首页
文章 标签 分类
首页

Go Forensics

lavaicer  收录于  类别 Go
     约 1540 字   预计阅读 4 分钟 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

var (
	fileInfo os.FileInfo
	err      error
)

func main() {
	// Stat returns file info. It will return
	// an error if there is no file.
	fileInfo, err = os.Stat("test.txt")
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println("File name:", fileInfo.Name())
	fmt.Println("Size in bytes:", fileInfo.Size())
	fmt.Println("Permissions:", fileInfo.Mode())
	fmt.Println("Last modified:", fileInfo.ModTime())
	fmt.Println("Is Directory: ", fileInfo.IsDir())
	fmt.Printf("System interface type: %T\n", fileInfo.Sys())
	fmt.Printf("System info: %+v\n\n", fileInfo.Sys())
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

type FileNode struct {
	FullPath string
	Info     os.FileInfo
}

func insertSorted(fileList *list.List, fileNode FileNode) {
	if fileList.Len() == 0 { // If list is empty, just insert and return
		fileList.PushFront(fileNode)
		return
	}

	for element := fileList.Front(); element != nil; element = element.Next() {
		if fileNode.Info.Size() < element.Value.(FileNode).Info.Size() {
			fileList.InsertBefore(fileNode, element)
			return
		}
	}

	fileList.PushBack(fileNode)
}

func getFilesInDirRecursivelyBySize(fileList *list.List, path string) {
	dirFiles, err := ioutil.ReadDir(path)
	if err != nil {
		log.Println("Error reading directory: " + err.Error())
	}

	for _, dirFile := range dirFiles {
		fullpath := filepath.Join(path, dirFile.Name())
		if dirFile.IsDir() {
			getFilesInDirRecursivelyBySize(
				fileList,
				filepath.Join(path, dirFile.Name()),
			)
		} else if dirFile.Mode().IsRegular() {
			insertSorted(
				fileList,
				FileNode{FullPath: fullpath, Info: dirFile},
			)
		}
	}
}

func main() {
	fileList := list.New()
	getFilesInDirRecursivelyBySize(fileList, "/home")

	for element := fileList.Front(); element != nil; element =
		element.Next() {
		fmt.Printf("%d ", element.Value.(FileNode).Info.Size())
		fmt.Printf("%s\n", element.Value.(FileNode).FullPath)
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

type FileNode struct {
	FullPath string
	Info     os.FileInfo
}

func insertSorted(fileList *list.List, fileNode FileNode) {
	if fileList.Len() == 0 { // If list is empty, just insert and return
		fileList.PushFront(fileNode)
		return
	}

	for element := fileList.Front(); element != nil; element = element.Next() {
		if fileNode.Info.ModTime().Before(element.Value.
			(FileNode).Info.ModTime()) {
			fileList.InsertBefore(fileNode, element)
			return
		}
	}

	fileList.PushBack(fileNode)
}

func GetFilesInDirRecursivelyBySize(fileList *list.List, path string) {
	dirFiles, err := ioutil.ReadDir(path)
	if err != nil {
		log.Println("Error reading directory: " + err.Error())
	}

	for _, dirFile := range dirFiles {
		fullpath := filepath.Join(path, dirFile.Name())
		if dirFile.IsDir() {
			GetFilesInDirRecursivelyBySize(
				fileList,
				filepath.Join(path, dirFile.Name()),
			)
		} else if dirFile.Mode().IsRegular() {
			insertSorted(
				fileList,
				FileNode{FullPath: fullpath, Info: dirFile},
			)
		}
	}
}

func main() {
	fileList := list.New()
	GetFilesInDirRecursivelyBySize(fileList, "/")

	for element := fileList.Front(); element != nil; element = element.Next() {
		fmt.Print(element.Value.(FileNode).Info.ModTime())
		fmt.Printf("%s\n", element.Value.(FileNode).FullPath)
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

package main

// Device is typically /dev/sda but may also be /dev/sdb, /dev/sdc
// Use mount, or df -h to get info on which drives are being used
// You will need sudo to access some disks at this level

import (
	"io"
	"log"
	"os"
)

func main() {
	path := "/dev/sda"
	log.Println("[+] Reading boot sector of " + path)

	file, err := os.Open(path)
	if err != nil {
		log.Fatal("Error: " + err.Error())
	}

	// The file.Read() function will read a tiny file in to a large
	// byte slice, but io.ReadFull() will return an
	// error if the file is smaller than the byte slice.
	byteSlice := make([]byte, 512)
	// ReadFull Will error if 512 bytes not available to read
	numBytesRead, err := io.ReadFull(file, byteSlice)
	if err != nil {
		log.Fatal("Error reading 512 bytes from file. " + err.Error())
	}

	log.Printf("Bytes read: %d\n\n", numBytesRead)
	log.Printf("Data as decimal:\n%d\n\n", byteSlice)
	log.Printf("Data as hex:\n%x\n\n", byteSlice)
	log.Printf("Data as string:\n%s\n\n", byteSlice)
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

func main() {
	myImage := image.NewRGBA(image.Rect(0, 0, 100, 200)) // 100x200 pixels

	for p := 0; p < 100*200; p++ {
		pixelOffset := 4 * p
		myImage.Pix[0+pixelOffset] = uint8(rand.Intn(256)) // Red
		myImage.Pix[1+pixelOffset] = uint8(rand.Intn(256)) // Green
		myImage.Pix[2+pixelOffset] = uint8(rand.Intn(256)) // Blue
		myImage.Pix[3+pixelOffset] = 255                   // Alpha

