CCCougar · September 9, 2021 10:24
diff --git a/main.go b/main.go
 // 获得进程快照信息和netstate -an的信息base64编码后以POST数据的形式上传到相应地址
 package main

 import (
 	"bytes"
 	"encoding/base64"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strconv"

 	"github.com/cakturk/go-netstat/netstat"
 	winps "github.com/mitchellh/go-ps"
 )

 func handlerr(err error) {
 	if err != nil {
 		panic(err)
 	}
 }

 func getProcessList() string {
 	processes, err := winps.Processes()
 	handlerr(err)

 	var processInfo string = ""
 	processInfo += fmt.Sprintf("%s\t%s\t%s\n", "Pid", "PPid", "Executable name")
 	for _, process := range processes {
 		processInfo += fmt.Sprintf("%s\t%s\t%s\n", strconv.Itoa(process.Pid()), strconv.Itoa(process.PPid()), process.Executable())
 	}

 	return processInfo
 }

 func getUDPSockets() string {
 	// UDP sockets
 	socks, err := netstat.UDPSocks(netstat.NoopFilter)
 	handlerr(err)

 	var udpConn string = ""
 	udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "Proto", "Local Address", "Foreign Address", "Process Name")

 	for _, e := range socks {
 		udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "UDP", e.LocalAddr.String(), e.RemoteAddr.String(), e.Process.Name)
 	}

 	return udpConn
 }

 func getTCPSockets() string {
 	socks, err := netstat.TCPSocks(netstat.NoopFilter)
 	handlerr(err)

 	var tcpConn string = ""
 	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "Proto", "Local Address", "Foreign Address", "State", "Process Name")
 	for _, e := range socks {
 		if e.Process != nil {
 			tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), e.Process.Name)
 		} else {
 			tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), "")
 		}
 	}

 	return tcpConn
 }

 func main() {
 	var AllData string = ""

 	processInfo := getProcessList()
 	udpConn := getUDPSockets()
 	tcpConn := getTCPSockets()

 	AllData += processInfo
 	AllData += tcpConn
 	AllData += udpConn

 	AllDataBase64 := base64.StdEncoding.EncodeToString([]byte(AllData))

 	var postAPI = flag.String("url", "", "post API, like \"http://127.0.0.1/myapi\"")
 	var verboseFlag = flag.Bool("v", false, "enable verbose mode")

 	flag.Parse()

 	if *verboseFlag {
 		fmt.Println(AllData)
 	}
 	// fmt.Println(*postAPI)

 	res, err := http.Post(*postAPI,
 		"application/text;charset=utf-8", bytes.NewBuffer([]byte(AllDataBase64)))
 	if err != nil {
 		fmt.Println("Fatal error ", err.Error())
 	}
 	defer res.Body.Close()

 	content, err := ioutil.ReadAll(res.Body)
 	if err != nil {
 		fmt.Println("Fatal error ", err.Error())
 	}
 	fmt.Println(content)
 }
	// 获得进程快照信息和netstate -an的信息base64编码后以POST数据的形式上传到相应地址
	package main

	import (
	"bytes"
	"encoding/base64"
	"flag"
	"fmt"
	"io/ioutil"
	"net/http"
	"strconv"

	"github.com/cakturk/go-netstat/netstat"
	winps "github.com/mitchellh/go-ps"
	)

	func handlerr(err error) {
	if err != nil {
	panic(err)
	}
	}

	func getProcessList() string {
	processes, err := winps.Processes()
	handlerr(err)

	var processInfo string = ""
	processInfo += fmt.Sprintf("%s\t%s\t%s\n", "Pid", "PPid", "Executable name")
	for _, process := range processes {
	processInfo += fmt.Sprintf("%s\t%s\t%s\n", strconv.Itoa(process.Pid()), strconv.Itoa(process.PPid()), process.Executable())
	}

	return processInfo
	}

	func getUDPSockets() string {
	// UDP sockets
	socks, err := netstat.UDPSocks(netstat.NoopFilter)
	handlerr(err)

	var udpConn string = ""
	udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "Proto", "Local Address", "Foreign Address", "Process Name")

	for _, e := range socks {
	udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "UDP", e.LocalAddr.String(), e.RemoteAddr.String(), e.Process.Name)
	}

	return udpConn
	}

	func getTCPSockets() string {
	socks, err := netstat.TCPSocks(netstat.NoopFilter)
	handlerr(err)

	var tcpConn string = ""
	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "Proto", "Local Address", "Foreign Address", "State", "Process Name")
	for _, e := range socks {
	if e.Process != nil {
	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), e.Process.Name)
	} else {
	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), "")
	}
	}

	return tcpConn
	}

	func main() {
	var AllData string = ""

	processInfo := getProcessList()
	udpConn := getUDPSockets()
	tcpConn := getTCPSockets()

	AllData += processInfo
	AllData += tcpConn
	AllData += udpConn

	AllDataBase64 := base64.StdEncoding.EncodeToString([]byte(AllData))

	var postAPI = flag.String("url", "", "post API, like \"http://127.0.0.1/myapi\"")
	var verboseFlag = flag.Bool("v", false, "enable verbose mode")

	flag.Parse()

	if *verboseFlag {
	fmt.Println(AllData)
	}
	// fmt.Println(*postAPI)

	res, err := http.Post(*postAPI,
	"application/text;charset=utf-8", bytes.NewBuffer([]byte(AllDataBase64)))
	if err != nil {
	fmt.Println("Fatal error ", err.Error())
	}
	defer res.Body.Close()

	content, err := ioutil.ReadAll(res.Body)
	if err != nil {
	fmt.Println("Fatal error ", err.Error())
	}
	fmt.Println(content)
	}