Features

Installation

1. Download dowse on a GNU/Linux box (we use Devuan Ascii)

git clone https://github.com/dyne/dowse dowse-src
cd dowse-src && git submodule update --init --recursive

2. Install all requirements, here below the list of packages. To avoid installing more than needed, consider using the --no-install-recommends flag in APT or similar for other package managers.

zsh iptables build-essential autoconf automake libhiredis-dev libkmod-dev libjemalloc-dev pkg-config libtool libltdl-dev libsodium-dev libldns-dev libnetfilter-queue-dev uuid-dev zlib1g-dev cmake liblo-dev nmap python3-flask python3-redis xmlstarlet wget libcap2-bin

3. Choose which user should be running dowse: your own is fine, or eventually create one just for that to separate filesystem permissions.
4. As the user of choice, run make inside the dowse source
5. As root, run make install
6. If necessary edit the files in the /etc/dowse folder, especially settings where it should be indicated the address for the local network you like to create.
7. As the dowse user of choice and inside the source, fire up the startup script ./start.sh

Embedded ARM devices

Starting Dowse

#/usr/bin/env zsh

source /etc/dowse/settings
source /usr/local/dowse/zshrc

    notice "Starting Dowse"

# start the redis daemon (core k/v service)
    start redis-server

 notice "Starting all daemons in Dowse"

# launch the dhcp daemon
    start dhcpd

# start the dns encrypted tunneling
    start dnscrypt-proxy

# start the mqtt/websocket hub
 start mosquitto

# netdata dashboard for the technical status
    start netdata

# nodejs/node-red
 start node-red

# start the cronjob handler (with resolution to seconds)
 start seccrond

    notice "Dowse succesfully started"

}

echo "set party-mode ON" | redis-cli

#/usr/bin/env zsh

source /usr/local/dowse/zshrc

 notice "Stopping all daemons in Dowse"

 stop seccrond

 stop mosquitto

# stop nodejs/node-red
 stop node-red

# stop the dashboard
    stop netdata

# stop the dns crypto tunnel
    stop dnscrypt-proxy

# stop the dhcp server
    stop dhcpd

# remove the layer 3 firewall rules
    iptables-snat-off
    iptables-stop

# restore backup if present
# [[ -r /etc/resolv.conf.dowse-backup ]] &&  {
#     mv /etc/resolv.conf.dowse-backup /etc/resolv.conf
# }

    stop redis-server

    notice "Dowse has stopped running."

Visualization

dowse-to-gource | gource --log-format custom -

ssh dowse@dowse.it -- dowse-to-gource | gource --log-format custom -

Experimentation

dowse-to-osc osc.udp://10.0.0.2:999

Development

cd ops
vagrant up

Asscii流程图绘制


网址: http://www.asciiflow.com/


本人奉行极简主意，文档使用markdown,自然流程图也使用文本最好。这是一个强大的在线ASSCII图形绘制工具。


下面是个demo

+------------+        
    +---> | BaseClass  | <-- code="" ubclassa="" ubclassb="">-->

正则表达式测试

检测你的服务器的网速

番茄工作法的计时小工具

在线移动应用原型制作

管理搜藏

在线SVG编辑工具

tinypng 图片压缩

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. 

• the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ...
• an old server which still running the same (inactive and unmaintained) website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an outdated and unmaintained website version of the current active one, it is likely vulnerable for various exploits. It might be easier to find SQL injections and access the database of the old website and abuse this information to use on the current and active website.

Usage

• -d --domain: domain to bypass
• -o --outputfile: output file with IP's
• -l --listsubdomains: list with subdomains for extra coverage
• -a --checkall: Check all subdomains for a WAF bypass

Requirements (optional)

Background information

WAF Bypass explanation

Further exploitation

• Edit your host-file, which is a system-wide solution. You can find your host-file at /etc/hosts(Linux/Mac) or c:\Windows\System32\Drivers\etc\hosts (Windows). Add an entry like this: 80.40.10.22 vincentcox.com.
• Burp Suite: 

How to protect against this script?

• If you use a firewall, make sure to accept only traffic coming through the firewall. Deny all traffic coming directly from the internet. For example: Cloudflare has a list of IP's which you can whitelist with iptables or UFW. Deny all other traffic.
• Make sure that no old servers are still accepting connections and not accessible in the first place

For who is this script?

• Security auditors
• Web administrators
• Bug bounty hunters
• Blackhatters I guess ¯\_(ツ)_/¯

Web services used in this script

• SecurityTrails
• CrimeFlare
• certspotter
• DNSDumpster
• IPinfo
• ViewDNS

FAQ

Why in Bash and not in Python?

