关于macos的实用内容。
- macos-all
- 杀掉可恶的adobe进程
- 重启vmware虚拟机的网络服务
- 删除docker悬空镜像
- java 程序命令行启动设置代理
- 命令行多线程下载工具
- nessus 破解
- chrome系浏览器提示https打不开
- 一行命令解密VNC
- burpsuite 关闭http/2
- 获取16进制字符串
- 生成md文档目录
- frp内网穿透配置
- 搜索各种key的正则
- vim使用粘贴模式
- python一行代码生成随机字符串
- git清除已提交的敏感信息
- python3编码utf8导致的异或xor问题
- python实用的迭代器
- MacForge为扩展添加单独黑名单
- ToDesk Server进程自启问题
- Navicat连接sqlserver数据库不显示系统库
- 一行命令查询fofa
- 搜索可用的socks5代理
- 空格预览关联自定义文件类型
- MacOS端微信小程序反编译
- 编译安全(防止信息泄漏)
- MacOS深色主题下应用程序标题栏的适配问题
#! /bin/bash
ps -efh | grep Adobe | awk 'NR>1{print p, p1}{p=$2;p1=$8}'
ps -efh | grep Adobe | awk 'NR>1{print p}{p=$2}' | xargs kill
cd ~/Library/LaunchAgents && ls -l | grep com.adobe | awk '{print $9}' | xargs rm -rf
cd /Library/LaunchAgents && ls -l | grep com.adobe | awk '{print $9}' | xargs rm -rf
cd /Library/LaunchDaemons && ls -l | grep com.adobe | awk '{print $9}' | xargs rm -rf
rm -rf /Applications/Utilities/Adobe\ Creative\ Cloud/CCLibrary
rm -rf /Applications/Utilities/Adobe\ Creative\ Cloud/CCXProcess
rm -rf /Applications/Utilities/Adobe\ Creative\ Cloud/CoreSync
- 需要root权限
sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --stop
sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start
# fish shell
docker rmi (docker images -f "dangling=true" -q)
# bash shell
docker rmi $(docker images -f "dangling=true" -q)
java -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8080 -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8080 -jar xxx.jar
brew install axel
axel -n 20 http://xxxxxxxxxxxxxxxxxxxxxxxx
macos下脚本命名为 patch.sh
与 all-2.0.tar.gz
nessus-fetch.rc
一同放到/Library/Nessus/run/sbin/
目录下
#!/bin/bash
# Check root
if [ "$(whoami)" != "root" ]
then
echo "[!] Please use root, sudo ./patch.sh"
exit
fi
cd /Library/Nessus/run/sbin
echo '[...] Now updating from package...'
./nessuscli update ./all-2.0.tar.gz > nessuspatch.log
cp nessus-fetch.rc /Library/Nessus/run/etc/nessus/nessus-fetch.rc
VERSION=$(cat nessuspatch.log | grep -Eo '\d{12}' | head -n 1)
echo "[+] Get version: $VERSION"
echo '[...] Please restart nessus by manual...'
flag=n
while [ "$flag" != "y" ] && [ "$flag" != "Y" ]
do
read -r -p 'restart over?(y/n)> ' flag
done
VERSION=$(cat nessuspatch.log | grep -Eo '\d{12}' | head -n 1)
cat > /Library/Nessus/run/var/nessus/plugin_feed_info.inc <<EOF
PLUGIN_SET = "$VERSION";
PLUGIN_FEED = "ProfessionalFeed (Direct)";
PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";
EOF
echo '[+] Write to file success: /Library/Nessus/run/var/nessus/plugin_feed_info.inc'
cat /Library/Nessus/run/var/nessus/plugin_feed_info.inc
rm -rf /Library/Nessus/run/lib/nessus/plugins/plugin_feed_info.inc
echo '[+] Remove /Library/Nessus/run/lib/nessus/plugins/plugin_feed_info.inc success'
echo '[+] Patch Done, please restart nessus by manual...'
