查看CVE推送每日更新,做成类似于新闻头条的推送是企业安全从业人员最应该掌控的能力。随着安全体系工作的开展,每位甲方安全从业者从开始的朋友圈接收漏洞信息,到各个平台接收漏洞信息,但无论是三方还是朋友圈,都不能百分之百贴合与及时的自己想要掌控的漏洞信息,也正是基于这点,我开始自己做CVE的推送工作。
首先要爬取CVE,有一个比较方便的网站,内里集成了每天发布或更新的CVE
URL:
每一个链接都会链接到CVE漏洞详情中
那我们使用针对CVE进行信息的爬取
headers = {'User-Agent':'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3','Accept-Encoding':'gzip, deflate','Upgrade-Insecure-Requests':'1',}url = "https://cassandra.cerias.purdue.edu/CVE_changes/today.html"def get_cve_urls():'''获取最新的cve漏洞url地址'''start_content = 'New entries' # 起始字符串end_content = 'Graduations'response = requests.get(url, headers=headers, timeout=60)response = str(response.text)start_index = response.index(start_content)if start_index >= 0:start_index += len(start_content)end_index = response.index(end_content)cve_urls_content = response[start_index:end_index] # 获取网页的指定范围soup = BeautifulSoup(cve_urls_content,'lxml')cve_url_lists = [] # 存放获取到的cve urlfor u in soup.find_all('a'):cve_url = u["href"]cve_url_lists.append(cve_url)# print(cve_url)return cve_url_listsdef get_cve_info():'''获取最新cve漏洞信息'''print '[*] 最新cve漏洞信息:n'sleep(2)cve_urls = get_cve_urls()numid = 1for cve_url in cve_urls:response = requests.get(cve_url,headers=headers,timeout=60)response = response.textsoup = BeautifulSoup(response,'lxml')table = soup.find("div",id="GeneratedTable").find("table") # 获取table标签内容cve_id = table.find_all("tr")[1].find("td",nowrap="nowrap").find("h2").string # cve idcve_description = table.find_all("tr")[3].find("td").string # cve 介绍
其中会有一部分英文的CVE介绍会存在特殊字符nowrap,比如单引号,这时我们需要将单引号做处理后才能输出
if str(cve_description).find(''') != -1:cve_description = str(cve_description).replace('print('替换特殊字符处理--'')print(str(cve_description))
CVE介绍为英文nowrap,如果想翻译安装trans插件,详细请自行百度
由于每天新增的CVE过多,可以添加自己关注的组件漏洞,关注的漏洞才发送
由于CVE官方并没有漏洞等级的介绍,可以将此CVE放到NVD中获取漏洞风险等级
base_url = 'https://nvd.nist.gov/vuln/detail/'+cve_idbase_score = requests.get(base_url,headers=headers,timeout=60)response_score = base_score.textsoup_score = BeautifulSoup(response_score,'lxml')soup_score_div = soup_score.find("div",id="p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Vuln3CvssPanel")soup_score_tag = soup_score_div.find_all(id=re.compile("p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Cvss3NistCalculatorAnchor*"))[0].stringprint(soup_score_tag)print("[+] cve漏洞等级:"+soup_score_tag)
如此基本集成了漏洞推送的各个组件
整体代码:
from time import sleepimport requestsfrom bs4 import BeautifulSoupimport reimport smtplibfrom email.mime.text import MIMETextfrom email.header import Headerimport datetimeimport osimport syscvelist=[]cvelist.append('New vulnerability '
)if sys.getdefaultencoding() != 'utf-8':reload(sys)sys.setdefaultencoding('utf-8')now_time = datetime.datetime.today().strftime('%Y,%m,%d')yesterday_time = datetime.datetime.today()+datetime.timedelta(-1)yesterday = yesterday_time.strftime('%Y.%m.