225.165.10[日本]:443 TIME_WAIT 0 132 | TCP 10.0.24.15[局域网]:60797 169.254.0.203[本地]:80 TIME_WAIT 0 133 | TCP 10.0.24.15[局域网]:60829 169.254.0.203[本地]:80 TIME_WAIT 0 134 | TCP 10.0.24.15[局域网]:60833 169.254.0.203[本地]:80 ESTABLISHED 2124 135 | TCP 10.0.24.15[局域网]:61503 13.225.173.117[美国]:443 CLOSE_WAIT 5832 136 | TCP 10.0.24.15[局域网]:61506 13.225.173.117[美国]:443 CLOSE_WAIT 5832 137 | TCP 10.0.24.15[局域网]:61509 13.225.173.117[美国]:443 CLOSE_WAIT 5832 138 | TCP 10.0.24.15[局域网]:61512 13.225.173.117[美国]:443 CLOSE_WAIT 5832 139 | TCP 10.0.24.15[局域网]:61515 13.225.173.117[美国]:443 CLOSE_WAIT 5832 140 | TCP 10.0.24.15[局域网]:61518 13.225.173.117[美国]:443 CLOSE_WAIT 5832 141 | TCP 10.0.24.15[局域网]:61932 18.65.185.26[美国]:443 CLOSE_WAIT 5832 142 | TCP 10.0.24.15[局域网]:61935 18.65.185.26[美国]:443 CLOSE_WAIT 5832 143 | TCP 10.0.24.15[局域网]:61938 13.35.49.4[日本]:443 CLOSE_WAIT 5832 144 | TCP 10.0.24.15[局域网]:62690 13.35.49.22[日本]:443 CLOSE_WAIT 5832 145 | TCP 10.0.24.15[局域网]:62823 18.65.185.26[美国]:443 CLOSE_WAIT 5832 146 | TCP 10.0.24.15[局域网]:62826 18.65.185.26[美国]:443 CLOSE_WAIT 5832 147 | TCP 10.0.24.15[局域网]:62829 18.65.185.26[美国]:443 CLOSE_WAIT 5832 148 | TCP 10.0.24.15[局域网]:62832 18.65.185.26[美国]:443 CLOSE_WAIT 5832 149 | TCP 10.0.24.15[局域网]:63075 13.224.141.109[日本]:443 CLOSE_WAIT 5832 150 | TCP 10.0.24.15[局域网]:63078 13.224.141.109[日本]:443 CLOSE_WAIT 5832 151 | TCP 10.0.24.15[局域网]:63081 13.224.141.109[日本]:443 CLOSE_WAIT 5832 152 | TCP 10.0.24.15[局域网]:63084 13.224.141.109[日本]:443 CLOSE_WAIT 5832 153 | TCP 10.0.24.15[局域网]:63087 13.224.141.109[日本]:443 CLOSE_WAIT 5832 154 | TCP 10.0.24.15[局域网]:63918 13.249.167.13[日本]:443 CLOSE_WAIT 5832 155 | TCP 10.0.24.15[局域网]:63922 13.249.167.13[日本]:443 CLOSE_WAIT 5832 156 | TCP 10.0.24.15[局域网]:63925 13.249.167.13[日本]:443 CLOSE_WAIT 5832 157 | TCP 10.0.24.15[局域网]:64064 18.65.185.95[美国]:443 CLOSE_WAIT 5832 158 | TCP 10.0.24.15[局域网]:64070 18.65.185.95[美国]:443 CLOSE_WAIT 5832 159 | TCP 10.0.24.15[局域网]:64073 18.65.185.95[美国]:443 CLOSE_WAIT 5832 160 | TCP 10.0.24.15[局域网]:64076 18.65.185.95[美国]:443 CLOSE_WAIT 5832 161 | TCP 10.0.24.15[局域网]:64079 18.65.185.95[美国]:443 CLOSE_WAIT 5832 162 | TCP 10.0.24.15[局域网]:64082 18.65.185.95[美国]:443 CLOSE_WAIT 5832 163 | TCP 10.0.24.15[局域网]:64464 13.249.167.13[日本]:443 CLOSE_WAIT 5832 164 | TCP 10.0.24.15[局域网]:64467 13.249.167.13[日本]:443 CLOSE_WAIT 5832 165 | TCP 10.0.24.15[局域网]:64470 13.249.167.13[日本]:443 CLOSE_WAIT 5832 166 | TCP 10.0.24.15[局域网]:64473 13.249.167.13[日本]:443 CLOSE_WAIT 5832 167 | TCP 10.0.24.15[局域网]:64476 13.249.167.13[日本]:443 CLOSE_WAIT 5832 168 | TCP 10.0.24.15[局域网]:64884 143.204.126.79[美国]:443 CLOSE_WAIT 5832 169 | TCP 10.0.24.15[局域网]:64887 143.204.126.79[美国]:443 CLOSE_WAIT 5832 170 | TCP 10.0.24.15[局域网]:64891 143.204.126.79[美国]:443 CLOSE_WAIT 5832 171 | TCP 10.0.24.15[局域网]:64894 143.204.126.79[美国]:443 CLOSE_WAIT 5832 172 | TCP 10.0.24.15[局域网]:64897 143.204.126.79[美国]:443 CLOSE_WAIT 5832 173 | TCP 10.0.24.15[局域网]:64900 143.204.126.79[美国]:443 CLOSE_WAIT 5832 174 | TCP 10.0.24.15[局域网]:64998 143.204.126.10[美国]:443 CLOSE_WAIT 5832 175 | TCP 10.0.24.15[局域网]:65001 143.204.126.10[美国]:443 CLOSE_WAIT 5832 176 | TCP 10.0.24.15[局域网]:65004 143.204.126.75[美国]:443 CLOSE_WAIT 5832 177 | TCP 10.0.24.15[局域网]:65405 13.249.167.31[日本]:443 CLOSE_WAIT 5832 178 | TCP 10.0.24.15[局域网]:65408 13.249.167.31[日本]:443 CLOSE_WAIT 5832 179 | TCP 10.0.24.15[局域网]:65411 13.249.146.121[日本]:443 CLOSE_WAIT 5832 180 | TCP 127.0.0.1[本机地址]:6942 0.0.0.0[IANA]:0 LISTENING 5832 181 | TCP 127.0.0.1[本机地址]:14147 0.0.0.0[IANA]:0 LISTENING 1176 182 | TCP 127.0.0.1[本机地址]:63342 0.0.0.0[IANA]:0 LISTENING 5832 183 | TCP 127.0.0.1[本机地址]:64766 127.0.0.1[本机地址]:64767 ESTABLISHED 5832 184 | TCP 127.0.0.1[本机地址]:64767 127.0.0.1[本机地址]:64766 ESTABLISHED 5832 185 | TCP 127.0.0.1[本机地址]:64768 127.0.0.1[本机地址]:64769 ESTABLISHED 5832 186 | TCP 127.0.0.1[本机地址]:64769 127.0.0.1[本机地址]:64768 ESTABLISHED 5832 187 | TCP 127.0.0.1[本机地址]:64770 127.0.0.1[本机地址]:64771 ESTABLISHED 5832 188 | TCP 127.0.0.1[本机地址]:64771 127.0.0.1[本机地址]:64770 ESTABLISHED 5832 189 | TCP 127.0.0.1[本机地址]:64821 