I find more subdomains with my tools?

Introduction

Background

Purpose

Documentation

Prerequisites

Supported processor architectures

• x86_64 / amd64

Supported operating system versions

• CentOS 7
• Debian 8
• Debian 9
• FreeBSD 11.2
• FreeBSD 12.0
• Ubuntu 16.04
• Ubuntu 18.04

Supported database engine versions

Supported Perl versions

Supported Client Browser versions

Localization

• en.UTF-8
• fr.UTF-8
• sv.UTF-8
• da.UTF-8 (*)

Zonemaster and its components

• Zonemaster-LDNS - LDNS with a Perl frontend used by Zonemaster-Engine.
• Zonemaster-Engine - The Zonemaster test library.
• Zonemaster-CLI - A Command Line Interface (CLI) to the test library (Zonemaster-Engine).
• Zonemaster-Backend - A JSON/RPC interface with database to the test library (Zonemaster-Engine).
• Zonemaster-GUI - A web user interface to the test library via Zonemaster-Backend.

Installation

Versions

Participation

• zonemaster-users
• zonemaster-devel

time perl -MZonemaster::Engine -E 'say join "\n", Zonemaster::Engine->test_module("BASIC", "zonemaster.net")'

    

Installation

go get github.com/semihalev/sdns

docker run -d --name sdns -p 53:53 -p 53:53/udp -p 853:853 -p 8053:8053 -p 8080:8080 sdns

• Port 53 DNS server
• Port 853 DNS-over-TLS server
• Port 8053 DNS-over-HTTPS server
• Port 8080 HTTP API

Building

$ go build

Flags

Configs

Server Configuration Checklist

• Increase file descriptor on your server

Features

• Linux/BSD/Darwin/Windows supported
• DNS RFC compatibility
• DNS lookups within listed servers
• DNS caching
• DNSSEC validation
• DNS over TLS support
• DNS over HTTPS support
• Middleware Support
• RTT priority within listed servers
• EDNS Cookie Support (client<->server)->
• Basic IPv6 support (client<->server)->
• Query based ratelimit
• IP based ratelimit
• Access list
• Prometheus basic query metrics
• Black-hole internet advertisements and malware servers
• HTTP API support
• Outbound IP selection

• Support for DNS-over-TLS (DoT)
• Support for DNS-over-HTTPS (DoH)
• Support for plain DNS, UDP and TCP for incoming and outgoing requests
• Connection reuse and pipelining queries for efficiency
• Multiple failover and load-balancing algorithms
• Custom blocklists
• Routing of queries based on query type, query name, or client IP
• Written in Go - Platform independent

• DNS-over-TLS listeners
• DNS-over-HTTP listeners
• Configurable TLS options, like keys and certs
• Dot and DoH listeners should support padding as per RFC7830 and RFC8467
• Introduce logging levels

Installation

go get -u github.com/folbricht/routedns/cmd/routedns

Configuration

Resolvers

• udp - Plain (unencrypted) DNS over UDP
• tcp - Plain (unencrypted) DNS over TCP
• dot - DNS-over-TLS
• doh - DNS-over-HTTP

[resolvers]

  [resolvers.cloudflare-dot]
address = "1.1.1.1:853"
protocol = "dot"

  [resolvers.cloudflare-doh]
address = "https://1.1.1.1/dns-query{?dns}"
protocol = "doh"

  [resolvers.google-udp-8-8-8-8]
address = "8.8.8.8:53"
protocol = "udp"

  [resolvers.google-udp-8-8-4-4]
address = "8.8.4.4:53"
protocol = "udp"

Groups

• round-robin - Each resolver in the group receives an equal number of queries. There is no failover.
• fail-rotate - One resolver is active. If it fails the next becomes active and the request is retried. If the last one fails the first becomes the active again. There's no time-based automatic fail-back.
• fail-back - Similar to fail-rotate but will attempt to fall back to the original order (prioritizing the first) if there are no failures for a minute.

[groups]

  [groups.google-udp]
resolvers = ["google-udp-8-8-8-8", "google-udp-8-8-4-4"]
type = "round-robin"

Routers

• type - If defined, only matches queries of this type
• name - A regular expession that is applied to the query name. Note that dots in domain names need to be escaped
• source - Network in CIDR notation. Used to route based on client IP.
• resolver - The identifier of a resolver, group, or another router that was defined earlier.

