{"id":18879064,"url":"https://github.com/zhuima/whoamifuck","last_synced_at":"2025-07-06T13:06:29.777Z","repository":{"id":259236586,"uuid":"876693760","full_name":"zhuima/Whoamifuck","owner":"zhuima","description":"用于Linux应急响应，快速排查异常用户登录情况和入侵信息排查，准确定位溯源时间线，高效辅助还原攻击链。","archived":false,"fork":false,"pushed_at":"2024-11-01T06:56:39.000Z","size":272,"stargazers_count":21,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-14T19:11:31.718Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zhuima.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-10-22T12:04:41.000Z","updated_at":"2025-02-11T07:03:03.000Z","dependencies_parsed_at":"2024-11-08T06:33:20.764Z","dependency_job_id":"847b2d42-1648-41f5-9f9e-afa09206913a","html_url":"https://github.com/zhuima/Whoamifuck","commit_stats":null,"previous_names":["zhuima/whoamifuck"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/zhuima/Whoamifuck","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zhuima%2FWhoamifuck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zhuima%2FWhoamifuck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zhuima%2FWhoamifuck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zhuima%2FWhoamifuck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zhuima","download_url":"https://codeload.github.com/zhuima/Whoamifuck/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zhuima%2FWhoamifuck/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263905746,"owners_count":23527972,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T06:33:01.381Z","updated_at":"2025-07-06T13:06:29.747Z","avatar_url":"https://github.com/zhuima.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Whoamifuck\n\nWhoamifuck 是 zhuima 的第一个 `Rust` 命令行开源工具。这是一个最初由 Shell 编写的用于检测入侵者的工具，本人使用Rust复刻了 Shell 版的完整的功能。\n\n本仓库是`Rust`版本，Shell 版请参考[原版](https://github.com/enomothem/Whoamifuck)\n\n![alt text](./docs/demo.png)\n\n\n## 功能特点\n\n- 快速命令用于基本操作\n- 特殊命令用于高级操作\n- 风险评估命令\n- 杂项命令用于各种任务\n- 输出命令用于生成报告\n\n## 安装\n\n首先，确保您的系统上安装了 Rust。如果没有，请访问 [Rust 官网](https://www.rust-lang.org/) 进行安装。\n\n然后，克隆此仓库并编译项目：\n\n```bash\ngit clone https://github.com/zhuima/Whoamifuck.git\ncd Whoamifuck\nmake all\n```\n\n\n## 程序流程图\n\n以下是 Whoamifuck 主要程序流程的时序图：\n\n```mermaid\nsequenceDiagram\n    actor User\n    participant Main\n    participant Cli\n    participant Commands\n    participant Special\n    participant System\n\n    User-\u003e\u003eMain: Run program\n    activate Main\n\n    Main-\u003e\u003eCli: parse()\n    activate Cli\n    Cli--\u003e\u003eMain: Parsed CLI\n    deactivate Cli\n\n    Main-\u003e\u003eCommands: match command\n    activate Commands\n\n    alt Quick command\n        Commands-\u003e\u003eMain: Print \"QUICK: {quick:?}\"\n    else Special command\n        Commands-\u003e\u003eSpecial: run()\n        activate Special\n        Special-\u003e\u003eSystem: new_all()\n        activate System\n        System--\u003e\u003eSpecial: system\n        Special-\u003e\u003eSystem: refresh_all()\n        \n        alt proc_serv flag set\n            Special-\u003e\u003eSpecial: fk_procserv(\u0026system)\n            Special-\u003e\u003eSystem: processes()\n            System--\u003e\u003eSpecial: process list\n        end\n        \n        alt port flag