• A+



#要求root权限git clone LinuxEmergencysh ./



[[email protected] emergency]# python -o
内核版本 : Linux-3.10.0-514.26.2.el7.v7.4.qihoo.x86_64-x86_64-with-centos-7.2.1511-Core CORE数量 : 16 CPU数量 : 16 CPU使用率 : scputimes(user=1.0, nice=0.0, system=0.0, idle=15.0, iowait=0.0, irq=0.0, softirq=0.0, steal=0.0, guest=0.0, guest_nice=0.0) 内存总量 : 33736994816 内存使用率 : 5.1
[[email protected] emergency]#


[[email protected] emergency]# python -k内核模块 : nfnetlink_queue  来源  :内核模块 : nfnetlink_log  来源  :内核模块 : nfnetlink  来源  :  nfnetlink_log,nfnetlink_queue内核模块 : bluetooth  来源  :


[[email protected] emergency]# python -l192.168.100.35  失败192.168.100.31  失败127.0.0.1  失败192.168.100.20  成功


#  成功的 -s[[email protected] emergency]# python -s | more账户 : emergency    时间 : 2017-08-09-11:20  来源 : (账户 : emergency    时间 : 2017-08-09-14:34  来源 : (账户 : root    时间 : 2017-09-28-12:38  来源 : (账户 : root    时间 : 2017-09-28-12:46  来源 : (账户 : root    时间 : 2017-09-28-13:13  来源 : (
# 失败的 -f[[email protected] emergency]# python -f | more账户 : emergency 时间 : 来源 : Jul-6-21:27---21:27账户 : emergency 时间 : 来源 : Jul-6-21:25---21:25账户 : admin 时间 : 来源 : Jul-5-15:32---15:32
# 如果需要指定IP 加-i参数 ,例如 -i;


#  列表信息[[email protected] emergency]# python -a***********************************************************************************************************进程ID号: 2     进程名称: kthreadd     进程用户: root     启动时间: 2018-06-16 07:40:48CPU占比: 0.0%     内存占比: 0.0%网络连接:**********************************************************************************************************************************************************************************************************************进程ID号: 3     进程名称: ksoftirqd/0     进程用户: root     启动时间: 2018-06-16 07:40:48CPU占比: 0.0%     内存占比: 0.0%网络连接:***********************************************************************************************************...
## 详细信息[[email protected] emergency]# python -p 28344***********************************************************************************************************进程ID号: 28344 进程名称: screen 进程用户: emergency 启动时间: 2018-06-22 13:25:30工作路径: /home/emergency/进程命令: SCREEN父母进程: 1亲子进程: [28345]CPU占比: 0.0% 内存占比: 0.0046135703802%网络连接:进程环境: 终端会话 : /bin/bash 安全会话 : 登录账户 : emergency 工作账户 : emergency 权限路径 : /usr/lib64/ccache:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/emergency/tools:/usr/local/bin:/usr/local/sbin:/usr/local/python3/bin:/home/emergency/.local/bin:/home/emergency/bin 用户目录 : /home/emergency


# 检查样本[[email protected] emergency]# python -f ./LICENSE******************************************检测时间: 2018-07-09 07:31:04报毒数量: 0报毒引擎: []引擎总数: 59******************************************
# 检查URL[[email protected] emergency]# python -u******************************************检测时间: 2018-07-09 16:33:29关联样本: 0关联连接: 0关联域名: 0******************************************
# 检查域名[[email protected] emergency]# python -d******************************************检测时间: 2018-07-09 16:33:35关联样本: 202关联连接: 100关联域名: 8******************************************
# 检查IP[[email protected] emergency]# python -a******************************************检测时间: 2018-07-09 16:34:05关联样本: 135关联连接: 93关联域名: 592******************************************


[[email protected] emergency]# python -d baidu.comDomain Name: baidu.comRegistry Domain ID: 11181110_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.markmonitor.comRegistrar URL: http://www.markmonitor.comUpdated Date: 2017-07-27T19:36:28-0700Creation Date: 1999-10-11T04:05:17-0700Registrar Registration Expiration Date: 2026-10-11T00:00:00-0700Registrar: MarkMonitor, Inc.Registrar IANA ID: 292Registrar Abuse Contact Email: [email protected]Registrar Abuse Contact Phone: +1.2083895740Domain Status: clientUpdateProhibited ( Status: clientTransferProhibited ( Status: clientDeleteProhibited ( Status: serverUpdateProhibited ( Status: serverTransferProhibited ( Status: serverDeleteProhibited ( Organization: Beijing Baidu Netcom Science Technology Co., Ltd.Registrant State/Province: BeijingRegistrant Country: CNAdmin Organization: Beijing Baidu Netcom Science Technology Co., Ltd.Admin State/Province: BeijingAdmin Country: CNTech Organization: Beijing Baidu Netcom Science Technology Co., Ltd.Tech State/Province: BeijingTech Country: CNName Server: Server: Server: Server: Server: unsignedURL of the ICANN WHOIS Data Problem Reporting System:>>> Last update of WHOIS database: 2018-07-09T02:21:59-0700 <<<
If certain contact information is not shown for a Registrant, Administrative,or Technical contact, and you wish to send a message to these contacts, pleasesend your message to [email protected] and specify the domain name inthe subject line. We will forward that message to the underlying contact.
If you have a legitimate interest in viewing the non-public WHOIS details, sendyour request and the reasons for your request to [email protected]and specify the domain name in the subject line. We will review that request andmay ask for supporting documentation and explanation.
The Data in's WHOIS database is provided by forinformation purposes, and to assist persons in obtaining information about orrelated to a domain name registration record. does not guaranteeits accuracy. By submitting a WHOIS query, you agree that you will use this Dataonly for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to (or its systems) reserves the right to modify these terms at any time.By submitting this query, you agree to abide by this policy.
MarkMonitor is the Global Leader in Online Brand Protection.
MarkMonitor Domain Management(TM)MarkMonitor Brand Protection(TM)MarkMonitor AntiPiracy(TM)MarkMonitor AntiFraud(TM)Professional and Managed Services
Visit MarkMonitor at http://www.markmonitor.comContact us at +1.8007459229In Europe, at +44.02032062220
For more information on Whois status codes, please visit



git clone


    parser.add_option("-f", "--floder",dest="filepath",help="access log file path")    parser.add_option("-t", "--time",dest="accesstime",help="set search time")    parser.add_option("-d", "--date",dest="accessdate",help="set search date")    parser.add_option("-c", "--count",action='store_true',dest="count",help="show count information")    parser.add_option("-p", "--payload",dest="payload",help="set search payload")    parser.add_option("-a","--address",dest="ipaddress",help="set search ipaddress")    parser.add_option("-v", "--version",action='store_true',dest="version",help="show document")    parser.add_option("-i","--detail",action='store_true',dest="detail",help="show detail")    parser.add_option("-s","--shell",action='store_true',dest="webshell",help="show suspicious webshell")    parser.add_option("-g","--ipflag",dest="ipposition",help="ip position in logfile")    parser.add_option("-n","--name",dest="filename",help="filename flag")


:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: