Git Product home page Git Product logo

Comments (6)

0x7Fancy avatar 0x7Fancy commented on August 20, 2024

项目未通过404星链计划技术评审环节,期待项目后续的更新和迭代,随时欢迎再次投稿

from 404starlink.

L-codes avatar L-codes commented on August 20, 2024

@0x7Fancy 请问通过技术评审环节的条件是?

from 404starlink.

0x7Fancy avatar 0x7Fancy commented on August 20, 2024

在技术审核环节,星链评审组一般会根据:1. 项目属于计算机安全范畴,2. 项目完整开源,3. 项目源码内不包含恶意代码,4. 项目具有一定的实用价值,5. 项目可以正常部署和使用,等诸多方面进行评估

from 404starlink.

L-codes avatar L-codes commented on August 20, 2024

@0x7Fancy 那请问可以反馈一下 是上面哪个条件 导致审核不通过?

from 404starlink.

0x7Fancy avatar 0x7Fancy commented on August 20, 2024

404星链计划评审组根据该工具目前版本情况,评审细节如下:

  1. UDP扫描无法正常工作
  2. 端口范围指定所提供的 rce/mac 等 portGroup 选项,只能通过源码知道有哪些
  3. 扫描核心部分仅使用 Golang socket 标准库进行实现,学习和借鉴意义较低
  4. 与同类工具对比,目前仅能判断端口开放情况,不能获取端口信息(如: services/banner),实用价值有待增强

from 404starlink.

L-codes avatar L-codes commented on August 20, 2024

感谢评审组的细节反馈,但想对上面4点进行回应:

  1. 非管理员权限目前无法解决,已在TODO列表计划中,但目前主要用于出网测试,我多次实战该功能对ACL测试很有用,参考示例3
  2. 看源码是错误的阅读性方式,正常阅读应该是看README port-group部分,进行了解与贡献维护,由upload_portgroup.rb进行更新,我也不看源码,实战输入端口组名,比输入ip要快速方便
  3. 跟第一点是同一个问题,后续会引入 SYN ACK NULL 等扫描技术
  4. 与同类工具对比,拥有一套自动放弃Filtered状态过多的扫描机制和战术性的UI,并且 端口信息(如: services/banner) 等不计划加入,原因是深度的扫描顺序并不利于红队的实战,应该广度顺序进行,快速探测完端口,再进一步根据端口情况进行指纹探测和进一步利用,这样才能在大型内网中减少告警且快速探测到网络状况(端口信息高级复杂的收集管理过程,不应该引入需要落地的文件,加大维护成本)

综上,请问是否不能满足2、4两条的端口扫描器,无法纳入404StarLink? @0x7Fancy

from 404starlink.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.