cd /Library/Nessus/run/sbin/
sudo chmod +x patch.sh
sudo ./patch.sh
macos的nessus没法通过shell脚本没法完全控制nessus服务启停,破解过程中需要手动重启一下nessus,注意脚本运行提示。
问题页面键盘直接敲thisisunsafe
6bcf2a4b6e5aca0f
解密: sT333ve2
echo -n 6bcf2a4b6e5aca0f | xxd -r -p | openssl enc -des-cbc --nopad --nosalt -K e84ad660c4721ae0 -iv 0000000000000000 -d
Project options ==> HTTP ==> HTTP/2 取消勾选http2支持
echo "test strxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx....." | xxd -c 1000000 -p -l 1000000
# 746573742073747278787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878782e2e2e2e2e0a
# 下载
curl https://raw.githubusercontent.com/ekalinin/github-markdown-toc/master/gh-md-toc -o gh-md-toc
chmod a+x gh-md-toc
# 使用
gh-md-toc file.md
gh-md-toc https://github.com/AbelChe/macos-all
frps.ini
[common]
bind_port = 21234
bind_addr = 0.0.0.0
frpc.ini
[common]
server_addr = vpsip
server_port = 21234
[http_proxy]
type = tcp
remote_port = 7777
plugin = socks5
挂socks5://vpsip:7777
burp使用
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]
vscode使用
((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-zA-Z\-_=]{8,64})['"]
当使用vim粘贴大段文字、代码的时候,很可能由于vim的缩进规则导致粘贴进来的文本格式错乱,这时我们可以使用粘贴模式进行输入
只需要使用如下指令,然后再次进入INSERT
模式,可见到左下角的提示变更为INSERT (paset)
,这时我们直接粘贴就可以保持原文格式了。
:set paste
import string
import random
''.join(random.choice(string.ascii_letters + string.digits) for _ in range(32))
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch path/to/file_to_del.txt' --prune-empty --tag-name-filter cat -- --all
git push origin --force --all
python3的编码一直以来都令人头疼,最近写东西,用到了python3的异或,逻辑没有问题,但是结果总是错误,几番折腾,发现是python3编码的问题,多方求助未果,遂上谷歌,找到了解决方案。 感谢这位大佬剖析和解决方案:https://jiayu0x.com/2019/05/26/The_right_way_to_xor_encoding_with_python3/
# 第一种方案
def xor_crypt(data, key):
cipher_data = []
len_data = len(data)
len_key = len(key)
for idx in range(len_data):
bias = key[idx % len_key]
curr_byte = data[idx]
cipher_data.append(bias ^ curr_byte)
return bytearray(cipher_data)
# 第二种方案
def XORCrypt(data, key):
return bytearray(a^b for a, b in zip(*map(bytearray, [data, key])))
# key固定的情况下
bytes(a^key for a in data_input)
- 从几个字符中生成所有组合
import itertools
SEED = '12ab'
def strGenter(min, max):
for n in range(min, max):
for i in itertools.product(SEED, repeat=n):
yield i
# 从12ab四个字符,生成长度为5的所有组合
for i in strGenter(5, 6):
print(i)
# (1, 1, 1, 1, 1) (1, 1, 1, 1, 2) (1, 1, 1, 1, 'a') ................('b', 'b', 'b', 'b', 'b')
# 从12ab四个字符,生成长度为6、7、8、9的所有组合
for i in strGenter(6, 10):
print(i)
MacForge是一款mac系统插件扩展工具,可以安装各种非常实用的扩展功能,比如moremenu
moremenu可以折叠起应用菜单栏,为顶栏释放更多空间,但是很多应用收起菜单栏之后可能会导致程序崩溃,比如网易云音乐.app