%d')now_year = yesterday_time.strftime('%Y')print(yesterday)cvelist.append(now_time)cvelist.append(' ')component_lists = ['tomcat','nginx','apache','kibana','elastic','logstash','jackson','fastjson','windows','win10','win7','linux','centos','ssh','kernel','jenkins','zabbix','grafana','kubernetes','docker']headers = {'User-Agent':'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3','Accept-Encoding':'gzip, deflate','Upgrade-Insecure-Requests':'1',}url = "https://cassandra.cerias.purdue.edu/CVE_changes/today.html"def get_cve_urls():'''获取最新的cve漏洞url地址'''start_content = 'New entries' # 起始字符串end_content = 'Graduations'response = requests.get(url, headers=headers, timeout=60)response = str(response.text)start_index = response.index(start_content)if start_index >= 0:start_index += len(start_content)end_index = response.index(end_content)cve_urls_content = response[start_index:end_index] # 获取网页的指定范围soup = BeautifulSoup(cve_urls_content,'lxml')cve_url_lists = [] # 存放获取到的cve urlfor u in soup.find_all('a'):cve_url = u["href"]cve_url_lists.append(cve_url)# print(cve_url)return cve_url_listsdef get_cve_info():'''获取最新cve漏洞信息'''print '[*] 最新cve漏洞信息:n'sleep(2)cve_urls = get_cve_urls()numid = 1for cve_url in cve_urls:response = requests.get(cve_url,headers=headers,timeout=60)response = response.textsoup = BeautifulSoup(response,'lxml')table = soup.find("div",id="GeneratedTable").find("table") # 获取table标签内容cve_id = table.find_all("tr")[1].find("td",nowrap="nowrap").find("h2").string # cve idcve_description = table.find_all("tr")[3].find("td").string # cve 介绍print "[+] cve漏洞编号:",cve_idif str(cve_description).find(''') != -1:cve_description = str(cve_description).replace(''', '')print('替换特殊字符处理--'')print(str(cve_description))if any(component in str(cve_description) for component in component_lists):oscve = "trans en:zh-CN '"+str(cve_description)+"'|awk 'NR==3 {print $0}'"oscve_zh = os.popen(oscve).read()cvetitle = ''+str(numid)+'.CVE
'cvelist.append(cvetitle)numid=numid+1cvelist.append('vulnerability URL:'
)cvelist.append(cve_url)cvelist.append('cve id:'
)cvelist.append(cve_id)cvelist.append('vulnerability introduction
'
)cvelist.append(str(cve_description))cvelist.append('译文:'
)cvelist.append(oscve_zh)base_url = 'https://nvd.nist.gov/vuln/detail/'+cve_idbase_score = requests.get(base_url,headers=headers,timeout=60)response_score = base_score.textsoup_score = BeautifulSoup(response_score,'lxml')soup_score_div = soup_score.find("div",id="p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Vuln3CvssPanel")soup_score_tag = soup_score_div.find_all(id=re.compile("p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_VulnerabilityDetail_VulnFormView_Cvss3NistCalculatorAnchor*"))[0].stringprint(soup_score_tag)print("[+] cve漏洞等级:"+soup_score_tag)cvelist.append('cve漏洞等级:'
)cvelist.append(soup_score_tag)cvelist.append(' ')else:print('No Date')mail_host=" " #设置服务器mail_user=" " #用户名mail_pass=" " #口令sender = ' ' #发件人receivers = [' '] #收件人mail_msg=''.join(cvelist)message = MIMEText(mail_msg, 'html', 'utf-8')message['From'] = "{}".format(sender)message['To'] = ",".join(receivers)subject = yesterday+'CVE收录新增漏洞'message['Subject'] = Header(subject, 'utf-8')try:smtpObj = smtplib.SMTP_SSL(mail_host, 465)smtpObj.login(mail_user, mail_pass)smtpObj.sendmail(sender, receivers, message.as_string())print "邮件发送成功"except smtplib.SMTPException:print "Error: 无法发送邮件"def main():get_cve_info()if __name__ == "__main__":main()
请根据自己的情况填写邮箱,由于爬取CVE的网站是每天17:02更新漏洞,所以每天早上获取漏洞的小伙伴记得要采用变量,每天晚上获取漏洞的小伙伴采用today即可。
效果如下:
*本文原创作者:煜阳,本文属于原创奖励计划,未经许可禁止转载
限时特惠:本站持续每日更新海量各大内部创业课程,一年会员仅需要98元,全站资源免费下载
点击查看详情
站长微信:Jiucxh
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