[routers]

  [routers.router1]

    [[routers.router1.routes]]
type = "MX"
name = '(^|\.)google\.com\.$'
resolver="google-udp"

    [[routers.router1.routes]] # A route without type and name becomes the default route for all other queries
resolver="cloudflare-dot"

Listeners

[listeners]

  [listeners.local-udp]
address = "127.0.0.1:53"
protocol = "udp"
resolver = "router1"

  [listeners.local-tcp]
address = "127.0.0.1:53"
protocol = "tcp"
resolver = "router1"

Use-cases / Examples

User case 1: Use DNS-over-TLS for all queries locally

[resolvers]

  [resolvers.cloudflare-dot]
address = "1.1.1.1:853"
protocol = "dot"

[listeners]

  [listeners.local-udp]
address = "127.0.0.1:53"
protocol = "udp"
resolver = "cloudflare-dot"

  [listeners.local-tcp]
address = "127.0.0.1:53"
protocol = "tcp"
resolver = "cloudflare-dot"

User case 2: Prefer secure DNS in a corporate environment

[resolvers]

# Define the two company DNS servers. Both use plain (insecure) DNS over UDP
  [resolvers.mycompany-dns-a]
address = "10.0.0.1:53"
protocol = "udp"

  [resolvers.mycompany-dns-b]
address = "10.0.0.2:53"
protocol = "udp"

# Define the Cloudflare DNS-over-HTTPS resolver (GET methods) since that is most likely allowed outbound
  [resolvers.cloudflare-doh-1-1-1-1-get]
address = "https://1.1.1.1/dns-query{?dns}"
protocol = "doh"
doh = { method = "GET" }

[groups]

# Since the company DNS servers have a habit of failing, group them into a group that switches on failure
  [groups.mycompany-dns]
resolvers = ["mycompany-dns-a", "mycompany-dns-b"]
type = "fail-rotate"

[routers]

  [routers.router1]

# Send all queries for '*.mycompany.com.' to the company's DNS, possibly through a VPN tunnel
    [[routers.router1.routes]]
name = '(^|\.)mycompany\.com\.$'
resolver="mycompany-dns"

# Everything else can go securely to Cloudflare
    [[routers.router1.routes]]
resolver="cloudflare-doh-1-1-1-1-get"

[listeners]

  [listeners.local-udp]
address = "127.0.0.1:53"
protocol = "udp"
resolver = "router1"

  [listeners.local-tcp]
address = "127.0.0.1:53"
protocol = "tcp"
resolver = "router1"

Use case 3: Restrict access to potentially harmful content

[resolvers]

  [resolvers.cleanbrowsing-dot]
address = "family-filter-dns.cleanbrowsing.org:853"
protocol = "dot"

  [resolvers.cloudflare-dot]
address = "1.1.1.1:853"
protocol = "dot"

[groups]

  [groups.cleanbrowsing-filtered]
type = "blocklist"
resolvers = ["cleanbrowsing-dot"] # Anything that passes the filter is sent on to this resolver
blocklist = [                     # Define the names to be blocked
'(^|\.)facebook.com.$',
'(^|\.)twitter.com.$',
  ]

[routers]

  [routers.router1]

    [[routers.router1.routes]]
source = "192.168.1.123/32"# The IP or network that will use the blocklist in CIDR notation
resolver="cleanbrowsing-filtered"

    [[routers.router1.routes]]     # Default for everyone else
resolver="cloudflare-dot"

[listeners]

  [listeners.local-udp]
address = ":53"
protocol = "udp"
resolver = "router1"

  [listeners.local-tcp]
address = ":53"
protocol = "tcp"
resolver = "router1"

Links

• DNS-over-TLS RFC - https://tools.ietf.org/html/rfc7858
• DNS-over-HTTPS RFC - https://tools.ietf.org/html/rfc8484

Key Features

• Full support for a variety of resource records
  • Both IPv4 (A) and IPv6 (AAAA) addresses
  • CNAME alias records
  • Delegation via NS and SOA records
  • SRV and PTR for service discovery and reverse domain lookups
• Multiple resource records of different types per domain (where valid)
• Support for wildcard domains
• Support for TTLs
  • Global default on all records
  • Individual TTL values for individual records
• Runtime and application metrics are captured regularly for monitoring (stdout or grahite)
• Incoming query filters

Production Readyness

Why did we build discodns?

         +-----------+   +---------+
         |           |   |         |
         |  Servers  |   |  Users  |
         |           |   |         |
         +------+----+   +----+----+
                |             |
         +------v-------------v----+
         |                         |
         |    Forwarders (BIND)    |
         |                         |
         +----+---+---------+------+
              |   |         |
+----------+  |   |         |
|          |  |   |         |
| discodns <-- v---="">   Intertubes   |
        |             |          |                |
        |  Something  |          +----------------+
        |    Else     |
        |             |
        +-------------+
-->

Why etcd?