因为其他插件能够正常使用,所以只需要屏蔽这一个插件即可
只需要修改该插件包中的黑名单文件即可,比如网易云音乐,讲id添加进去即可<string>com.netease.163music</string>
/Library/Application Support/MacEnhance/Plugins/moreMenu.bundle/Contents/Resources/globalBlacklist.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<string>com.apple.loginwindow</string>
<string>com.netease.163music</string>
</array>
</plist>
ToDesk server进程后台自启,kill之后还是会启动 可以这样干掉
sudo launchctl unload /Library/LaunchDaemons/com.youqu.todesk.service.plist
macos版的设置和windows版的位置不同
windows版本,菜单栏“工具” “选项” “常规” 勾选“显示系统项目”
macos版本,菜单栏“查看”勾选“显示隐藏的项目”
echo -n 'app="Microsoft-Outlook" && icon_hash="1768726119" && country!="CN"' | base64 | xargs -I '{}' curl -s 'https://fofa.info/api/v1/search/[email protected]&key=xxxxxxxxxxxxxxxxxxxxxxxx&size=100&fields=host&qbase64={}' | jq '.results[]' | sed 's/\"//g'
- fofa 修改url中的email和key
echo -n 'protocol="socks5" && "Version:5 Method:No Authentication(0x00)" && after="2023-02-01"' | \
base64 | \
xargs -S 40960 -I '{}' curl -s 'https://fofa.info/api/v1/search/[email protected]&key=xxxxxxxxxxxxxxxxxxx&size=500&fields=host&qbase64={}' | \
jq -r '.results[]' | \
xargs -I \{\} \
bash -c 'echo -n {} && ip=$(curl -s ipinfo.io --connect-timeout 3 -m 5 --proxy socks5://{} | jq -r ".ip") && if [ $? -eq 0 ] && [ $ip ]; then printf " OK\n";echo {} >> /tmp/proxylist.txt; else echo ""; fi'; \
echo ----------------- && \
sort -k2n /tmp/proxylist.txt | sed '$!N; /^\(.*\)\n\1$/!P; D'
- zoomeye 修改请求头中的API-KEY
for i in `seq 1 15`; do \
echo -n 'service:"socks5" +after:"2023-02-01" +banner:"Version:5 Method:No Authentication(0x00)"' | \
xargs -S 40960 -I \{\} curl -s -G --data-urlencode "query={}" "https://api.zoomeye.org/host/search?page=$i" -H "API-KEY:56xxxxxxxxxxxxxxxxxxxx86" | \
jq -r '.matches[] | [.ip, .portinfo.port] | join(":")' | \
xargs -I \{\} \
bash -c 'echo -n {} && ip=$(curl -s ipinfo.io --connect-timeout 3 -m 5 --proxy socks5://{} | jq -r ".ip") && if [ $? -eq 0 ] && [ $ip ]; then printf " OK\n";echo {} >> /tmp/proxylist.txt; else echo ""; fi'; \
done; \
echo ----------------- && \
sort -k2n /tmp/proxylist.txt | sed '$!N; /^\(.*\)\n\1$/!P; D'
- 360 quake 修改请求头中的X-QuakeToken
echo -n 'country: "China" AND service:"socks5" AND response:"Version: 5 Accepted Auth Method: 0x0 (No authentication)"' | \
awk '{ gsub(/"/,"\\\\\\\\\\\\\\""); print $0 }' | \
xargs -S 40960 -I \{\} curl -s -X POST -H "X-QuakeToken: xxxxxxxxxxxxxxxxxxxxxxx" -H "Content-Type: application/json" https://quake.360.net/api/v3/search/quake_service -d '{"query": "{}", "start": 0, "size": 200}' | \
jq -r '.data[] | [.ip,.port] | join(":")' | \
xargs -I \{\} \
bash -c 'echo -n {} && ip=$(curl -s ipinfo.io --connect-timeout 3 -m 5 --proxy socks5://{} | jq -r ".ip") && if [ $? -eq 0 ] && [ $ip ]; then printf " OK\n";echo {} >> /tmp/proxylist.txt; else echo ""; fi'; \
echo ----------------- && \
sort -k2n /tmp/proxylist.txt | sed '$!N; /^\(.*\)\n\1$/!P; D'
MacOS安装quick-look-plugins之后仍然无法预览jsp asp等文件,解决方法参考:https://www.jianshu.com/p/7a4dc9324fa7
获取扩展名对应的值
mdls -name kMDItemContentType ./file.xxx
留存一下我常用的后缀吧:
| name | kMDItemContentType |
| :------- | :--------------------------- |
| .aspx | dyn.ah62d4rv4ge80c65uta |
| .asp | dyn.ah62d4rv4ge80c65u |
| .jsp | dyn.ah62d4rv4ge80y65u |
| .jspx | dyn.ah62d4rv4ge80y65uta |
| .ashx | dyn.ah62d4rv4ge80c65kta |
| .cna | dyn.ah62d4rv4ge80g5xb |
| .nse | dyn.ah62d4rv4ge80665f |
| .profile | dyn.ah62d4rv4ge81a6xtq3y023k |
打开~/Library/QuickLook/QLColorCode.qlgenerator/Contents/Info.plist
,使用xcode或者文本编辑器都行
xcode的话直接在Document types > Item 0 > Document Content Type UTIs (CFBundleDocumentTypes > Item 0 > LSItemContentTypes
添加即可
open ~/Library/QuickLook/QLColorCode.qlgenerator/Contents/Info.plist
vscode等文本编辑器的话,在<key>LSItemContentTypes</key>
字段中添加如下
<string>dyn.ah62d4rv4ge80c65uta</string>
<string>dyn.ah62d4rv4ge80c65u</string>
<string>dyn.ah62d4rv4ge80y65u</string>
<string>dyn.ah62d4rv4ge80g5xb</string>
<string>dyn.ah62d4rv4ge80665f</string>
<string>dyn.ah62d4rv4ge80c65kta</string>
<string>dyn.ah62d4rv4ge80y65uta</string>
<string>dyn.ah62d4rv4ge81a6xtq3y023k</string>
3.8以上版本的MacOS端的微信可以直接获取到未加密的微信小程序包,路径如下:
/Users/AbelChe/Library/Containers/com.tencent.xinWeChat/Data/.wxapplet/packages
直接使用wxappUnpacker解包即可
各种编译类语言编译的可执行文件中默认会将我们的本地路径包含进去,看似无关紧要的信息有时可能会成为致命危害(比如编译的程序被分析,抓到ID,被溯源)
这完全可以通过一些配置、参数将不必要的风险扼杀。
最好的通杀解决方法就是不要使用带有自己ID的机器进行编译,比如可以使用虚拟机,但是这偶尔也会有环境搭建的重复工作。
这里给出几种语言的解决方案
以直接修改.csproj文件
<Project>
<!-- ... -->
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<PropertyGroup>
<!-- after 'Microsoft.CSharp.targets' for 'IntermediateOutputPath' to be defined -->
<PathMap>$(MSBuildProjectDirectory)\$(IntermediateOutputPath)=.</PathMap>
</PropertyGroup>
</Project>
MacOS上交叉编译去除符号链接,修改~/.cargo/config
[target.x86_64-pc-windows-gnu]
rustflags = [
"-C", "link-arg=-s",
]
但是仅仅这样并不能完全去除敏感路径信息,还会有一些依赖库文件的绝对路径暴露 暴力一点,直接替换敏感信息字段吧,比如将“/Users/Name”全局替换为"/Users/1234"
ps:替换后的字符数量要和之前保持一致
比如Burpsuite启动之后,修改burp主题,标题栏仍然是可恶的白色,可以在info.plist文件30行附近添加NSRequiresAquaSystemAppearance
选项
<dict>
......
<key>NSRequiresAquaSystemAppearance</key>
<false/>
...
</dict>
其他java应用程序可以在命令行启动时候添加如下参数:
-Dapple.awt.application.appearance=system