In cybersecurity testing and information gathering, operations such as port scanning, directory scanning, and vulnerability detection often require sending a large number of requests to the target. Without reasonable rate limiting control, it will not only lead to excessive occupation of network bandwidth and system resources but may also trigger firewall/IDS detection and blocking. To balance efficiency and stealth, rate limiting mechanisms are particularly important. Among them, Token Bucket is a common rate limiting algorithm, often used for traffic limiting at gateways, but it can also be used in scanners. ...

When using Logstash for log collection, a common scenario is to use the syslog plugin to collect logs from network devices or security devices. But when you search for logstash syslog plugin, you might find that search engines or ChatGPT give answers about the udp plugin or tcp plugin. This raises some questions: What is the difference between the syslog plugin and the tcp/udp plugins? Why is the official syslog plugin performance poor? Which plugin should be used in a real production environment? This article attempts to analyze the differences between the syslog plugin and tcp/udp plugins, and provides best practices. ...

I used to be a Python developer, having written Python for about 5 years. Recently, I started learning and using Golang for a year. Although my work during this period wasn’t entirely coding-focused, my overall feelings about Golang come down to two main points: Development is indeed very convenient; it is worth studying in depth and mastering as a long-term programming language. It is easy to get started, but not simple to use well. 1. Development Efficiency and Ecological Advantages Golang’s syntax is similar to Python, but its execution efficiency is higher. Its advantages include: ...

Most people who know about network scanners should have heard the name Nmap. If we were to select the most excellent scanning tool, or the top hacker weapon, Nmap would definitely be on the list. Nmap is a free, open-source scanning tool with excellent network asset scanning capabilities. In addition to common port scanning, Nmap also supports operating system detection and service identification. Through its built-in probes and fingerprint library, it can accurately identify the fingerprints of most operating systems and application services. ...

If you are not yet familiar with Git, or haven’t adopted Git as your version control tool, now is a great opportunity to get to know this popular tool. I won’t go into the origins and history of Git here, but I recommend checking them out. This article will not cover the basic operations of Git (there are many excellent tutorials online), but rather share some thoughts on using Git and practical experiences in project management. ...

Overview Port scanning is a crucial step in the information gathering phase and is one of the primary methods for obtaining service information from a target host. Its core relies on the transport layer characteristics of the TCP/IP protocol stack. Common active port scanning can be broadly divided into TCP Scanning and UDP Scanning. UDP Port Scanning Principle Unlike TCP, UDP is a connectionless, stateless protocol, so the information obtained during scanning is relatively limited. ...