CCCougar/main.go

## main.go
// 获得进程快照信息和netstate -an的信息base64编码后以POST数据的形式上传到相应地址
package main

import (
	"bytes"
	"encoding/base64"
	"flag"
	"fmt"
	"io/ioutil"
	"net/http"
	"strconv"

	"github.com/cakturk/go-netstat/netstat"
	winps "github.com/mitchellh/go-ps"
)

func handlerr(err error) {
	if err != nil {
		panic(err)
	}
}

func getProcessList() string {
	processes, err := winps.Processes()
	handlerr(err)

	var processInfo string = ""
	processInfo += fmt.Sprintf("%s\t%s\t%s\n", "Pid", "PPid", "Executable name")
	for _, process := range processes {
		processInfo += fmt.Sprintf("%s\t%s\t%s\n", strconv.Itoa(process.Pid()), strconv.Itoa(process.PPid()), process.Executable())
	}

	return processInfo
}

func getUDPSockets() string {
	// UDP sockets
	socks, err := netstat.UDPSocks(netstat.NoopFilter)
	handlerr(err)

	var udpConn string = ""
	udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "Proto", "Local Address", "Foreign Address", "Process Name")

	for _, e := range socks {
		udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "UDP", e.LocalAddr.String(), e.RemoteAddr.String(), e.Process.Name)
	}

	return udpConn
}

func getTCPSockets() string {
	socks, err := netstat.TCPSocks(netstat.NoopFilter)
	handlerr(err)

	var tcpConn string = ""
	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "Proto", "Local Address", "Foreign Address", "State", "Process Name")
	for _, e := range socks {
		if e.Process != nil {
			tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), e.Process.Name)
		} else {
			tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), "")
		}
	}

	return tcpConn
}

func main() {
	var AllData string = ""

	processInfo := getProcessList()
	udpConn := getUDPSockets()
	tcpConn := getTCPSockets()

	AllData += processInfo
	AllData += tcpConn
	AllData += udpConn

	AllDataBase64 := base64.StdEncoding.EncodeToString([]byte(AllData))

	var postAPI = flag.String("url", "", "post API, like \"http://127.0.0.1/myapi\"")
	var verboseFlag = flag.Bool("v", false, "enable verbose mode")

	flag.Parse()

	if *verboseFlag {
		fmt.Println(AllData)
	}
	// fmt.Println(*postAPI)

	res, err := http.Post(*postAPI,
		"application/text;charset=utf-8", bytes.NewBuffer([]byte(AllDataBase64)))
	if err != nil {
		fmt.Println("Fatal error ", err.Error())
	}
	defer res.Body.Close()

	content, err := ioutil.ReadAll(res.Body)
	if err != nil {
		fmt.Println("Fatal error ", err.Error())
	}
	fmt.Println(content)
}
	// 获得进程快照信息和netstate -an的信息base64编码后以POST数据的形式上传到相应地址
	package main

	import (
	"bytes"
	"encoding/base64"
	"flag"
	"fmt"
	"io/ioutil"
	"net/http"
	"strconv"

	"github.com/cakturk/go-netstat/netstat"
	winps "github.com/mitchellh/go-ps"
	)

	func handlerr(err error) {
	if err != nil {
	panic(err)
	}
	}

	func getProcessList() string {
	processes, err := winps.Processes()
	handlerr(err)

	var processInfo string = ""
	processInfo += fmt.Sprintf("%s\t%s\t%s\n", "Pid", "PPid", "Executable name")
	for _, process := range processes {
	processInfo += fmt.Sprintf("%s\t%s\t%s\n", strconv.Itoa(process.Pid()), strconv.Itoa(process.PPid()), process.Executable())
	}

	return processInfo
	}

	func getUDPSockets() string {
	// UDP sockets
	socks, err := netstat.UDPSocks(netstat.NoopFilter)
	handlerr(err)

	var udpConn string = ""
	udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "Proto", "Local Address", "Foreign Address", "Process Name")

	for _, e := range socks {
	udpConn += fmt.Sprintf("%s\t%s\t%s\t\t%s\n", "UDP", e.LocalAddr.String(), e.RemoteAddr.String(), e.Process.Name)
	}

	return udpConn
	}

	func getTCPSockets() string {
	socks, err := netstat.TCPSocks(netstat.NoopFilter)
	handlerr(err)

	var tcpConn string = ""
	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "Proto", "Local Address", "Foreign Address", "State", "Process Name")
	for _, e := range socks {
	if e.Process != nil {
	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), e.Process.Name)
	} else {
	tcpConn += fmt.Sprintf("%s\t%s\t%s\t%s\t%s\n", "TCP", e.LocalAddr.String(), e.RemoteAddr.String(), e.State.String(), "")
	}
	}

	return tcpConn
	}

	func main() {
	var AllData string = ""

	processInfo := getProcessList()
	udpConn := getUDPSockets()
	tcpConn := getTCPSockets()

	AllData += processInfo
	AllData += tcpConn
	AllData += udpConn

	AllDataBase64 := base64.StdEncoding.EncodeToString([]byte(AllData))

	var postAPI = flag.String("url", "", "post API, like \"http://127.0.0.1/myapi\"")
	var verboseFlag = flag.Bool("v", false, "enable verbose mode")

	flag.Parse()

	if *verboseFlag {
	fmt.Println(AllData)
	}
	// fmt.Println(*postAPI)

	res, err := http.Post(*postAPI,
	"application/text;charset=utf-8", bytes.NewBuffer([]byte(AllDataBase64)))
	if err != nil {
	fmt.Println("Fatal error ", err.Error())
	}
	defer res.Body.Close()

	content, err := ioutil.ReadAll(res.Body)
	if err != nil {
	fmt.Println("Fatal error ", err.Error())
	}
	fmt.Println(content)
	}