Getting Started

Building

cd discodns
make

Running

cd discodns/build/
sudo ./bin/discodns --etcd=127.0.0.1:4001

Try it out

curl -L http://127.0.0.1:4001/v2/keys/net/discodns/.A -XPUT -d value="10.1.1.1"
{"action":"set","node":{"key":"/net/discodns/.A","value":"10.1.1.1","modifiedIndex":11,"createdIndex":11}}

$ @localhost discodns.net.
;<<>> DiG 9.8.3-P1 <<>> @localhost discodns.net.
; .. truncated ..

;; QUESTION SECTION:
;discodns.net.            IN  A

;; ANSWER SECTION:
discodns.net.     0   IN  A   10.1.1.1

Authority

SOA

curl -L http://127.0.0.1:4001/v2/keys/net/discodns/.SOA -XPUT -d value=$'ns1.discodns.net.\tadmin.discodns.net.\t3600\t600\t86400\t10'
{"action":"set","node":{"key":"/net/discodns/.SOA","value":"...","modifiedIndex":11,"createdIndex":11}}

ns1.discodns.net     << - This is the root, master nameserver for this delegated domain
admin.discodns.net   << - This is the "admin" email address, note the first segment is actually the user (`admin@discodns.net`)
3600                 << - Time in seconds for any secondary DNS servers to cache the zone (used with `AXFR`)
600                  << - Interval in seconds for any secondary DNS servers to re-try in the event of a failed zone update
86400                << - Expiry time in seconds for any secondary DNS server to drop the zone data (too old)
10                   << - Minimum TTL that applies to all DNS entries in the zone

NS

curl -L http://127.0.0.1:4001/v2/keys/net/discodns/.NS/ns1 -XPUT -d value=ns1.discodns.net.
{"action":"set","node":{"key":"/net/discodns/.NS/ns1","value":"...","modifiedIndex":12,"createdIndex":12}}

curl -L http://127.0.0.1:4001/v2/keys/net/discodns/.NS/ns2 -XPUT -d value=ns2.discodns.net.
{"action":"set","node":{"key":"/net/discodns/.NS/ns2","value":"...","modifiedIndex":13,"createdIndex":13}}

Storage

• discodns.net. -> A record -> [10.1.1.1, 10.1.1.2]
  • /net/discodns/.A/foo -> 10.1.1.1
  • /net/discodns/.A/bar -> 10.1.1.2

$ dig @localhost discodns.net.
;<<>> DiG 9.8.3-P1 <<>> @localhost discodns.net.
; .. truncated ..

;; QUESTION SECTION:
;discodns.net.            IN  A

;; ANSWER SECTION:
discodns.net.     0   IN  A   10.1.1.1
discodns.net.     0   IN  A   10.1.1.2

Record Types

• A (ipv4)
• AAAA (ipv6)
• TXT
• CNAME
• NS
• PTR
• SRV

TTLs (Time To Live)

• /net/discodns/.A -> 10.1.1.1
• /net/discodns/.A.ttl -> 18000

• /net/discodns/.TXT/foo -> foo
• /net/discodns/.TXT/bar -> bar
• /net/discodns/.TXT/bar.ttl -> 18000

Value storage formats

SOA

• Primary nameserver
• 'Responsible Person' (admin email)
• Refresh
• Retry
• Expire
• Minimum TTL

SRV

• Priority
  • For clients wishing to choose between multiple service instances
  • 16bit unsigned int
• Weight
  • For clients wishing to choose between multiple service instances
  • 16bit unsigned int
• Port
  • The standard port number where the service can be found on the host
  • 16bit unsigned int
• Target
  • a regular domain name for the host where the service can be found
  • must be resolvable to an A/AAAA record.

