{"id":43706073,"url":"https://github.com/Getshell/Fanzhi","last_synced_at":"2026-03-01T06:01:00.059Z","repository":{"id":186882353,"uuid":"477238721","full_name":"Getshell/Fanzhi","owner":"Getshell","description":"《FanZhi-攻击与反制的艺术》","archived":false,"fork":false,"pushed_at":"2023-12-08T06:40:19.000Z","size":2126,"stargazers_count":32,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-12-08T07:39:53.614Z","etag":null,"topics":["0e0w","getshell"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Getshell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-04-03T04:37:01.000Z","updated_at":"2023-09-25T09:20:13.000Z","dependencies_parsed_at":"2023-12-08T07:38:22.108Z","dependency_job_id":"9bd70788-6f0b-44f4-879e-340e8963c5f1","html_url":"https://github.com/Getshell/Fanzhi","commit_stats":null,"previous_names":["getshell/fanzhi"],"tags_count":0,"template":null,"template_full_name":null,"purl":"pkg:github/Getshell/Fanzhi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Getshell%2FFanzhi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Getshell%2FFanzhi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Getshell%2FFanzhi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Getshell%2FFanzhi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Getshell","download_url":"https://codeload.github.com/Getshell/Fanzhi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Getshell%2FFanzhi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29961852,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T05:59:08.471Z","status":"ssl_error","status_checked_at":"2026-03-01T05:58:04.208Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0e0w","getshell"],"created_at":"2026-02-05T06:00:17.296Z","updated_at":"2026-03-01T06:01:00.045Z","avatar_url":"https://github.com/Getshell.png","language":null,"readme":"# 《FanZhi-攻击与反制的艺术》\n\n本项目用来研究如何反制红队攻击队的方法和思路。攻与防的对抗一直可谓是道高一尺魔高一丈，但不知谁是道，不知谁是魔。蓝中包含着红，红中又包含着蓝。当然，只有优秀的攻击队才能出色的反制攻击队！希望利用本文能够让红队避免被干翻，更希望利用本文能够早日干翻红队！**希望每一次行动结束后，领导握着你的手看着一分未丢的大屏对大家说，今年这届攻击队能力不行呀！不但没搞下目标，还被你反被搞了！** 作者：[0e0w]()\n\n本项目创建于2022年4月1日，最近的一次更新时间为2023年12月08日。\n\n- [01-反制资源](https://github.com/Getshell/Fanzhi#01-%E5%8F%8D%E5%88%B6%E8%B5%84%E6%BA%90)\n- [02-工具反制](https://github.com/Getshell/Fanzhi#02-%E5%B7%A5%E5%85%B7%E5%8F%8D%E5%88%B6)\n- [03-服务反制](https://github.com/Getshell/Fanzhi#03-%E6%9C%8D%E5%8A%A1%E5%8F%8D%E5%88%B6)\n- [04-钓鱼反制](https://github.com/Getshell/Fanzhi#04-%E9%92%93%E9%B1%BC%E5%8F%8D%E5%88%B6)\n- [05-蜜罐反制](https://github.com/Getshell/Fanzhi#05-%E8%9C%9C%E7%BD%90%E5%8F%8D%E5%88%B6)\n- [06-攻击画像](https://github.com/Getshell/Fanzhi#06-%E6%94%BB%E5%87%BB%E7%94%BB%E5%83%8F)\n\n## 01-反制资源\n\n为何反制？何为反制？