可領全套安全課程、配套攻防靶場
查看CVE推送每日更新,做成類似於新聞頭條的推送是企業安全從業人員最應該掌控的能力。
隨著安全體系工作的開展,每位甲方安全從業者從開始的朋友圈接收漏洞信息,到各個平臺接收漏洞信息,但無論是三方還是朋友圈,都不能百分之百貼合與及時的自己想要掌控的漏洞信息,也正是基於這點,我開始自己做CVE的推送工作。
首先要爬取CVE,有一個比較方便的網站,內裡集成了每天發佈或更新的CVE
URL:https://cassandra.cerias.purdue.edu/CVE_changes/today.html
每一個鏈接都會鏈接到CVE漏洞詳情中
那我們使用python針對CVE進行信息的爬取
<code>headers = { 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding':'gzip, deflate', 'Upgrade-Insecure-Requests':'1', } url = "https://cassandra.cerias.purdue.edu/CVE_changes/today.html" def get_cve_urls(): '''獲取最新的cve漏洞url地址''' start_content = 'New entries' # 起始字符串 end_content = 'Graduations' response = requests.get(url, headers=headers, timeout=60) response = str(response.text) start_index = response.index(start_content) if start_index >= 0: start_index += len(start_content) end_index = response.index(end_content) cve_urls_content = response[start_index:end_index] # 獲取網頁的指定範圍 soup = BeautifulSoup(cve_urls_content,'lxml') cve_url_lists = [] # 存放獲取到的cve url for u in soup.find_all('a'): cve_url = u["href"] cve_url_lists.append(cve_url) #\t print(cve_url) return cve_url_lists def get_cve_info(): '''獲取最新cve漏洞信息''' print '[*] 最新cve漏洞信息:\\n' sleep(2) cve_urls = get_cve_urls() numid = 1 for cve_url in cve_urls: response = requests.get(cve_url,headers=headers,timeout=60) response = response.text soup = BeautifulSoup(response,'lxml') table = soup.find("div",id="GeneratedTable").find("table") # 獲取table標籤內容 cve_id = table.find_all("tr")[1].find("td",nowrap="nowrap").find("h2").string # cve id cve_description = table.find_all("tr")[3].find("td").string # cve 介紹/<code>
其中會有一部分英文的CVE介紹會存在特殊字符,比如單引號,這時我們需要將單引號做處理後才能輸出
<code> if str(cve_description).find('\\'') != -1: cve_description = str(cve_description).replace('\\'', '') print('替換特殊字符處理--\\'') print(str(cve_description))/<code>
CVE介紹為英文,如果想翻譯安裝trans插件,詳細請自行百度
由於每天新增的CVE過多,可以添加自己關注的組件漏洞,關注的漏洞才發送
由於CVE官方並沒有漏洞等級的介紹,可以將此CVE放到NVD中獲取漏洞風險等級
<code> base_url = 'https://nvd.nist.gov/vuln/detail/'+cve_id base_score = requests.get(base_url,headers=headers,timeout=60) response_score = base_score.text soup_score = BeautifulSoup(response_score,'lxml') soup_score_div = soup_score.find("div",id="p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Vuln3CvssPanel") soup_score_tag = soup_score_div.find_all(id=re.compile("p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Cvss3NistCalculatorAnchor*"))[0].string print(soup_score_tag) print("[+] cve漏洞等級:"+soup_score_tag)/<code>
如此基本集成了漏洞推送的各個組件
整體代碼:
<code>from time import sleep import requests from bs4 import BeautifulSoup import re import smtplib from email.mime.text import MIMEText from email.header import Header import datetime import os import sys cvelist=[] cvelist.append('New vulnerability ') if sys.getdefaultencoding() != 'utf-8': reload(sys) sys.setdefaultencoding('utf-8') now_time = datetime.datetime.today().strftime('%Y,%m,%d') yesterday_time = datetime.datetime.today()+datetime.timedelta(-1) yesterday = yesterday_time.strftime('%Y.%m.%d') now_year = yesterday_time.strftime('%Y') print(yesterday) cvelist.append(now_time) cvelist.append('
