{"id":28521585,"url":"https://github.com/probiusofficial/n3tfl0w-labs","last_synced_at":"2025-07-04T00:32:48.177Z","repository":{"id":291804039,"uuid":"829796053","full_name":"ProbiusOfficial/n3tfl0w-labs","owner":"ProbiusOfficial","description":"【Hello-CTF labs】一个流量分析的研究辅助/学习靶场","archived":false,"fork":false,"pushed_at":"2025-06-06T15:18:17.000Z","size":3215,"stargazers_count":15,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-09T08:14:53.662Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ProbiusOfficial.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-07-17T03:06:18.000Z","updated_at":"2025-06-07T10:35:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"99dba99c-9cb9-4276-b067-fd6777d9bb83","html_url":"https://github.com/ProbiusOfficial/n3tfl0w-labs","commit_stats":null,"previous_names":["probiusofficial/n3tfl0w-labs"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ProbiusOfficial/n3tfl0w-labs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProbiusOfficial%2Fn3tfl0w-labs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProbiusOfficial%2Fn3tfl0w-labs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProbiusOfficial%2Fn3tfl0w-labs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProbiusOfficial%2Fn3tfl0w-labs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ProbiusOfficial","download_url":"https://codeload.github.com/ProbiusOfficial/n3tfl0w-labs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProbiusOfficial%2Fn3tfl0w-labs/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263426281,"owners_count":23464794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-09T08:12:57.458Z","updated_at":"2025-07-04T00:32:48.147Z","avatar_url":"https://github.com/ProbiusOfficial.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"## About\n\n\u003e hello-ctf.com 基础靶场计划，访问 [[hello-ctf.com 配套靶场]](https://hello-ctf.com/hc-labs/)  探索更多靶场。\n\n**n3tfl0w-labs** 一个流量分析靶场。\n\n和其他基础靶场一样，该靶场会从 0 到 1 带你入门流量分析这一方向。\n\n流量分析考点参考：\n\n```\n# WEB流量分析：\nHTTP流量分析 TLS流量分析\n非连续型流量 - SQL盲注\nAntSword / Godzilla / Behinder流量分析 \ncs通信流量\n# USB流量分析\n键盘流量分析 鼠标流量分析 数位板流量分析 手柄流量分析 打印机流量分析\n# 协议流量分析\nFTP/FTP-DATA / SMTP / Telnet / MQTT \n/ ICMP(TTL、DATA.len、DATA、ICMP.code) /\nTCP / UDP\n# 场景类 - 工控协议\nMMS / modbus / iec60870 /s7com / OMRON\n# 其他 / 特殊\n文件提取(dicom,ftp-data,http,imf,smb,tftp协议对象)\n蓝牙\n损坏流量恢复\n其他非连续性流量\n```\n\n**核心工具：[Wireshark](https://www.wireshark.org/)** / Tshark\n\n\n\n### 靶场模块\n\n如你所见，靶场有多个文件夹，每个文件夹又有独立的readme，这是因为流量分析是一个很广很广的领域，列举所有的情况是不可能的，只能根据比赛还有实际情况添加一些常用场景。\n\n可能会有一下内容：\n\n基础流量演示 - \n\nWebshell流量分析 - \n\n常见流量(比如Webshell流量)的解密逻辑和对应脚本 - \n\nTshark\n\n\n\n### 开源脚本\n\n[5ime / CS_Decrypt](https://github.com/5ime/CS_Decrypt)\n\n\u003e CobaltStrike流量解密脚本\n\n[melody27 / behinder_decrypt](https://github.com/melody27/behinder_decrypt)\n\n\u003e 冰蝎流量解密脚本\n\n[godzilla_decode](https://github.com/AlphabugX/godzilla_decode)\n\n\u003e 哥斯拉jsp(内存马)流量解密\n\n[Deco_Godzilla](https://github.com/nocultrue/Deco_Godzilla)\n\n\u003e 解密哥斯拉所有类型流量\n\n[kingkong](https://github.com/H4ckForJob/kingkong)\n\n\u003e 哥斯拉jsp类型的webshell流量解密\n\n[godzilla_decoder](https://github.com/think3t/godzilla_decoder)\n\n\u003e **[哥斯拉Godzilla](https://github.com/BeichenDream/Godzilla)** 加密流量分析的辅助脚本\n\n[P001water / UsbKbCracker](https://github.com/P001water/UsbKbCracker)\n\n\u003e CTF中常见键盘流量解密脚本\n\n[Mumuzi7179 / UsbKeyboard_Mouse_Hacker_Gui](https://github.com/Mumuzi7179/UsbKeyboard_Mouse_Hacker_Gui)\n\n\u003e 自带GUI的一键解鼠标流量/键盘流量小工具\n\n[WangYihang / UsbKeyboardDataHacker](https://github.com/WangYihang/UsbKeyboardDataHacker)\n\n\u003e USB键盘流量包取证工具 , 用于恢复用户的击键信息\n\n### 辅助工具\n\n一些可能会用到的流量分析相关软件：\n\n**[abc123info - BlueTeamTools](https://github.com/abc123info/BlueTeamTools)** \n\n\u003e 蓝队分析研判工具箱，可解密冰蝎流量、解密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload\n\n**[TrafficEye](https://github.com/CuriousLearnerDev/TrafficEye)**\n\n\u003e 蓝队网络流量分析,尤其针对 Web 应用的攻击（如 SQL 注入、XSS、WebShell 等）\n\n**[PotatoTool](https://github.com/HotBoy-java/PotatoTool)**\n\n\u003e 网络安全综合工具\n\n### Webshell相关\n\n#### webshell\n\n**中国菜刀** - https://github.com/raddyfiy/caidao-official-version\n\n**蚁剑流量分析**  - [releases-2.1.15](https://github.com/AntSwordProject/antSword/releases/tag/2.1.15) \n\n**哥斯拉流量** - [v4.0.1-godzilla](https://github.com/BeichenDream/Godzilla/releases/tag/v4.0.1-godzilla)\n\n**冰蝎**\n\n主要以最新Release为主，其他版本流量特征会有变更，有兴趣可依靠靶场环境自行研究。\n\n[Behinder_v4.1【t00ls专版】](https://github.com/rebeyond/Behinder/releases/tag/Behinder_v4.1%E3%80%90t00ls%E4%B8%93%E7%89%88%E3%80%91)\n\n反编译源码：[MountCloud/BehinderClientSource](https://github.com/MountCloud/BehinderClientSource)  \n\n\u003e  其他发行版本：[Behinder_v3.0.11【t00ls专版】](https://github.com/rebeyond/Behinder/releases/tag/Behinder_v3.0_Beta_11_for_tools) | [冰蝎 v2.0.1](https://github.com/rebeyond/Behinder/releases/tag/Behinder_v2.0.1) | [冰蝎v1.2.1](https://github.com/rebeyond/Behinder/releases/tag/Behinder_v1.2.1)\n\n#### 分析文章\n\n[【freebuf - 2021-08-22 - 哥斯拉Godzilla加密流量分析\u003c3.03\u003e】](https://www.freebuf.com/sectool/285693.html)\n\n### Q \u0026 A\n\n**历史上的流量分析赛题很多了 为什么要有这个项目？**\n\n：事实证明拿历史赛题来给新手讲流量分析是不可行的 \n\n“老师为什么他下载下来的文件还要解这么多层加密啊，webshell这么厉害么”\n\n “傻孩子，这不是webshell干的，这他妈是出题人的脑花!🧠”\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprobiusofficial%2Fn3tfl0w-labs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprobiusofficial%2Fn3tfl0w-labs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprobiusofficial%2Fn3tfl0w-labs/lists"}