Sharp4ArchiveZip 工具使用与原理详解<\/h1>

1. 工具概述<\/h2>
Sharp4ArchiveZip 是一款基于 .NET 平台 SharpZipLib 库开发的文件压缩工具，专为红队渗透测试设计。它提供了以下核心功能：<\/p>
递归压缩整个目录及其子目录<\/li>
支持排除特定子目录<\/li>
支持排除特定扩展名的文件<\/li>
可控制压缩等级<\/li>
支持简单的密码保护<\/li>
减少传输体积，降低告警风险<\/li> <\/ul>
2. SharpZipLib 基础<\/h2>

2.1 组件介绍<\/h3>
SharpZipLib (ICSharpCode.SharpZipLib) 是一个开源的 .NET 压缩与解压缩库，最初由 SharpDevelop 团队维护，现已成为 .NET 生态中流行的压缩处理组件。<\/p>
支持的压缩格式：<\/p>
ZIP<\/li>
GZIP<\/li>
TAR<\/li> <\/ul>
2.2 安装方式<\/h3>
通过 NuGet 安装：<\/p>
Install-Package SharpZipLib
<\/code><\/pre>
2.3 主要命名空间<\/h3>

ICSharpCode.SharpZipLib.Zip<\/code>：ZIP 格式相关操作

ZipFile<\/code><\/li>
ZipOutputStream<\/code><\/li>
ZipEntry<\/code><\/li>
<\/ul>
<\/li>
ICSharpCode.SharpZipLib.GZip<\/code>：GZIP 格式处理<\/li>
<\/ul>
3. 核心类详解<\/h2>
3.1 ZipOutputStream<\/h3>
ZipOutputStream<\/code> 是用于以流的方式创建 ZIP 压缩文件的核心类，相比 ZipFile.Create<\/code> 或 System.IO.Compression.ZipArchive<\/code>，它提供了：<\/p>

更底层的控制<\/li>
流式处理能力<\/li>
自定义压缩等级<\/li>
密码保护功能<\/li>
<\/ul>
基本使用方法：<\/p>
using<\/span> (var<\/span> zipStream = new<\/span> ZipOutputStream(File.Create(outputPath)))
<\/span><\/span>{
<\/span><\/span>    \/\/ 设置压缩等级（0-9）<\/span>
<\/span><\/span>    zipStream.SetLevel(compressionLevel);
<\/span><\/span>    
<\/span><\/span>    \/\/ 设置密码（可选）<\/span>
<\/span><\/span>    if<\/span> (!string<\/span>.IsNullOrEmpty(password))
<\/span><\/span>    {
<\/span><\/span>        zipStream.Password = password;
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    \/\/ 添加文件到压缩包...<\/span>
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>3.2 ZipEntry<\/h3>
ZipEntry<\/code> 表示 ZIP 文件中的一个条目（压缩包中的文件或文件夹的元信息），包含：<\/p>

文件名<\/li>
是否是目录<\/li>
修改时间<\/li>
原始大小<\/li>
压缩后大小<\/li>
<\/ul>
使用注意事项：<\/p>

Name<\/code> 属性必须使用相对路径<\/li>
添加目录时，路径应以 \/<\/code> 结尾（如 "images\/"<\/code>）<\/li>
<\/ul>
基本使用方法：<\/p>
var<\/span> entry = new<\/span> ZipEntry(entryName)
<\/span><\/span>{
<\/span><\/span>    DateTime = DateTime.Now,
<\/span><\/span>    Size = fileBytes.Length
<\/span><\/span>};
<\/span><\/span>
<\/span><\/span>zipStream.PutNextEntry(entry);
<\/span><\/span>zipStream.Write(fileBytes, 0<\/span>, fileBytes.Length);
<\/span><\/span>zipStream.CloseEntry();
<\/span><\/span><\/code><\/pre>4. Sharp4ArchiveZip 实现解析<\/h2>
4.1 工具用法<\/h3>
Sharp4ArchiveZip.exe <源目录> <输出zip路径> [排除子目录] [排除扩展名]
<\/code><\/pre>
示例：<\/p>
Sharp4ArchiveZip.exe Sharp4AOT 123.zip "obj,.git" ".user,.pdb"
<\/code><\/pre>
参数说明：<\/p>