攻击队会做什么操作？攻击队对什么感兴趣？成为一名优秀的防守人员，从而吊打红队。反制的本质是？给你一个软件，你敢运行吗？看上去知名的软件你敢运行？你相信作者的保证的话？在社会工程学面前信誉压根不值一谈。\n\n一、何为反制\n\n​\t反制即对敌对人物和势力的行为进行反击。反制红队攻击人员即通过技术等手段获取攻击队的权限信息等。\n\n二、为何反制\n\n​\t为了在防守行动中获得加分获得甲方的认可。更是为了与红队攻击人员的技术水平一决高下。\n\n三、反制本质\n\n​\t反制的本质是人性的把控以及社会工程学的把弄。\n\n四、如何反制\n\n五、反制资源\n\n- https://www.yuque.com/dollhouse/pdqqb7/kq56b0\n- https://www.yuque.com/feiniao112/hnk3pi/km9ldq\n- https://www.yuque.com/feiniao112/hnk3pi/yfp2rh\n- https://www.yuque.com/hxdsec/rlacu2/fd70caaf-084c-4969-b9c1-f23f7c7957e0\n- https://www.yuque.com/linuz/cagovg/yhck0f\n- https://www.yuque.com/feiniao112/hnk3pi/hbx7lg\n- https://www.yuque.com/snnxyss/obcoqf/xhca0v\n- https://www.yuque.com/xiaoming-nx3vo/kklc70/kuallb\n- https://xz.aliyun.com/t/11403\n- https://xz.aliyun.com/t/11471\n- https://github.com/fuckjsonp/FuckJsonp-RCE-CVE-2022-26809-SQL-XSS-FuckJsonp\n- https://github.com/piaolin/DetectDee\n\n## 02-工具反制\n\n攻击队会用到什么工具？漏洞扫描工具。网上下载的工具你敢运行？你还在使用破解软件？\n\n- Goby反制\n- Xray反制\n- 蚁剑反制\n  - https://github.com/shiyeshu/antSword-UnrealWebshell\n- CS反制\n  - https://mp.weixin.qq.com/s/l5e2p_WtYSCYYhYE0lzRdQ\n- 冰蝎反制\n- BurpSuite\n  - https://hackerone.com/reports/1274695\n  - https://mp.weixin.qq.com/s/N3MXMsDJM8DUSHBryCaDUw\n- RAR文件反制\n- Jar文件反制\n- IDEA\n  - https://github.com/wendell1224/ide-honeypot\n  - https://github.com/CC11001100/idea-project-fish-exploit\n- 自研工具反制\n\n## 03-服务反制\n\n因为各种原因导致系统不能下线，漏洞不能修补。\n\n- MySQL\n  - https://github.com/rmb122/rogue_mysql_server\n  - https://github.com/fnmsd/MySQL_Fake_Server\n  - https://github.com/BeichenDream/MysqlT\n  - https://github.com/heikanet/MysqlHoneypot\n- Web\n  - https://github.com/Weik1/jsonp-\n\n## 04-钓鱼反制\n\n攻击队会进行什么样的操作？访问一个网站会怎么样？\n\n一、诱导下载\n\n- 放一个EXE安装包？\n- 放一个apk安装包？\n- 放一个ipa安装包？\n- 放一个源代码？\n- 放一个超级大的文件？\n- 放一个超级诡异的音乐？\n- 模拟一个安全工具的网页？\n- 放一个Word文件？\n- 放一个webshell特征？-\u003e||\u003c-\n\n九、工具破解钓鱼\n\n- https://rmb122.com/2021/10/02/%E5%88%A9%E7%94%A8%E9%A1%B9%E7%9B%AE%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6%E8%BF%9B%E8%A1%8C-RCE-IDE-Trust-Project-%E5%8A%9F%E8%83%BD%E6%8E%A2%E7%A9%B6/\n\n## 05-蜜罐反制\n\n蜜罐是H.v.v行动带火的一款安全产品。\n\n一、开源蜜罐？\n\n二、商业蜜罐？\n\n三、数据库蜜罐？\n\n四、蜜罐资源\n\n- https://github.com/jwxa2015/honeypotcollection\n- https://github.com/decoymini/DecoyMini\n- https://github.com/TheKingOfDuck/Loki\n- https://www.freebuf.com/articles/database/339646.html\n\n## 06-攻击画像\n\n一、IP溯源\n\n二、域名溯源\n\n三、ID溯源\n\n- 如何","funding_links":[],"categories":["红队\u0026渗透测试"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGetshell%2FFanzhi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGetshell%2FFanzhi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGetshell%2FFanzhi/lists"}