	}

	outputFile, err := os.Create("test.jpg")
	if err != nil {
		log.Fatal(err)
	}

	jpeg.Encode(outputFile, myImage, nil)

	err = outputFile.Close()
	if err != nil {
		log.Fatal(err)
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

// This example uses zip but standard library
// also supports tar archives
package main

import (
	"archive/zip"
	"log"
	"os"
)

func main() {

	outFile, err := os.Create("test.zip")
	if err != nil {
		log.Fatal(err)
	}
	defer outFile.Close()

	zipWriter := zip.NewWriter(outFile)

	var filesToArchive = []struct {
		Name, Body string
	}{
		{"test.txt", "String contents of file"},
		{"test2.txt", "\x61\x62\x63\n"},
	}

	for _, file := range filesToArchive {
		fileWriter, err := zipWriter.Create(file.Name)
		if err != nil {
			log.Fatal(err)
		}

		_, err = fileWriter.Write([]byte(file.Body))
		if err != nil {
			log.Fatal(err)
		}
	}

	err = zipWriter.Close()
	if err != nil {
		log.Fatal(err)
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

func main() {

	// Open original file
	firstFile, err := os.Open("test.jpg")
	if err != nil {
		log.Fatal(err)
	}
	defer firstFile.Close()

	// Second file
	secondFile, err := os.Open("test.zip")
	if err != nil {
		log.Fatal(err)
	}
	defer secondFile.Close()

	// New file for output
	newFile, err := os.Create("stego_image.jpg")
	if err != nil {
		log.Fatal(err)
	}
	defer newFile.Close()

	// Copy the bytes to destination from source
	_, err = io.Copy(newFile, firstFile)
	if err != nil {
		log.Fatal(err)
	}
	_, err = io.Copy(newFile, secondFile)
	if err != nil {
		log.Fatal(err)
	}

}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

func main() {
	// Zip signature is "\x50\x4b\x03\x04"
	filename := "stego_image.jpg"
	file, err := os.Open(filename)
	if err != nil {
		log.Fatal(err)
	}
	bufferedReader := bufio.NewReader(file)

	fileStat, _ := file.Stat()
	// 0 is being cast to an int64 to force i to be initialized as
	// int64 because filestat.Size() returns an int64 and must be
	// compared against the same type
	for i := int64(0); i < fileStat.Size(); i++ {
		myByte, err := bufferedReader.ReadByte()
		if err != nil {
			log.Fatal(err)
		}

		if myByte == '\x50' { // First byte match. Check the next 3 bytes
			byteSlice := make([]byte, 3)
			// Get bytes without advancing pointer with Peek
			byteSlice, err = bufferedReader.Peek(3)
			if err != nil {
				log.Fatal(err)
			}
			if bytes.Equal(byteSlice, []byte{'\x4b', '\x03', '\x04'}) {
				log.Printf("Found zip signature at byte %d.", i)
			}
		}
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

func main() {
	if len(os.Args) != 2 {
		log.Fatal("No IP address argument provided.")
	}
	arg := os.Args[1]

	// Parse the IP for validation
	ip := net.ParseIP(arg)
	if ip == nil {
		log.Fatal("Valid IP not detected. Value provided: " + arg)
	}

	fmt.Println("Looking up hostnames for IP address: " + arg)
	hostnames, err := net.LookupAddr(ip.String())
	if err != nil {
		log.Fatal(err)
	}
	for _, hostnames := range hostnames {
		fmt.Println(hostnames)
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

func main() {
	if len(os.Args) != 2 {
		log.Fatal("No hostname argument provided.")
	}
	arg := os.Args[1]

	fmt.Println("Looking up IP addresses for hostname: " + arg)

	ips, err := net.LookupHost(arg)
	if err != nil {
		log.Fatal(err)
	}
	for _, ip := range ips {
		fmt.Println(ip)
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

func main() {
	if len(os.Args) != 2 {
		log.Fatal("No domain name argument provided")
	}
	arg := os.Args[1]

	fmt.Println("Looking up MX records for " + arg)

	mxRecords, err := net.LookupMX(arg)
	if err != nil {
		log.Fatal(err)
	}
	for _, mxRecord := range mxRecords {
		fmt.Printf("Host: %s\tPreference: %d\n", mxRecord.Host, mxRecord.Pref)
	}
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

func main() {
	if len(os.Args) != 2 {
		log.Fatal("No domain name argument provided")
	}
	arg := os.Args[1]

	fmt.Println("Looking up nameservers for " + arg)

	nameservers, err := net.LookupNS(arg)
	if err != nil {
		log.Fatal(err)
	}
	for _, nameserver := range nameservers {
		fmt.Println(nameserver.Host)
	}
}

相关内容

Go Web Scraping

Go Web App

Go SSH

Go Cryptography

Go Work With File

更新于 2023-03-01
 Go
返回 | 主页