Metrics

Query Filters

--accept="discodns.net:" # Accept any queries within the discodns.net domain
--accept="discodns.net:SRV,PTR" # Accept only PTR and SRV queries within the discodns domain
--reject="discodns.net:AAAA" # Reject any queries within the discodns.net domain that are for IPv6 lookups.

from https://github.com/duedil-ltd/discodns

Docker installation

Usage

Post installation

Test

Demo proxy server

Updating

Limitations

Supported on-demand Internet streaming services

United States

United Kingdom

Contributing

Advanced configuration

查字典的工具，在 shell 下使用，通过网络查询，方便喜欢英文的 Linux/Mac Hackers 使用。

优点是速度快，并且无须客户端，随时可以查哦～

Features

1. 速度快，跟本机一样快～
2. 支持词组

   $ j a little
   少量, 少许

3. 支持 任何语言->任何语言（理论上支持，暂缺词库）

   $ j 西藏
   Tibet

4. 区分大小写

   $ j frank
   [fræŋk]
   adj.
   坦白的, 率直的, 老实的
   vt.
   免费邮寄
   n.
   免费邮寄特权

   大写

   $ j Frank
   [fræŋk]
   n.
   弗兰克（男子名）

5. 模糊查找

   $ j appe
   No word 'appe' found, did you mean:
    1. nappe [næp] n. 越过水坝落下的水, 叠层结构, 等分半圆锥
    2. apple ['æpl] n. 苹果, 似苹果的果实
    3. appel [ә'pel] n. 灵快的踏足, 垫步

Usage

1. 在 ~/.bashrc 的末尾添加下面几行

   # jianbing.org on DNS
   functionj {
       dig "$*.jianbing.org" +short txt | perl -pe's/\\(\d{1,3})/chr $1/eg; s/(^"|"$)//g'
   }

2. 重新打开你的 shell 或者 $ . ~/.bashrc
3. Enjoy jianbing on DNS

   $ j cat
   [kæt]
   n.
   猫

Installation

1. 安装virtualenv和依赖

   $ virtualenv env
   $ . ./env/bin/activate
   $ pip install dnslib # easy & fast than dnspython
   $ pip install gevent # fastest network library
   $ apt-get install aspell # spelling check. or $ yum install aspell

2. 下载星际译王词库

   $ #（因为比较难下载到，仓库里提供了一个压缩包
   $ #如果你不是用的这个，需要修改 stardict.py 里的配置
   $ tar xvf stardict-lazyworm-ec-2.4.2.tar.bz2
   $ cd stardict-lazyworm-ec-2.4.2
   $ gunzip -S '.dz' lazyworm-ec.dict.dz

3. 运行

   $ sudo ./jianbing-dns.py

4. 如果需要管理进程，请使用 supervisor
5. 本机测试，在 ~/.bashrc 的末尾添加下面几行

   # jianbing.org on DNS
   functionj {
       dig "$*.jianbing.org" +short txt @localhost | perl -pe's/\\(\d{1,3})/chr $1/eg; s/(^"|"$)//g'
   }

6. 部署到外网，修改解析（可选）
   1. 为 ns1.youdomain.com 添加一个 A 记录，指向你的服务器地址
   2. 添加一个DNS泛解析，在 *.yourdomain.com 添加 NS 记录指向 ns1.yourdomain.com
   3. 修改上一步的那几行，去掉 @localhost，将 jianbing.org 改为 yourdomain.com
7. 验证上一步

   $ dig +trace apple.yourdomain.com

The Go Language Version - 2012-09-27

1. 新增了 Go 版本，没有全面测试，速度应该是比 python 快一些

   $ mkdir your-local-go-location
   $ cd your-local-go-location
   $ export GOPATH=/path/to/your-local-go-location
   $ go get github.com/chuangbo/jianbing-dictionary-dns/golang/jianbing-dns
   $ sudo ./bin/jianbing-dns

增加模糊查找功能 - 2012-11-22

更换了模糊查找的实现 - 2013-01-15

这里有徐宥老师翻译的文章，很值得一看 http://blog.youxu.info/spell-correct.html

0. 引言

1. 什么是WireGuard-Go

2. 安装WireGuard-Go

2.1 前提条件

任何虚拟化架构或者物理机架构
内存>512MB （推荐>1GB，如果内存不足推荐通过增加Swap的方式临时扩展内存）
磁盘可用空间>5GB
安装Golang环境 (下文会具体讲安装及编译过程)

OpenVZ虚拟化架构 (Docker/LXC尚未进行测试)
内存>128MB (推荐>256MB)
磁盘可用空间>500MB
开启TUN/TAP (可以在VPS后台控制面板中检查并打开此项)

2.2 准备编译环境

wget -O /tmp/golang.tar.gz https://dl.google.com/go/go1.12.4.linux-amd64.tar.gz
tar -C /usr/local -xvzf /tmp/golang.tar.gz

export PATH=$PATH:/usr/local/go/bin

2.3 编译WireGuard-Go

mkdir -p /tmp/gobuild/ && cd /tmp/gobuild/
git clone https://git.zx2c4.com/wireguard-go
cd wireguard-go

export GOPATH="/tmp/gobuild/"
go build -v -o "wireguard-go"

cp wireguard-go /usr/sbin/wireguard-go

https://download.ilemonrain.com/WireGuard-Go/precompile/wireguard-go.gz

2.4 安装并配置WireGuard

apt-get install libmnl-dev libelf-dev build-essential pkg-config

yuminstalllibmnl-develelfutils-libelf-develpkg-config @development-tools

mkdir -p /tmp/build/ && cd /tmp/build/
git clone https://git.zx2c4.com/WireGuard
cd wireguard-go/src/tools

make && make install

3. 配置WireGuard-Go

WARNING WARNING WARNING WARNING WARNING WARNING WARNING
W G
W You are running this software on a Linux kernel, G
W which is probably unnecessary and foolish. This G
W is because the Linux kernel has built-in first G
W class support for WireGuard, and this support is G
W much more refined than this slower userspace G
W implementation. For more information on G
W installing the kernel module, please visit: G
W https://www.wireguard.com/install G
W G
W If you still want to use this program, against G
W the advice here, please first export this G
W environment variable: G
W WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1 G
W G
WARNING WARNING WARNING WARNING WARNING WARNING WARNING

export WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1

wireguard-go wg

mkdir -p /etc/wireguard/ && cd /etc/wireguard/

wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey

root@ovzhost:~# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever

2: venet0: mtu 1500 qdisc noqueue state UNKNOWN

link/void
inet 127.0.0.2/32 scope host venet0
inet X.X.X.X/32 brd X.X.X.X scope global venet0:0

3: wg: mtu 1420 qdisc noop state DOWN qlen 500
link/none

echo"[Interface]
PrivateKey = $(cat sprivatekey)
Address = 10.0.0.1/24 
PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
ListenPort = 6666
MTU = 1420

[Peer]
PublicKey = $(cat cpublickey)
AllowedIPs = 10.0.0.2/32" | sed '/^#/d;/^\s*$/d'> wg0.conf

echo"[Interface]
PrivateKey = $(cat cprivatekey)
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420

[Peer]
PublicKey = $(cat spublickey)
Endpoint = $(curl -s whatismyip.akamai.com):6666
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 30" | sed '/^#/d;/^\s*$/d'> client.conf

echo 1> /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1">> /etc/sysctl.conf
sysctl -p

wg-quick up wg0

[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
[!] Missing WireGuard kernel module. Falling back to slow userspace implementation.
[#] wireguard-go wg0
WARNING WARNING WARNING WARNING WARNING WARNING WARNING
W G
W You are running this software on a Linux kernel, G
W which is probably unnecessary and foolish. This G
W is because the Linux kernel has built-in first G
W class support for WireGuard, and this support is G
W much more refined than this slower userspace G
W implementation. For more information on G
W installing the kernel module, please visit: G
W https://www.wireguard.com/install G
W G
WARNING WARNING WARNING WARNING WARNING WARNING WARNING
INFO: (wg0) 2019/04/19 09:45:50 Starting wireguard-go version 0.0.20190409-9-gd024393
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE

4. 一点点善后工作...

systemctl enable wg-quick@wg0

rm -rf /tmp/gobuild/
rm -rf /tmp/build/
rm -f /tmp/golang.tar.gz

0. 一点废话

1. 安装必要环境

yum makecache fast
yum install git gcc make -y

dnf makecache
dnf install git gcc make -y

apt-get update
apt-getinstall git gcc make -y

2. 安装vlmcsd

git clone https://github.com/Wind4/vlmcsd.git

cd vlmcsd/
make

cp bin/* /usr/sbin/

3. 启动KMS服务器并验证配置

vlmcsd

vlmcs

[root@localhost bin]# ./vlmcs
Connecting to 127.0.0.1:1688 ... 127.0.0.1:1688: Connection refused
Fatal: Could not connect to any KMS server
[root@localhost bin]#

[root@localhost bin]# ./vlmcs
Connecting to 127.0.0.1:1688 ... successful
Sending activation request (KMS V6) 1 of 1 -> 05426-03858-004-728820-03-1051-9200.0000-3322017
(3A1C049600B60076)
[root@localhost bin]#

4. 使用KMS服务器激活系统 (Windows端)

slmgr /skms [你的KMS服务器IP地址]