127.0.0.1[本机地址]:64822 ESTABLISHED 5832 190 | TCP 127.0.0.1[本机地址]:64822 127.0.0.1[本机地址]:64821 ESTABLISHED 5832 191 | TCP [::]:21 [::]:0 LISTENING 1176 192 | TCP [::]:80 [::]:0 LISTENING 4 193 | TCP [::]:135 [::]:0 LISTENING 568 194 | TCP [::]:443 [::]:0 LISTENING 4 195 | TCP [::]:445 [::]:0 LISTENING 4 196 | TCP [::]:888 [::]:0 LISTENING 4 197 | TCP [::]:3389 [::]:0 LISTENING 2244 198 | TCP [::]:5985 [::]:0 LISTENING 4 199 | TCP [::]:6060 [::]:0 LISTENING 3308 200 | TCP [::]:8888 [::]:0 LISTENING 4984 201 | TCP [::]:47001 [::]:0 LISTENING 4 202 | TCP [::]:49152 [::]:0 LISTENING 380 203 | TCP [::]:49153 [::]:0 LISTENING 676 204 | TCP [::]:49154 [::]:0 LISTENING 712 205 | TCP [::]:49155 [::]:0 LISTENING 1340 206 | TCP [::]:49160 [::]:0 LISTENING 472 207 | TCP [::]:49192 [::]:0 LISTENING 464 208 | TCP [::1]:14147 [::]:0 LISTENING 1176 209 | UDP 0.0.0.0[IANA]:123 *:* 760 210 | UDP 0.0.0.0[IANA]:500 *:* 712 211 | UDP 0.0.0.0[IANA]:3389 *:* 2244 212 | UDP 0.0.0.0[IANA]:4500 *:* 712 213 | UDP 0.0.0.0[IANA]:5355 *:* 844 214 | UDP 10.0.24.15[局域网]:137 *:* 4 215 | UDP 10.0.24.15[局域网]:138 *:* 4 216 | UDP [::]:123 *:* 760 217 | UDP [::]:500 *:* 712 218 | UDP [::]:3389 *:* 2244 219 | UDP [::]:4500 *:* 712 220 | UDP [::]:5355 *:* 844 221 | -------------------------------------------------------------------------------- /data.txt: -------------------------------------------------------------------------------- 1 | 2 | 活动连接 3 | 4 | 协议 本地地址 外部地址 状态 PID 5 | TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1176 6 | TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 7 | TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 568 8 | TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4 9 | TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 10 | TCP 0.0.0.0:888 0.0.0.0:0 LISTENING 4 11 | TCP 0.0.0.0:3000 0.0.0.0:0 LISTENING 3332 12 | TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1256 13 | TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2244 14 | TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4 15 | TCP 0.0.0.0:6060 0.0.0.0:0 LISTENING 3308 16 | TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 4984 17 | TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4 18 | TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 380 19 | TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 676 20 | TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 712 21 | TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 1340 22 | TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING 472 23 | TCP 0.0.0.0:49192 0.0.0.0:0 LISTENING 464 24 | TCP 10.0.24.15:139 0.0.0.0:0 LISTENING 4 25 | TCP 10.0.24.15:3000 3.8.123.126:21345 ESTABLISHED 3332 26 | TCP 10.0.24.15:3000 13.40.27.223:21345 ESTABLISHED 3332 27 | TCP 10.0.24.15:3000 35.178.250.170:21345 ESTABLISHED 3332 28 | TCP 10.0.24.15:3000 45.143.201.62:65256 ESTABLISHED 3332 29 | TCP 10.0.24.15:3000 80.66.66.14:28714 ESTABLISHED 3332 30 | TCP 10.0.24.15:3000 89.248.163.166:40969 ESTABLISHED 3332 31 | TCP 10.0.24.15:3000 89.248.165.253:40136 ESTABLISHED 3332 32 | TCP 10.0.24.15:3000 92.63.196.3:42677 ESTABLISHED 3332 33 | TCP 10.0.24.15:3000 104.152.52.56:35942 ESTABLISHED 3332 34 | TCP 10.0.24.15:3000 104.152.52.61:40172 ESTABLISHED 3332 35 | TCP 10.0.24.15:3000 107.174.176.6:56195 ESTABLISHED 3332 36 | TCP 10.0.24.15:3000 198.23.149.111:46782 ESTABLISHED 3332 37 | TCP 10.0.24.15:3389 106.120.73.234:41682 ESTABLISHED 2244 38 | TCP 10.0.24.15:6060 167.99.201.117:54802 ESTABLISHED 3308 39 | TCP 10.0.24.15:6060 167.248.133.45:54880 ESTABLISHED 3308 40 | TCP 10.0.24.15:8888 18.133.231.83:21345 ESTABLISHED 4984 41 | TCP 10.0.24.15:8888 18.135.17.56:21345 ESTABLISHED 4984 42 | TCP 10.0.24.15:8888 35.178.250.170:21345 ESTABLISHED 4984 43 | TCP 10.0.24.15:8888 36.112.193.206:25676 ESTABLISHED 4984 44 | TCP 10.0.24.15:8888 36.112.193.206:25683 ESTABLISHED 4984 45 | TCP 10.0.24.15:8888 36.112.193.206:25684 ESTABLISHED 4984 46 | TCP 10.0.24.15:8888 36.112.193.206:25685 ESTABLISHED 4984 47 | TCP 10.0.24.15:8888 36.112.193.206:25799 ESTABLISHED 4984 48 | TCP 10.0.24.15:8888 36.112.193.206:25854 ESTABLISHED 4984 49 | TCP 10.0.24.15:8888 45.143.201.62:62706 ESTABLISHED 4984 50 | TCP 10.0.24.15:8888 45.143.201.62:63128 ESTABLISHED 4984 51 | TCP 10.0.24.15:8888 45.143.201.62:64971 ESTABLISHED 4984 52 | TCP 10.0.24.15:8888 45.143.201.62:65390 ESTABLISHED 4984 53 | TCP 10.0.24.15:8888 90.151.171.106:8012 ESTABLISHED 4984 54 | TCP 10.0.24.15:8888 90.151.171.106:19890 ESTABLISHED 4984 55 | TCP 10.0.24.15:8888 90.151.171.106:41934 ESTABLISHED 4984 56 | TCP 10.0.24.15:8888 90.151.171.106:55006 ESTABLISHED 4984 57 | TCP 10.0.24.15:8888 90.151.171.106:55610 ESTABLISHED 4984 58 | TCP 10.0.24.15:8888 90.151.171.106:62848 ESTABLISHED 4984 59 | TCP 10.0.24.15:8888 91.240.118.105:64190 ESTABLISHED 4984 60 | TCP 10.0.24.15:8888 93.174.95.106:50886 ESTABLISHED 4984 61 | TCP 10.0.24.15:8888 104.152.52.89:59082 ESTABLISHED 4984 62 | TCP 10.0.24.15:8888 104.152.52.117:49011 ESTABLISHED 4984 63 | TCP 10.0.24.15:8888 104.152.52.135:54783 ESTABLISHED 4984 64 | TCP 10.0.24.15:8888 104.152.52.241:56614 ESTABLISHED 4984 65 | TCP 10.0.24.15:8888 107.174.176.6:56195 ESTABLISHED 4984 66 | TCP 10.0.24.15:8888 122.118.134.163:31469 ESTABLISHED 4984 67 | TCP 10.0.24.15:8888 122.118.134.170:43377 ESTABLISHED 4984 68 | TCP 10.0.24.15:8888 128.1.61.199:38490 ESTABLISHED 4984 69 | TCP 10.0.24.15:8888 139.59.22.129:52266 ESTABLISHED 4984 70 | TCP 10.0.24.15:8888 163.47.36.33:60000 ESTABLISHED 4984 71 | TCP 10.0.24.15:8888 167.94.138.46:59472 ESTABLISHED 4984 72 | TCP 10.0.24.15:8888 185.149.40.210:38102 ESTABLISHED 4984 73 | TCP 10.0.24.15:8888 185.149.40.210:53468 ESTABLISHED 4984 74 | TCP 10.0.24.15:8888 185.149.40.210:54180 ESTABLISHED 4984 75 | TCP 10.0.24.15:8888 185.170.144.46:3118 ESTABLISHED 4984 76 | TCP 10.0.24.15:8888 185.170.144.46:62088 ESTABLISHED 4984 77 | TCP 10.0.24.15:8888 185.170.144.46:65096 ESTABLISHED 4984 78 | TCP 10.0.24.15:8888 188.92.77.15:63284 ESTABLISHED 4984 79 | TCP 10.0.24.15:8888 198.23.149.111:46782 ESTABLISHED 4984 80 | TCP 10.0.24.15:51119 13.249.167.127:443 CLOSE_WAIT 5832 81 | TCP 10.0.24.15:51122 13.249.167.127:443 CLOSE_WAIT 5832 82 | TCP 10.0.24.15:51125 13.249.167.127:443 CLOSE_WAIT 5832 83 | TCP 10.0.24.15:51128 13.249.167.127:443 CLOSE_WAIT 5832 84 | TCP 10.0.24.15:51131 13.249.167.127:443 CLOSE_WAIT 5832 85 | TCP 10.0.24.15:51135 13.249.167.127:443 CLOSE_WAIT 5832 86 | TCP 10.0.24.15:51307 13.224.141.57:443 CLOSE_WAIT 5832 87 | TCP 10.0.24.15:51310 13.224.141.57:443 CLOSE_WAIT 5832 88 | TCP 10.0.24.15:51313 13.249.146.128:443 CLOSE_WAIT 5832 89 | TCP 10.0.24.15:52106 18.65.185.26:443 CLOSE_WAIT 5832 90 | TCP 10.0.24.15:52110 18.65.185.26:443 CLOSE_WAIT 5832 91 | TCP 10.0.24.15:52113 18.65.185.26:443 CLOSE_WAIT 5832 92 | TCP 10.0.24.15:52116 18.65.185.26:443 CLOSE_WAIT 5832 93 | TCP 10.0.24.15:52119 18.65.185.26:443 CLOSE_WAIT 5832 94 | TCP 10.0.24.15:52122 18.65.185.26:443 CLOSE_WAIT 5832 95 | TCP 10.0.24.15:52689 13.249.167.78:443 CLOSE_WAIT 5832 96 | TCP 10.0.24.15:52692 13.249.167.78:443 CLOSE_WAIT 5832 97 | TCP 10.0.24.15:52695 13.249.167.78:443 CLOSE_WAIT 5832 98 | TCP 10.0.24.15:52698 13.249.167.78:443 CLOSE_WAIT 5832 99 | TCP 10.0.24.15:52701 13.249.167.78:443 CLOSE_WAIT 5832 100 | TCP 10.0.24.15:52704 13.249.167.78:443 CLOSE_WAIT 5832 101 | TCP 10.0.24.15:53025 13.225.173.88:443 CLOSE_WAIT 5832 102 | TCP 10.0.24.15:53028 13.225.173.88:443 CLOSE_WAIT 5832 103 | TCP 10.0.24.15:54076 13.249.167.127:443 CLOSE_WAIT 5832 104 | TCP 10.0.24.15:54132 143.204.126.34:443 CLOSE_WAIT 5832 105 | TCP 10.0.24.15:54135 143.204.126.34:443 CLOSE_WAIT 5832 106 | TCP 10.0.24.15:54140 143.204.126.75:443 CLOSE_WAIT 5832 107 | TCP 10.0.24.15:56226 13.224.141.109:443 CLOSE_WAIT 5832 108 | TCP 10.0.24.15:56229 13.224.141.109:443 CLOSE_WAIT 5832 109 | TCP 10.0.24.15:57048 169.254.0.55:5574 ESTABLISHED 84 110 | TCP 10.0.24.15:57073 13.249.167.13:443 CLOSE_WAIT 5832 111 | TCP 10.0.24.15:57076 13.249.167.13:443 CLOSE_WAIT 5832 112 | TCP 10.0.24.15:57079 13.249.167.13:443 