') component_lists = ['tomcat','nginx','apache','kibana','elastic','logstash','jackson','fastjson','windows','win10','win7','linux','centos','ssh','kernel','jenkins','zabbix','grafana','kubernetes','docker'] headers = { 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding':'gzip, deflate', 'Upgrade-Insecure-Requests':'1', } url = "https://cassandra.cerias.purdue.edu/CVE_changes/today.html" def get_cve_urls(): '''獲取最新的cve漏洞url地址''' start_content = 'New entries' # 起始字符串 end_content = 'Graduations' response = requests.get(url, headers=headers, timeout=60) response = str(response.text) start_index = response.index(start_content) if start_index >= 0: start_index += len(start_content) end_index = response.index(end_content) cve_urls_content = response[start_index:end_index] # 獲取網頁的指定範圍 soup = BeautifulSoup(cve_urls_content,'lxml') cve_url_lists = [] # 存放獲取到的cve url for u in soup.find_all('a'): cve_url = u["href"] cve_url_lists.append(cve_url) #\t print(cve_url) return cve_url_lists def get_cve_info(): '''獲取最新cve漏洞信息''' print '[*] 最新cve漏洞信息:\\n' sleep(2) cve_urls = get_cve_urls() numid = 1 for cve_url in cve_urls: response = requests.get(cve_url,headers=headers,timeout=60) response = response.text soup = BeautifulSoup(response,'lxml') table = soup.find("div",id="GeneratedTable").find("table") # 獲取table標籤內容 cve_id = table.find_all("tr")[1].find("td",nowrap="nowrap").find("h2").string # cve id cve_description = table.find_all("tr")[3].find("td").string # cve 介紹 print "[+] cve漏洞編號:",cve_id if str(cve_description).find('\\'') != -1: cve_description = str(cve_description).replace('\\'', '') print('替換特殊字符處理--\\'') print(str(cve_description)) if any(component in str(cve_description) for component in component_lists): oscve = "trans en:zh-CN '"+str(cve_description)+"'|awk 'NR==3 {print $0}'" oscve_zh = os.popen(oscve).read() cvetitle = ''+str(numid)+'.CVE
' cvelist.append(cvetitle) numid=numid+1 cvelist.append('vulnerability URL:') cvelist.append(cve_url) cvelist.append('
cve id:') cvelist.append(cve_id) cvelist.append('
vulnerability introduction
') cvelist.append(str(cve_description)) cvelist.append('
譯文:') cvelist.append(oscve_zh) base_url = 'https://nvd.nist.gov/vuln/detail/'+cve_id base_score = requests.get(base_url,headers=headers,timeout=60) response_score = base_score.text soup_score = BeautifulSoup(response_score,'lxml') soup_score_div = soup_score.find("div",id="p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Vuln3CvssPanel") soup_score_tag = soup_score_div.find_all(id=re.compile("p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Cvss3NistCalculatorAnchor*"))[0].string print(soup_score_tag) print("[+] cve漏洞等級:"+soup_score_tag) cvelist.append('
cve漏洞等級:') cvelist.append(soup_score_tag) cvelist.append('
') else: print('No Date') mail_host=" " #設置服務器 mail_user=" " #用戶名 mail_pass=" " #口令 sender = ' ' #發件人 receivers = [' '] #收件人 mail_msg=''.join(cvelist) message = MIMEText(mail_msg, 'html', 'utf-8') message['From'] = "{}".format(sender) message['To'] = ",".join(receivers) subject = yesterday+'CVE收錄新增漏洞' message['Subject'] = Header(subject, 'utf-8') try: \tsmtpObj = smtplib.SMTP_SSL(mail_host, 465) \tsmtpObj.login(mail_user, mail_pass) \tsmtpObj.sendmail(sender, receivers, message.as_string()) \tprint "郵件發送成功" except smtplib.SMTPException: \tprint "Error: 無法發送郵件" def main(): get_cve_info() if __name__ == "__main__": main()/<code>
請根據自己的情況填寫郵箱,由於爬取CVE的網站是每天17:02更新漏洞,所以每天早上獲取漏洞的小夥伴記得要採用yesterday變量,每天晚上獲取漏洞的小夥伴採用today即可。
效果如下:
轉載自:https://www.freebuf.com/articles/es/228571.html
今天你知道了嗎
加群,黑客技術大咖在線解答(群號評論區見)
閱讀更多 暗網視界 的文章