原始目录路径<\/li>
压缩后 zip 文件输出路径<\/li>
排除的子目录名称（多个以英文逗号分隔）<\/li>
排除的文件扩展名（多个以英文逗号分隔）<\/li>
<\/ol>
4.2 递归压缩实现<\/h3>
核心递归压缩代码：<\/p>
private<\/span> static<\/span> void<\/span> AddDirectoryToZip(string<\/span> path, ZipOutputStream zipStream, string<\/span> rootPath, 
<\/span><\/span>    string<\/span>[] excludeDirs, string<\/span>[] excludeExtensions)
<\/span><\/span>{
<\/span><\/span>    foreach<\/span> (var<\/span> file in<\/span> Directory.GetFiles(path))
<\/span><\/span>    {
<\/span><\/span>        if<\/span> (ShouldExcludeFile(file, excludeExtensions))
<\/span><\/span>            continue<\/span>;
<\/span><\/span>            
<\/span><\/span>        var<\/span> relativePath = GetRelativePath(file, rootPath);
<\/span><\/span>        AddFileToZip(file, relativePath, zipStream);
<\/span><\/span>    }
<\/span><\/span>
<\/span><\/span>    foreach<\/span> (var<\/span> directory in<\/span> Directory.GetDirectories(path))
<\/span><\/span>    {
<\/span><\/span>        if<\/span> (ShouldExcludeDirectory(directory, excludeDirs))
<\/span><\/span>            continue<\/span>;
<\/span><\/span>            
<\/span><\/span>        AddDirectoryToZip(directory, zipStream, rootPath, excludeDirs, excludeExtensions);
<\/span><\/span>        
<\/span><\/span>        \/\/ 添加空目录<\/span>
<\/span><\/span>        if<\/span> (!Directory.EnumerateFileSystemEntries(directory).Any())
<\/span><\/span>        {
<\/span><\/span>            var<\/span> relativePath = GetRelativePath(directory, rootPath) + "\/"<\/span>;
<\/span><\/span>            zipStream.PutNextEntry(new<\/span> ZipEntry(relativePath));
<\/span><\/span>            zipStream.CloseEntry();
<\/span><\/span>        }
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>4.3 排除逻辑实现<\/h3>
排除子目录判断：<\/p>
private<\/span> static<\/span> bool<\/span> ShouldExcludeDirectory(string<\/span> directoryPath, string<\/span>[] excludeDirs)
<\/span><\/span>{
<\/span><\/span>    if<\/span> (excludeDirs == null<\/span> || excludeDirs.Length == 0<\/span>)
<\/span><\/span>        return<\/span> false<\/span>;
<\/span><\/span>        
<\/span><\/span>    var<\/span> dirName = Path.GetFileName(directoryPath);
<\/span><\/span>    return<\/span> excludeDirs.Contains(dirName, StringComparer.OrdinalIgnoreCase);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>排除文件扩展名判断：<\/p>
private<\/span> static<\/span> bool<\/span> ShouldExcludeFile(string<\/span> filePath, string<\/span>[] excludeExtensions)
<\/span><\/span>{
<\/span><\/span>    if<\/span> (excludeExtensions == null<\/span> || excludeExtensions.Length == 0<\/span>)
<\/span><\/span>        return<\/span> false<\/span>;
<\/span><\/span>        
<\/span><\/span>    var<\/span> extension = Path.GetExtension(filePath);
<\/span><\/span>    return<\/span> excludeExtensions.Contains(extension, StringComparer.OrdinalIgnoreCase);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>4.4 文件添加实现<\/h3>
添加单个文件到压缩包：<\/p>
private<\/span> static<\/span> void<\/span> AddFileToZip(string<\/span> filePath, string<\/span> entryName, ZipOutputStream zipStream)
<\/span><\/span>{
<\/span><\/span>    var<\/span> fileBytes = File.ReadAllBytes(filePath);
<\/span><\/span>    
<\/span><\/span>    var<\/span> entry = new<\/span> ZipEntry(entryName)
<\/span><\/span>    {
<\/span><\/span>        DateTime = DateTime.Now,
<\/span><\/span>        Size = fileBytes.Length
<\/span><\/span>    };
<\/span><\/span>
<\/span><\/span>    zipStream.PutNextEntry(entry);
<\/span><\/span>    zipStream.Write(fileBytes, 0<\/span>, fileBytes.Length);
<\/span><\/span>    zipStream.CloseEntry();
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>5. 红队应用场景<\/h2>
Sharp4ArchiveZip 在红队渗透中的典型应用：<\/p>

数据外发<\/strong>：压缩收集到的敏感信息，减少传输体积和告警风险<\/li>
凭据导出<\/strong>：打包导出的凭据文件<\/li>
WebShell 部署<\/strong>：压缩多个 WebShell 文件进行批量部署<\/li>
敏感文件收集<\/strong>：从目标系统中收集并压缩敏感文档<\/li>
日志归档<\/strong>：压缩日志文件以减小体积便于传输<\/li>
<\/ol>
6. 进阶功能扩展<\/h2>
基于 SharpZipLib 可以进一步扩展功能：<\/p>

密码保护<\/strong>：<\/li>
<\/ol>
zipStream.Password = "yourpassword"<\/span>;
<\/span><\/span><\/code><\/pre>
压缩等级控制<\/strong>（0-9）：<\/li>
<\/ol>
zipStream.SetLevel(9<\/span>); \/\/ 最高压缩<\/span>
<\/span><\/span><\/code><\/pre>
内存压缩<\/strong>：不落地直接压缩内存中的数据<\/li>
分卷压缩<\/strong>：支持大文件分卷压缩<\/li>
加密算法选择<\/strong>：支持 AES 等更强加密方式<\/li>
<\/ol>
7. 注意事项<\/h2>


路径处理：<\/p>

始终使用相对路径<\/li>
目录条目必须以 \/<\/code> 结尾<\/li>
<\/ul>
<\/li>

资源释放：<\/p>

确保正确关闭 ZipOutputStream<\/code> 和各个 ZipEntry<\/code><\/li>
使用 using<\/code> 语句保证资源释放<\/li>
<\/ul>
<\/li>

性能考虑：<\/p>

大文件处理时注意内存使用<\/li>
考虑使用缓冲区流式处理<\/li>
<\/ul>
<\/li>

异常处理：<\/p>

处理文件访问权限问题<\/li>
处理路径过长问题<\/li>
<\/ul>
<\/li>
<\/ol>
8. 总结<\/h2>
Sharp4ArchiveZip 作为一款基于成熟 SharpZipLib 库的压缩工具，为红队渗透提供了灵活、高效的文件打包解决方案。通过递归压缩、排除规则和压缩控制等功能，能够在不引起告警的情况下高效完成数据收集和外发任务。理解其核心实现原理后，可以根据实际需求进一步扩展功能，满足更复杂的渗透场景需求。<\/p>