set\n            Special-\u003e\u003eSpecial: fk_portstatus(\u0026system)\n            Special-\u003e\u003eSystem: networks()\n            System--\u003e\u003eSpecial: network data\n        end\n        \n        alt os_status flag set\n            Special-\u003e\u003eSpecial: check_system_status(\u0026system)\n            Special-\u003e\u003eSystem: various system info calls\n            System--\u003e\u003eSpecial: system information\n        end\n        \n        Special--\u003e\u003eCommands: Result\n        deactivate Special\n        deactivate System\n        \n        alt Error occurred\n            Commands-\u003e\u003eMain: Print error and exit(1)\n        end\n    else Risk command\n        Commands-\u003e\u003eMain: Print \"RISK: {risk:?}\"\n    else Misc command\n        Commands-\u003e\u003eMain: Print \"MISC: {misc:?}\"\n    else Output command\n        Commands-\u003e\u003eMain: Print \"OUTPUT: {output:?}\"\n    else No command (None)\n        Commands-\u003e\u003eCli: parse_from([\"Whoamifuck\", \"--help\"])\n        Cli--\u003e\u003eCommands: Help information\n        Commands-\u003e\u003eMain: Print help and exit(0)\n    end\n\n    deactivate Commands\n\n    Main--\u003e\u003eUser: Program output\n    deactivate Main\n```\n\n\n\n## 自动补全\n\n#### 生成 Bash 补全脚本：\n\n```bash\nyum install -y bash-completion  # 或 apt-get install bash-completion\nsource \u003c(whoamifuck complete bash)\necho 'source \u003c(whoamifuck complete bash)' \u003e\u003e ~/.bashrc\n```\n\n#### 生成 Zsh 补全脚本：\n\n```bash\nsource \u003c(whoamifuck complete zsh)\necho 'source \u003c(whoamifuck complete zsh)' \u003e\u003e ~/.zshrc\n```\n\n\n## 使用指南\n\nWhoamifuck 使用 Clap 库来构建命令行界面。以下是主要命令的使用方法：\n\n### 快速命令 (quick)\n\n用于基本操作：\n\n```bash\n./whoamifuck quick --user-device \u003c设备名\u003e --login \u003c登录名\u003e [--nomal] [--all]\n```\n\n\n- `--user-device`：用户设备名称\n- `--login`：用户登录名（默认值：`/var/log/secure;/var/log/auth.log`）\n- `--nomal`：基本输出\n- `--all`：完整输出\n\n### 特殊命令 (special)\n\n用于高级操作：\n\n```bash\n./whoamifuck special --user-device \u003c设备名\u003e --login \u003c登录名\u003e [--nomal] [--all]\n```\n\n\n\n- `--proc-serv`：检查用户进程和服务状态\n- `--port`：检查用户端口开放状态\n- `--os-status`：检查系统状态信息\n\n### 风险评估命令 (risk)\n\n```bash\n./whoamifuck risk --user-device \u003c设备名\u003e --login \u003c登录名\u003e [--nomal] [--all]\n```\n\n\n\n\n- `--baseline`：安全基线检查\n- `--risk`：检查系统漏洞信息\n- `--rootkitcheck`：检查系统 rootkit 信息\n- `--webshell`：检查 Web shell 信息（默认值：`/var/www/;/www/wwwroot/..`）\n\n### 杂项命令 (misc)\n\n```bash\n./whoamifuck misc --user-device \u003c设备名\u003e --login \u003c登录名\u003e [--nomal] [--all]\n```\n\n\n- `--code`：检查页面存活状态\n- `--sqletlog`：检查用户信息\n- `--auto-run`：设置 crontab 信息\n- `--ext`：自定义命令定义测试（默认值：`~/.whok/chief-inspector.conf`）\n\n### 输出命令 (output)\n\n\n\n```bash\n./whoamifuck output \n```\n\n\n- `--output`：输出到文件\n- `--html`：输出到终端（HTML 格式）\n\n## 示例\n\n\n进行安全基线检查并生成 HTML 报告：\n\n\n```bash\n./whoamifuck output --html\n```\n\n\n## 贡献\n\n欢迎提交 Pull Requests 来改进这个工具。在提交之前，请确保您的代码符合项目的编码规范并通过所有测试。\n\n\n## 许可证\n\n[MIT](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzhuima%2Fwhoamifuck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzhuima%2Fwhoamifuck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzhuima%2Fwhoamifuck/lists"}