├── LICENSE ├── README.md └── exploit.md /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 httpwaf 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # lansec 2 | 3 | ## 一 、介绍 4 | lansec本质是局域网逻辑网关隔离系统+AI流量学习,减少局域网99.9%以上的0day漏洞的远程利用,拦截木马通信和保障局域网数据安全。 5 | 6 | ## 二 、局域网防御非常重要 7 | 大多内网渗透都是通过利用终端软件漏洞如视频、社交、浏览器、电子邮件、输入法等在局域网的电脑电脑植入后门,从而入侵内网。[**查看部分2025公开的终端软件高危漏洞和攻击手段**](./exploit.md) 8 | 政府军事等重要部门都是物理隔离防止0day利用,由于云技术的迅速发展,企业研发、运营、客服、财务等都必须联网,部署逻辑隔离系统非常有必要。 9 | 10 | ## 三、系统内核要求 11 | 要求内核版本大于3.10,推荐2020年以后的linux发行版本: 12 | * Ubuntu 16.04+ 13 | * Fedora 31+ 14 | * RHEL 7.0+ 15 | * Debian 10+ 16 | * Rocky Linux 9.0+ 17 | * ... 18 | 19 | ```console 20 | $ wget http://101.42.31.94/lansec.tar.gz 21 | $ mkdir /lansec/ && tar -zxvf lansec.tar.gz -C /lansec/ && chmod 777 /lansec/bin/* && /lansec/bin/lansec daemon 22 | $ 1. Kill all of processes........................... 23 | 2. Init ok......................................... 24 | 3. System is running................................ 25 | ``` 26 | 成功运行后,可以用浏览器登陆web管理口是5678 27 | 28 | * 停止运行/lansec/bin/lansec stop 29 | * 卸载 rm /lansec/ -rf 30 | ## 四、两种运行模式 31 | #### 1、单网卡软件模式 32 | 局域网任何一台Linux(包括虚拟机)安装一台,即可对整个局域网进行防御。典型的安装步骤是: 33 | * 1、在Windows上安装Vmware虚拟机,然后安装Linux操作系统,把物理网卡设置为桥接模式(必须是有线网卡,不能是无线网卡)。保证Linux、Windows、路由器在同一个IP网段。 34 | * 2、在Linux上安装Lansec。 35 | * 3、需要防护的Windows上运行ncpa.cpl命令,去掉IPv6协议,再把IPv4的网关指向lansec的IP地址如192.168.1.8,配置好DNS即可,如下图: 36 | 37 | #### 2、双网卡硬件模式 38 | 硬件模式终端电脑不需要任何设置,支持IPv6,硬件隔离比软件隔离更安全。 39 | 40 | 41 | 42 | ## 五、商业版演示地址 43 | 44 | 演示地址 [http://101.42.31.94:9998/](http://101.42.31.94:9998/) 45 | 46 | ## 六、源码部署和技术白皮书微信号httpwaf 47 | 48 | ![](https://gitee.com/httpwaf/httpwaf/raw/master/img/wechat.png) 49 | -------------------------------------------------------------------------------- /exploit.md: -------------------------------------------------------------------------------- 1 | # 部分局域网终端设备漏洞利2024 2 | 3 | * 微信点击恶意链接执行远程代码,控制用户的手机。 [https://www.secrss.com/articles/70042](https://www.secrss.com/articles/70042) 4 | * Telegram零日漏洞允许发送伪装成视频到群,群所有终端被植入后门。 [https://ti.dbappsecurity.com.cn/info/6098](https://ti.dbappsecurity.com.cn/info/6098) 5 | * 韩国黑客利用WPS零日漏洞开展大规模间谍活动,打开WPS文档就被植入后门。[https://www.secrss.com/articles/69599](https://www.secrss.com/articles/69599) 6 | * 搜狗输入法绕过windows锁屏逻辑RCE漏洞,直接控制Windows。 [https://www.bilibili.com/video/BV1mevYeHEKQ/](https://www.bilibili.com/video/BV1mevYeHEKQ/) 7 | * ... [**点击返回首页**](./README.md) 8 | 9 | 公开的漏洞仅仅是冰山一角,内网终端软件太多了,而且很多厂商都不重视修复,局域网已经成为黑客攻击的重灾区。 10 | 11 | --------------------------------------------------------------------------------