CLOSE_WAIT 5832 113 | TCP 10.0.24.15:57082 13.249.167.13:443 CLOSE_WAIT 5832 114 | TCP 10.0.24.15:57085 13.249.167.13:443 CLOSE_WAIT 5832 115 | TCP 10.0.24.15:57089 13.249.167.13:443 CLOSE_WAIT 5832 116 | TCP 10.0.24.15:58442 18.65.185.26:443 CLOSE_WAIT 5832 117 | TCP 10.0.24.15:58445 18.65.185.26:443 CLOSE_WAIT 5832 118 | TCP 10.0.24.15:58450 18.65.185.26:443 CLOSE_WAIT 5832 119 | TCP 10.0.24.15:58454 18.65.185.26:443 CLOSE_WAIT 5832 120 | TCP 10.0.24.15:58457 18.65.185.26:443 CLOSE_WAIT 5832 121 | TCP 10.0.24.15:58460 18.65.185.26:443 CLOSE_WAIT 5832 122 | TCP 10.0.24.15:59691 18.65.185.27:443 CLOSE_WAIT 5832 123 | TCP 10.0.24.15:59694 18.65.185.27:443 CLOSE_WAIT 5832 124 | TCP 10.0.24.15:60078 13.225.173.70:443 CLOSE_WAIT 5832 125 | TCP 10.0.24.15:60081 13.225.173.70:443 CLOSE_WAIT 5832 126 | TCP 10.0.24.15:60084 65.9.42.117:443 CLOSE_WAIT 5832 127 | TCP 10.0.24.15:60451 13.249.167.127:443 CLOSE_WAIT 5832 128 | TCP 10.0.24.15:60454 13.249.167.127:443 CLOSE_WAIT 5832 129 | TCP 10.0.24.15:60457 65.9.42.117:443 CLOSE_WAIT 5832 130 | TCP 10.0.24.15:60784 13.225.165.10:443 TIME_WAIT 0 131 | TCP 10.0.24.15:60785 13.225.165.10:443 TIME_WAIT 0 132 | TCP 10.0.24.15:60797 169.254.0.203:80 TIME_WAIT 0 133 | TCP 10.0.24.15:60829 169.254.0.203:80 TIME_WAIT 0 134 | TCP 10.0.24.15:60833 169.254.0.203:80 ESTABLISHED 2124 135 | TCP 10.0.24.15:61503 13.225.173.117:443 CLOSE_WAIT 5832 136 | TCP 10.0.24.15:61506 13.225.173.117:443 CLOSE_WAIT 5832 137 | TCP 10.0.24.15:61509 13.225.173.117:443 CLOSE_WAIT 5832 138 | TCP 10.0.24.15:61512 13.225.173.117:443 CLOSE_WAIT 5832 139 | TCP 10.0.24.15:61515 13.225.173.117:443 CLOSE_WAIT 5832 140 | TCP 10.0.24.15:61518 13.225.173.117:443 CLOSE_WAIT 5832 141 | TCP 10.0.24.15:61932 18.65.185.26:443 CLOSE_WAIT 5832 142 | TCP 10.0.24.15:61935 18.65.185.26:443 CLOSE_WAIT 5832 143 | TCP 10.0.24.15:61938 13.35.49.4:443 CLOSE_WAIT 5832 144 | TCP 10.0.24.15:62690 13.35.49.22:443 CLOSE_WAIT 5832 145 | TCP 10.0.24.15:62823 18.65.185.26:443 CLOSE_WAIT 5832 146 | TCP 10.0.24.15:62826 18.65.185.26:443 CLOSE_WAIT 5832 147 | TCP 10.0.24.15:62829 18.65.185.26:443 CLOSE_WAIT 5832 148 | TCP 10.0.24.15:62832 18.65.185.26:443 CLOSE_WAIT 5832 149 | TCP 10.0.24.15:63075 13.224.141.109:443 CLOSE_WAIT 5832 150 | TCP 10.0.24.15:63078 13.224.141.109:443 CLOSE_WAIT 5832 151 | TCP 10.0.24.15:63081 13.224.141.109:443 CLOSE_WAIT 5832 152 | TCP 10.0.24.15:63084 13.224.141.109:443 CLOSE_WAIT 5832 153 | TCP 10.0.24.15:63087 13.224.141.109:443 CLOSE_WAIT 5832 154 | TCP 10.0.24.15:63918 13.249.167.13:443 CLOSE_WAIT 5832 155 | TCP 10.0.24.15:63922 13.249.167.13:443 CLOSE_WAIT 5832 156 | TCP 10.0.24.15:63925 13.249.167.13:443 CLOSE_WAIT 5832 157 | TCP 10.0.24.15:64064 18.65.185.95:443 CLOSE_WAIT 5832 158 | TCP 10.0.24.15:64070 18.65.185.95:443 CLOSE_WAIT 5832 159 | TCP 10.0.24.15:64073 18.65.185.95:443 CLOSE_WAIT 5832 160 | TCP 10.0.24.15:64076 18.65.185.95:443 CLOSE_WAIT 5832 161 | TCP 10.0.24.15:64079 18.65.185.95:443 CLOSE_WAIT 5832 162 | TCP 10.0.24.15:64082 18.65.185.95:443 CLOSE_WAIT 5832 163 | TCP 10.0.24.15:64464 13.249.167.13:443 CLOSE_WAIT 5832 164 | TCP 10.0.24.15:64467 13.249.167.13:443 CLOSE_WAIT 5832 165 | TCP 10.0.24.15:64470 13.249.167.13:443 CLOSE_WAIT 5832 166 | TCP 10.0.24.15:64473 13.249.167.13:443 CLOSE_WAIT 5832 167 | TCP 10.0.24.15:64476 13.249.167.13:443 CLOSE_WAIT 5832 168 | TCP 10.0.24.15:64884 143.204.126.79:443 CLOSE_WAIT 5832 169 | TCP 10.0.24.15:64887 143.204.126.79:443 CLOSE_WAIT 5832 170 | TCP 10.0.24.15:64891 143.204.126.79:443 CLOSE_WAIT 5832 171 | TCP 10.0.24.15:64894 143.204.126.79:443 CLOSE_WAIT 5832 172 | TCP 10.0.24.15:64897 143.204.126.79:443 CLOSE_WAIT 5832 173 | TCP 10.0.24.15:64900 143.204.126.79:443 CLOSE_WAIT 5832 174 | TCP 10.0.24.15:64998 143.204.126.10:443 CLOSE_WAIT 5832 175 | TCP 10.0.24.15:65001 143.204.126.10:443 CLOSE_WAIT 5832 176 | TCP 10.0.24.15:65004 143.204.126.75:443 CLOSE_WAIT 5832 177 | TCP 10.0.24.15:65405 13.249.167.31:443 CLOSE_WAIT 5832 178 | TCP 10.0.24.15:65408 13.249.167.31:443 CLOSE_WAIT 5832 179 | TCP 