密钥管理服务计算机名称成功地设置为 x.x.x.x。

slmgr /ato

• 无法安装CentOS 7系统
• 只能装 CentOS/Ubuntu/Debian ，其他系统无法重装
• 无法引导自己需要的ISO镜像
  总之就是世界上没有太完美的事物嘛，所以自己丰衣足食找个补充方案。
  在前几天研究 netboot.xyz 的ISO启动网络安装的方案后，我一直在想，如果使用者的服务器不提供iPXE/gPXE的话（比如一闪而过，根本不给按Ctrl+B的机会），那么是不是就真的无解了呢？
  然后我在服务器上翻了一遍又一遍，发现了在角落里瑟瑟发抖的Grub，就决定是你了，皮卡丘！（雾）

• 请准备好VNC！安装过程中全程使用VNC完成！
• 教程不适用于 OpenVZ / LXC 虚拟化！
• 请确保你的服务器内存足够大！因为安装镜像需要加载到内存中运行，所以建议预留出来双倍于镜像大小的空间（或者 (系统运行所需的内存+镜像大小)×1.2 ）！以防止启动或安装过程中因为内存不足诱发的Out Of Memory/Kernel Panic！
• 建议将镜像下载到磁盘中，避免启动时下载镜像！如果网络缓慢或稳定的话，可能会极大延长启动时间！
• 目前此教程仅适用于使用 Grub+BIOS+MBR 引导的系统！（也就是如果在你的 /boot 文件夹中发现了EFI字样的文件夹，十有八九是Grub+UEFI+GPT）

Step 1：检测系统环境

ls /boot/grub/grub.cfg

ls /boot/grub/grub.cfg
则说明存在Grub引导，如果返回结果为：
ls: cannot access /boot/grub/grub.cfg: No such file or directory
则说明系统并不是使用Grub作为引导，可以考虑关掉教程了（当然部分系统可能使用grub2做引导，请根据实际情况进行修改）

df -h

Filesystem Size Used Avail Use% Mounted on
/dev/vda1 25G 1.8G 22G 8% /
udev 10M 0 10M 0% /dev
tmpfs 201M 4.4M 196M 3% /run
tmpfs 501M 0 501M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 501M 0 501M 0% /sys/fs/cgroup

Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 799M 19M 781M 3% /run
/dev/md0 137G 18G 113G 14% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/vda1 232M 36M 180M 17% /boot
tmpfs 799M 0 799M 0% /run/user/0

Step 2：下载系统镜像

curl -o /boot/isoboot.iso https://mirrors.aliyun.com/ubuntu-releases/releases/16.04.5/ubuntu-16.04.5-server-amd64.iso

wget -O /boot/isoboot.iso https://mirrors.aliyun.com/ubuntu-releases/releases/16.04.5/ubuntu-16.04.5-server-amd64.iso

Step 3：准备Memdisk

apt-get install syslinux -y

yum install syslinux -y

cp -f /usr/share/syslinux/memdisk /boot/memdisk

Step 4：处理Grub引导项目

cd /etc/grub.d/
ls

00_header 05_debian_theme 10_linux 20_linux_xen 30_os-prober 30_uefi-firmware 40_custom 41_custom README

#!/bin/sh
cat <'OS Web Install'

Automated Dynamic DNS Client

 

https://github.com/troglobit/inadyn/releases

Table of Contents

• Introduction
• Supported Providers
• Configuration
• Custom DDNS Providers
• Build & Install
• Building from GIT
• Origin & References

Introduction

Supported Providers

• https://freedns.afraid.org
• https://nsupdate.info
• https://duckdns.org
• https://freemyip.com
• https://www.loopia.com
• https://www.dyndns.org, https://dyn.com
• https://www.zoneedit.com
• https://www.no-ip.com
• https://www.easydns.com
• https://www.dnsomatic.com
• https://dns.he.net
• https://www.tunnelbroker.net
• https://www.sitelutions.com
• https://www.dnsexit.com
• https://www.changeip.com
• https://www.dhis.org
• https://www.namecheap.com
• https://domains.google
• https://www.ovh.com
• https://www.dtdns.com
• https://giradns.com
• https://www.duiadns.net
• https://ddnss.de
• https://dynv6.com
• https://spdyn.de
• https://www.strato.com
• https://www.cloudxns.net
• https://www.dnspod.cn
• https://www.dynu.com
• https://www.selfhost.de
• https://connect.yandex.ru
• https://www.cloudflare.com

Configuration

inadyn --check-config

inadyn --check-config -f /path/to/file.conf

Example

# In-A-Dyn v2.0 configuration file format
period          = 300
user-agent      = Mozilla/5.0

# The FreeDNS username must be in lower case
# The password (max 16 chars) is case sensitive
provider freedns {
    username    = lower-case-username
    password    = case-sensitive-pwd
    hostname    = some.example.com
}

provider freemyip {
    password    = YOUR_TOKEN
    hostname    = YOUR_DOMAIN.freemyip.com
}

provider dyn {
    ssl         = false
    username    = charlie
    password    = snoopy
    hostname    = { peanuts, woodstock }
 user-agent  = Mozilla/4.0
}

# With multiple usernames at the same provider, index with :#
provider no-ip.com:1 {
    username    = ian
    password    = secret
    hostname    = flemming.no-ip.com
 user-agent  = inadyn/2.2
}

# With multiple usernames at the same provider, index with :#
provider no-ip.com:2 {
    username       = james
    password       = bond
    hostname       = spectre.no-ip.com
 checkip-ssl    = false
    checkip-server = api.ipify.org
}

# With multiple usernames at the same provider, index with :#
provider no-ip.com:3 {
    username        = spaceman
    password        = bowie
    hostname        = spaceman.no-ip.com
    checkip-command = "/sbin/ifconfig eth0 | grep 'inet6 addr'"
}

# Note: hostname == update-key from Advanced tab in the Web UI
provider tunnelbroker.net {
    username    = futurekid
    password    = dreoadsad/+dsad21321    # update-key-in-advanced-tab
    hostname    = 1234534245321           # tunnel-id
}

provider dynv6.com {
    username = your_token
    password = n/a
    hostname = { host1.dynv6.net, host2.dynv6.net }
}

provider cloudxns.net {
    username = your_api_key
    password = your_secret_key
    hostname = yourhost.example.com
}

provider dnspod.cn {
     username = your_api_id
     password = your_api_token
     hostname = yourhost.example.com
}

provider cloudflare.com {
     username = your_email
     password = your_api_token
     hostname = yourhost.example.com
}

Custom DDNS Providers

custom twoDNS {
    username       = myuser
    password       = mypass
    checkip-server = checkip.two-dns.de
    checkip-path   = /
    ddns-server    = update.twodns.de
    ddns-path      = "/update?hostname="
    hostname       = myhostname.dd-dns.de
}

custom namecheap {
    username    = myuser
    password    = mypass
    ddns-server = dynamicdns.park-your-domain.com
    ddns-path   = "/update?domain=YOURDOMAIN.TLD&password=mypass&host="
    hostname    = { "alpha", "beta", "gamma" }
}

custom kruskakli {
    username    = myuser
    password    = mypass
    ddns-server = dynamicdns.park-your-domain.com
    ddns-path   = "/update?password=mypass&domain="
    hostname    = YOURDOMAIN.TLD
}

# This emulates dyndns.org
custom dyn {
    username    = DYNUSERNAME
    password    = DYNPASSWORD
    ddns-server = members.dyndns.org
    ddns-path   = "/nic/update?hostname=%h.dyndns.org&myip=%i"
    hostname    = { YOURHOST, alias }
}

checkip-server = api.ipify.org

checkip-command = /sbin/ifconfig eth0 | grep 'inet addr'

Build & Install

Homebrew (macOS)

brew install inadyn

brew install --HEAD troglobit/inadyn/inadyn

Building from Source

• https://github.com/troglobit/inadyn/releases

• libConfuse (3.0+)
• LibreSSL, OpenSSL, or GnuTLS

$ sudo apt install gnutls-dev libconfuse-dev

$ sudo apt install build-essential pkg-config

Configure & Build

$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
$ make -j5
$ sudo make install-strip

SSL/TLS Support

./configure --enable-openssl

./configure --disable-ssl

• https://lists.debian.org/debian-legal/2004/05/msg00595.html
• https://people.gnome.org/~markmc/openssl-and-the-gpl

RedHat, Fedora, CentOS

/usr/local/lib

sudo ldconfig -v |egrep libconfuse

PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure

Integration with systemd

$ sudo systemctl enable inadyn.service
$ sudo systemctl start  inadyn.service

$ sudo systemctl status inadyn.service

Building from GIT

• configure.ac and a per-directory Makefile.am are key files
• configure and Makefile.in are generated from autogen.sh, they are not stored in GIT but automatically generated for the release tarballs
• Makefile is generated by configure script

$ sudo apt install git automake autoconf

git clone https://github.com/troglobit/inadyn.git
cd inadyn/
./autogen.sh
./configure && make

Building with Docker

docker build -t inadyn:latest .
docker run --rm -v "$PWD/inadyn.conf:/etc/inadyn.conf" inadyn:latest

Origin & References