Hi there 👋

Surge is a powerful tool on macOS, offering excellent features like Dashboard traffic auditing and SSID-based policy switching. However, its primary drawback is its conservative approach to protocol support. Currently, it does not natively support VLESS (Vision/Reality) or Hysteria2. If you have these high-performance nodes but prefer the Surge interface, the most effective solution is to use sing-box as a local backend. Layered Architecture Logic In this setup, Surge handles the Control Plane (rules, policy groups, and SSID switching), while sing-box handles the Data Plane (network protocols). Surge forwards traffic to the local sing-box instance via SOCKS5, which then establishes the encrypted connection to the remote server. ...

In the age of Cursor, Copilot, and AI Agents, the fundamental attributes of code have changed. In the past, code was a set of instructions for humans to read; today, code is the corpus for AI reasoning. While human developers can rely on “intuition” and project background knowledge, AI relies primarily on its internal Attention Mechanism and probabilistic prediction. This means that if your code logic is obscure, jumpy, or highly dynamic, the AI will hallucinate because it cannot find enough “anchors.” The core of AI-friendly programming is to reduce the entropy of AI prediction through deterministic structures. ...

Writing a blog is more than just outputting words; for an engineer, the blog itself is an engineering project that undergoes continuous iteration and optimization. Since its inception, this site has evolved from simple static page generation to a highly automated system. Today, I’ll share the tech stack and engineering practices behind this blog. 🏗 Full-Stack Architectural Design This site is built on Hugo and utilizes a fully containerized (Docker) deployment scheme. To ensure data sovereignty and minimalist operations, I opted for self-hosted services instead of Algolia or various third-party comment plugins. ...

In previous articles, we discussed the design principles of Masscan and the engineering practices of Naabu. Today, we dive into the code level and use the Go language and Google’s powerful gopacket library to build a simple SYN Scanner with our own hands. Why Not Just Use net.Dial? In Go, the simplest way to check a port is to use net.Dial("tcp", "ip:port"). This corresponds to the OS’s Connect Scan: System sends SYN. Target replies SYN+ACK. System automatically replies ACK (handshake complete). Application layer Dial returns success. Application layer calls Close, sending FIN/RST. Disadvantages of this method: ...

uWSGI + Django Stability CPU Jitter Troubleshooting Record Problem Phenomenon In a stability test, a Django application published using uWSGI showed periodic CPU jitter. From the monitoring chart, it can be seen that a significant CPU usage peak occurs approximately every 4 hours, accompanied by a drop in memory usage: Preliminary Analysis: Attribution to GC Misconception First Instinct: Garbage Collection (GC) Observation: Memory drops when CPU peaks, looking like GC triggering. Time Pattern: Every ~4 hours, showing strong periodicity. Troubleshooting Direction: Check for scheduled GC (none found). Suspicion Direction: All Workers GC Simultaneously Through research, it was found that uWSGI’s pre-fork mode might lead to: ...

In high-concurrency, distributed systems, Nginx is not only a reverse proxy but also the first line of defense for service stability. Recently, while working with a client on high availability tests, I discovered that some functions could be perfectly handled using Nginx configurations. 📌 This article applies to Nginx Open Source (non-Plus), and all configurations have been verified in production environments. 1. Choosing a Load Balancing Strategy Nginx’s upstream module supports various load balancing algorithms. Choosing a reasonable one can significantly improve system stability and resource utilization. ...

Naabu is a modern port scanner built by the ProjectDiscovery team. Written in Go, it focuses on high performance, ease of integration, and usage in engineering pipelines. If Nmap is the classic all-rounder and Masscan is the representative of extreme speed, then Naabu is the “modern, automated, orchestratable” intermediate state between the two. 🚀 Tool Positioning Naabu implements port scanning via SYN/CONNECT/UDP probing methods, supporting: DNS resolution and automatic deduplication IPv4 / IPv6 mixed scanning (experimental) Passive port enumeration (Shodan / InternetDB) Host discovery and Nmap integration Multiple inputs (Domain / IP / CIDR / ASN) and multiple output formats (JSON / TXT / STDOUT) ⚙️ Key Technologies and Implementation in Naabu 1️⃣ Concurrency Model: Goroutine + Worker Pool Naabu uses Go’s native goroutine and channel model to drive large-scale scanning tasks. Each probe task is assigned to a worker pool for asynchronous execution, realizing the flow of “Massive Tasks → Lightweight Threads → Aggregated Output”. ...

Masscan is a classic and extremely high-speed network scanner. This article starts from implementation details to analyze how Masscan sends and receives packets directly at the user level, how it distinguishes responses generated by itself, as well as its target randomization and high-performance network card access technologies. 1. Masscan’s User-Level Sending/Receiving (libpcap) Masscan does not use the operating system’s full protocol stack, but instead sends and receives raw data packets directly on Linux based on libpcap. This brings several important impacts and limitations: ...

Project Origin One day, a classmate threw a GitHub repository link for PoCs into the group chat, containing many PoC markdown documents. I saved it immediately. Recently, building knowledge bases with vector databases has become very convenient, so I thought, why not use tools like AnythingLLM to directly construct a knowledge base? AnythingLLM even supports creating documents directly from GitHub repositories. The effect is as follows: “What are the vulnerabilities of X-OA?” Answer: ...

Introduction SYN Cookies were originally proposed to solve SYN Flood attacks. In high-concurrency network scanning, how to distinguish between TCP packets belonging to the scanner and normal traffic is a critical issue. Scanners (such as Masscan, ZMap) borrow the principle of Syncookies to verify responses without maintaining massive connection states, thereby improving scanning efficiency and reliability. This article will explain the application of Syncookies technology in scanning, combined with the implementation of Masscan. ...