10.0.24.15:65411 13.249.146.121:443 CLOSE_WAIT 5832 180 | TCP 127.0.0.1:6942 0.0.0.0:0 LISTENING 5832 181 | TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 1176 182 | TCP 127.0.0.1:63342 0.0.0.0:0 LISTENING 5832 183 | TCP 127.0.0.1:64766 127.0.0.1:64767 ESTABLISHED 5832 184 | TCP 127.0.0.1:64767 127.0.0.1:64766 ESTABLISHED 5832 185 | TCP 127.0.0.1:64768 127.0.0.1:64769 ESTABLISHED 5832 186 | TCP 127.0.0.1:64769 127.0.0.1:64768 ESTABLISHED 5832 187 | TCP 127.0.0.1:64770 127.0.0.1:64771 ESTABLISHED 5832 188 | TCP 127.0.0.1:64771 127.0.0.1:64770 ESTABLISHED 5832 189 | TCP 127.0.0.1:64821 127.0.0.1:64822 ESTABLISHED 5832 190 | TCP 127.0.0.1:64822 127.0.0.1:64821 ESTABLISHED 5832 191 | TCP [::]:21 [::]:0 LISTENING 1176 192 | TCP [::]:80 [::]:0 LISTENING 4 193 | TCP [::]:135 [::]:0 LISTENING 568 194 | TCP [::]:443 [::]:0 LISTENING 4 195 | TCP [::]:445 [::]:0 LISTENING 4 196 | TCP [::]:888 [::]:0 LISTENING 4 197 | TCP [::]:3389 [::]:0 LISTENING 2244 198 | TCP [::]:5985 [::]:0 LISTENING 4 199 | TCP [::]:6060 [::]:0 LISTENING 3308 200 | TCP [::]:8888 [::]:0 LISTENING 4984 201 | TCP [::]:47001 [::]:0 LISTENING 4 202 | TCP [::]:49152 [::]:0 LISTENING 380 203 | TCP [::]:49153 [::]:0 LISTENING 676 204 | TCP [::]:49154 [::]:0 LISTENING 712 205 | TCP [::]:49155 [::]:0 LISTENING 1340 206 | TCP [::]:49160 [::]:0 LISTENING 472 207 | TCP [::]:49192 [::]:0 LISTENING 464 208 | TCP [::1]:14147 [::]:0 LISTENING 1176 209 | UDP 0.0.0.0:123 *:* 760 210 | UDP 0.0.0.0:500 *:* 712 211 | UDP 0.0.0.0:3389 *:* 2244 212 | UDP 0.0.0.0:4500 *:* 712 213 | UDP 0.0.0.0:5355 *:* 844 214 | UDP 10.0.24.15:137 *:* 4 215 | UDP 10.0.24.15:138 *:* 4 216 | UDP [::]:123 *:* 760 217 | UDP [::]:500 *:* 712 218 | UDP [::]:3389 *:* 2244 219 | UDP [::]:4500 *:* 712 220 | UDP [::]:5355 *:* 844 221 | -------------------------------------------------------------------------------- /getIpInfo.py: -------------------------------------------------------------------------------- 1 | import re,sys 2 | from module.ipSearch import * 3 | from module.font import * 4 | 5 | def getIpInfo(stringIp,getDetails): 6 | print(Processing()+"正在识别ip,并进行标注……") 7 | ipList = re.findall(r"(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)", stringIp) # ipV6: |(?:[a-f0-9]{1,4}:){7}[a-f0-9]{1,4} 8 | if(len(ipList)==0): 9 | print(Error()+"未检测到IP存在") 10 | return False 11 | posDict = ipPos(ipList) #自带去重 12 | outText = stringIp 13 | for key,value in posDict.items(): 14 | stringIp = stringIp.replace(key,f"{blue(key)}{red(f'[{value}]')}") 15 | outText = outText.replace(key,f"{key}[{value}]") 16 | print(Result()+"IP已识别并标识,结果如下:") 17 | print(bold(stringIp)+"\n") 18 | if not os.path.exists('./Result'): 19 | os.makedirs('./Result') 20 | with open(f'./Result/newData.txt', 'w') as f: 21 | f.write(outText) 22 | print(Result()+"已导出至./Result/newData.txt\n") 23 | 24 | if(getDetails): 25 | print(Processing()+"正在查询涉及ip的历史攻击、信誉等详细信息……") 26 | ipReputationFromQax(ipList,True) 27 | #ipInfo = ipReputationFromQax(ipList,True) ipInfo可取IP各类所有信息 28 | 29 | if __name__ == "__main__": 30 | # print('\n'+Information()+bold("请输入存在ip的文本,遇到空行则结束:")) 31 | # string_ip = Input_lines(False) 32 | try: 33 | with open("./data.txt", "r") as f: 34 | string_ip = f.read() 35 | except: 36 | print("\n"+Error()+"请将存在ip的内容放至data.txt内") 37 | sys.exit() 38 | getIpInfo(string_ip,True) -------------------------------------------------------------------------------- /img/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/1.png -------------------------------------------------------------------------------- /img/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/10.png -------------------------------------------------------------------------------- /img/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/11.png -------------------------------------------------------------------------------- /img/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/2.png -------------------------------------------------------------------------------- /img/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/3.png -------------------------------------------------------------------------------- /img/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/4.png -------------------------------------------------------------------------------- /img/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/5.png -------------------------------------------------------------------------------- /img/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/6.png -------------------------------------------------------------------------------- /img/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/7.png -------------------------------------------------------------------------------- /img/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/8.png -------------------------------------------------------------------------------- /img/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/9.png -------------------------------------------------------------------------------- /img/web1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/web1.png -------------------------------------------------------------------------------- /img/web2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/img/web2.png -------------------------------------------------------------------------------- /module/font.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 3 | import os 4 | import sys 5 | import string 6 | 7 | try: 8 | import terminal 9 | except: 10 | print('检测出您未安装terminal模块,将替您安装此模块,请稍候……') 11 | os.system('pip install terminal') 12 | import terminal 13 | try: 14 | import console 15 | except: 16 | print('检测出您未安装console模块,将替您安装此模块,请稍候……') 17 | os.system('pip install console') 18 | import console 19 | 20 | def red(text): 21 | return terminal.bold(terminal.red(text)) 22 | 23 | def green(text): 24 | return terminal.green(text) 25 | 26 | def blue(text): 27 | return terminal.bold(terminal.blue(text)) 28 | 29 | def magenta(text): 30 | return terminal.magenta(text) 31 | 32 | def yellow(text): 33 | return terminal.yellow(text) 34 | 35 | def cyan(text): 36 | return terminal.cyan(text) 37 | 38 | def bold(text):#高亮 39 | return terminal.bold(text) 40 | 41 | def Processing(): 42 | return terminal.magenta(r"[Processing] ") 43 | 44 | def Information(): 45 | return terminal.cyan(r"[Information] ") 46 | 47 | def Detected(): 48 | return terminal.bold(terminal.blue(r"[Detected] ")) 49 | 50 | def Result(): 51 | return terminal.bold(terminal.green(r"[Result] ")) 52 | 53 | def Error(): 54 | return terminal.bold(terminal.red(r"[Error] ")) 55 | 56 | def Input(*num): 57 | if(num and num[0]!= 1): 58 | data = r"- " 59 | else: 60 | data = r"$ " 61 | return terminal.bold(terminal.yellow(data)) 62 | 63 | #实现回车换行,而不是结束 64 | def Input_lines(showHead=True): 65 | result = "" 66 | num = 0 67 | while True: 68 | num = num + 1 69 | data = str(input(Input(num))) if showHead else str(input()) 70 | if data == '': 71 | if(num==1): 72 | print(Error()+'首行不能为空,请重新输入!\n') 73 | result = "" 74 | num = 0 75 | continue 76 | return result 77 | result+= data+"\n"#换行 78 | 79 | #格式化输出 80 | def printF(strData, lenMax, placeHolder=" ", justify="center"): 81 | strData = str(strData) 82 | lenChina = 0 83 | for i in strData: 84 | lenChina+=1 if i not in string.printable else 0 85 | return strData.center(lenMax-lenChina,placeHolder) if justify=="center" else strData.ljust(lenMax-lenChina,placeHolder) if justify=="left" else strData.rjust(lenMax-lenChina,placeHolder) 86 | 87 | #调用直接打印table 88 | # printT( [8,13,13,10] ,"top") 89 | # printT( [["ip",8],["域名",13,"left"],["权重",13,"center"],["编号",10]]) 90 | # printT( [8,13,13,10] ,"middle") 91 | # printT( [["ip",8],["域名",13,"left"],["权重",13],["编号",10]],type="body") 92 | # printT( [8,13,13,10] ,"bottom") 93 | #tableStyle、fontStyle 分别控制字体和表格颜色 94 | def printT(dataList,type="body",getStr=False,tableStyle="red",fontStyle=""): 95 | 96 | def table(str): 97 | if tableStyle == "red": 98 | return red(str) 99 | elif tableStyle == "green": 100 | return green(str) 101 | elif tableStyle == "magenta": 102 | return magenta(str) 103 | elif tableStyle == "blue": 104 | return blue(str) 105 | elif tableStyle == "yellow": 106 | return yellow(str) 107 | elif tableStyle == "cyan": 108 | return cyan(str) 109 | elif tableStyle == "bold": 110 | return bold(str) 111 | else: 112 | return str 113 | 114 | def font(str): 115 | if fontStyle == "red": 116 | return red(str) 117 | elif fontStyle == "green": 118 | return green(str) 119 | elif fontStyle == "magenta": 120 | return magenta(str) 121 | elif fontStyle == "blue": 122 | return blue(str) 123 | elif fontStyle == "yellow": 124 | return yellow(str) 125 | elif fontStyle == "cyan": 126 | return cyan(str) 127 | elif fontStyle == "bold": 128 | return bold(str) 129 | else: 130 | return str 131 | 132 | try: 133 | str="" 134 | if type == "top": 135 | str = table("┌") 136 | for index, data in enumerate(dataList): 137 | str += table("─" * data) 138 | str += table("┬") if index != len(dataList)-1 else table("┐") 139 | elif type == "bottom": 140 | str = table("└") 141 | for index, data in enumerate(dataList): 142 | str += table("─" * data) 143 | str += table("┴") if index != len(dataList)-1 else table("┘") 144 | elif type == "middle": 145 | str = table("├") 146 | for index, data in enumerate(dataList): 147 | str += table("─" * data) 148 | str += table("┼") if index != len(dataList)-1 else table("┤") 149 | else: 150 | str = table("│") 151 | for data in dataList: 152 | justify = "center" if len(data)==2 else data[2] 153 | str += f"{font(printF(data[0], data[1], justify=justify))}{table('│')}" 154 | if getStr: 155 | return str 156 | else: 157 | print(str) 158 | except Exception as e: 159 | print(f"\033[31m[Error] {e}\r\n") 160 | print('正确使用方法:') 161 | print(' printT( [8,13,13,10] ,"top")') 162 | print(' printT( [["ip",8],["域名",13,"left"],["权重",13],["编号",10]])') 163 | print(' printT( [8,13,13,10] ,"middle")') 164 | print(' printT( [["ip",8],["域名",13,"left"],["权重",13],["编号",10]])') 165 | print(' printT( [8,13,13,10] ,"bottom")\033[0m') -------------------------------------------------------------------------------- /module/ipSearch.py: -------------------------------------------------------------------------------- 1 | import os,sys,re 2 | from configparser import ConfigParser 3 | import requests,time,json 4 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 5 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 6 | import xlrd #pip install xlrd==1.2.0 7 | try: 8 | from font import * 9 | except: 10 | from module.font import * 11 | Processing=str(Processing()) 12 | Information=str(Information()) 13 | Detected=str(Detected()) 14 | Result=str(Result()) 15 | Error=str(Error()) 16 | 17 | try: 18 | from qqwry import QQwry 19 | from qqwry import updateQQwry 20 | except: 21 | print("pip install qqwry-py3") 22 | 23 | #更新纯真ip数据库,可手动触发 24 | def updatePos(): 25 | print(Processing+"正在更新最新纯真IP数据库,请稍等……") 26 | updateQQwry('qqwry.dat') 27 | print(Result+"纯真IP数据库更新完毕!") 28 | 29 | def ipPos(ipList): #返回字典、自带去重 30 | q = QQwry() 31 | # 判断是否存在纯真ip数据库 32 | if not os.path.exists('qqwry.dat'): 33 | updatePos() 34 | # 加载纯真ip数据库 35 | q.load_file('qqwry.dat') 36 | # 查询ip归属地 37 | result = {} 38 | for ip in ipList: 39 | pos = q.lookup(ip)[0] 40 | result[ip] = pos 41 | return result 42 | 43 | def initCookie(needNewCookie=False): 44 | file_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "config.ini") 45 | cf = ConfigParser() 46 | try: 47 | cf.read(file_path, encoding='utf-8') 48 | session = cf.get('arsenal', 'cookie-Session') 49 | if(needNewCookie): 50 | a=cf+1#故意抛异常 51 | except: 52 | session = input('\n'+Information+bold("请登录https://ti.qianxin.com/后,在此输入Cookie中session的值:\n")+Input()) 53 | cf.add_section('arsenal') if not cf.has_section('arsenal') else 0 54 | cf.set('arsenal', 'cookie-Session', session) 55 | cf.write(open(file_path, 'w+')) 56 | return session 57 | 58 | #默认会输出Result目录下,analysis控制是否解析xlsx并返回结果(默认不解析) 59 | #tempDataList别太大,200以内 60 | def ipReputationFromQax(tempDataList,analysis=False,needNewCookie=False): 61 | dataList=[] 62 | for data in tempDataList: 63 | if not re.match("^(127\\.0\\.0\\.1)|(0\\.0\\.0\\.0)|(localhost)|(10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})|(172\\.((1[6-9])|(2\\d)|(3[01]))\\.\\d{1,3}\\.\\d{1,3})|(192\\.168\\.\\d{1,3}\\.\\d{1,3})$",data): 64 | dataList.append(data) 65 | if(len(dataList)==0): 66 | print(Error+"传入无外网地址") 67 | print(tempDataList) 68 | session = initCookie(needNewCookie) 69 | headers = { 70 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36", 71 | "Connection": "close", 72 | "Cookie": f"session={session}", 73 | "Content-Type": "application/json;charset=UTF-8", 74 | "Referer": "https://ares.ti.qianxin.com/ares/tools/ip-reputation" 75 | } 76 | data = '{"upload_type_name":"ip_reputation_analysis","file_str":"'+r"\n".join(dataList)+'"}' 77 | msg = '' 78 | try: 79 | req1 = requests.post(url="https://ares.ti.qianxin.com/arsenal/api/uploadStr", headers=headers, data=data, verify=False, allow_redirects=False,timeout=5) 80 | msg = req1.json()['message'] 81 | except Exception as e: 82 | print(Error+str(e)) 83 | if msg == 'no access to this module': 84 | print(Error+"Cookie失效,请更新您的Cookie-session的值") 85 | ipReputationFromQax(dataList,analysis,True) 86 | return False 87 | if msg == '\u4eca\u65e5\u514d\u8d39\u8bd5\u7528\u6b21\u6570\u5df2\u7ecf\u4f7f\u7528\u5b8c\u6bd5': 88 | print(Error+msg) 89 | print(Information+"基于接口bug,请更换您的ip地址即可绕过") 90 | return False 91 | if(msg=='' or msg != 'upload task success'): 92 | print(Error+msg) 93 | print(Information+"请检查接口是否存在异常/更换您的cookie值") 94 | return False 95 | time.sleep(3)#等待服务端解析 96 | data = '{"upload_type_name":"ip_reputation_analysis"}' 97 | try: 98 | req1 = requests.post(url="https://ares.ti.qianxin.com/arsenal/api/task/userLatestTaskInfo", headers=headers, data=data, verify=False, allow_redirects=False,timeout=5) 99 | msg = req1.json()['data']['download_report_url'] 100 | fileName = req1.json()['data']['report_file_name'] 101 | if(msg=='' or 'https://shs3.b.qianxin.com' not in msg): 102 | print(Error+req1.json()['message']) 103 | return False 104 | except Exception as e: 105 | print(Error+str(e)) 106 | try: 107 | req1 = requests.get(url=msg, verify=False, allow_redirects=False,timeout=5) 108 | if not os.path.exists('./Result'): 109 | os.makedirs('./Result') 110 | with open(f'./Result/{fileName}', 'wb') as f: 111 | f.write(req1.content) 112 | except Exception as e: 113 | print(Error+str(e)) 114 | 115 | if(not analysis): 116 | print(Result+f'详细内容已输出至文件:./Result/{fileName}') 117 | return False 118 | #解析xlsx文档,读取数据 119 | result=[] 120 | wb = xlrd.open_workbook(f'./Result/{fileName}') 121 | sheetNames = wb.sheet_names() 122 | for i in sheetNames: 123 | sheet = wb.sheet_by_name(i) 124 | sheetData = [] 125 | [sheetData.append(sheet.row_values(j)) for j in range(sheet.nrows)] 126 | result.append(sheetData) 127 | 128 | printDataList = result[0][1:] 129 | printT( [15,10,7,7,14,22,5] ,"top") 130 | printT( [["IP",15],["国家",10],["IDC",7],["代理",7],["最近解析域名",14],["攻击类型",22],["...",5]]) 131 | for printData in printDataList: 132 | printT( [15,10,7,7,14,22,5] ,"middle") 133 | typeList=printData[-2].split(",") 134 | type ='-' if printData[-2]=="" else printData[-2] 135 | if(len(typeList)>1): 136 | type = typeList[0]+','+typeList[1] 137 | domain = '-' if printData[12]=="" else printData[12] 138 | printT( [[printData[0],15],[printData[1],10],[printData[8],7],[printData[9],7],[domain,14],[type,22],["...",5]]) 139 | printT( [15,10,7,7,14,22,5] ,"bottom") 140 | print(Result+f'IP详细内容已输出至文件:./Result/{fileName}') 141 | return result 142 | 143 | # dataList=['103.85.84.160','46.19.138.162','113.56.96.34'] 144 | # posDict = ipPos(dataList) 145 | # print(posDict) 146 | # ipInfo = ipReputationFromQax(dataList,True) 147 | # print(ipInfo) -------------------------------------------------------------------------------- /qqwry.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Potato-py/getIpInfo/49f2f11f5a21a914bcfb5a751618405daad7d88e/qqwry.dat --------------------------------------------------------------------------------