添加详细说明并优化程序
7
Core.py
@ -16,15 +16,12 @@ from GotoSend_freebuf import Src_freebuf
|
|||||||
from GotoSend_qianxin import Src_qianxin
|
from GotoSend_qianxin import Src_qianxin
|
||||||
|
|
||||||
# 加载参数
|
# 加载参数
|
||||||
def get_params():
|
|
||||||
with open('./config.yaml', 'r', encoding="utf-8") as file:
|
with open('./config.yaml', 'r', encoding="utf-8") as file:
|
||||||
config = yaml.safe_load(file)
|
config = yaml.safe_load(file)
|
||||||
sleep_time = int(f"{config['sleep_time']}")
|
# sleep_time = int(f"{config['sleep_time']}")
|
||||||
e_hour = int(f"{config['e_hour']}")
|
e_hour = int(f"{config['e_hour']}")
|
||||||
|
|
||||||
return sleep_time, e_hour
|
|
||||||
|
|
||||||
sleep_time, e_hour = get_params()
|
|
||||||
|
|
||||||
def crab_job():
|
def crab_job():
|
||||||
print("正在启动各爬虫并获取资源中...")
|
print("正在启动各爬虫并获取资源中...")
|
||||||
|
@ -1,4 +1,188 @@
|
|||||||
[
|
[
|
||||||
|
{
|
||||||
|
"title": "【Linux运维】宝塔环境升级HTTP/3",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzIwNTY1OA==&mid=2247509575&idx=1&sn=94ea87716de2777f60f8187050014cfb",
|
||||||
|
"description": "本文简单的为大家分享,如何在宝塔环境中如何升级http/3协议。",
|
||||||
|
"author": "kali笔记",
|
||||||
|
"category": "kali笔记",
|
||||||
|
"pubDate": "2024-12-05T09:12:03"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "资产收集常用工具以及思路总结",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMjIxNjExNg==&mid=2247485972&idx=1&sn=bd5d2a38ea67d7ed891e03e356d17c52",
|
||||||
|
"description": "这些常用的资产收集工具和思路你都了解并经常使用么?",
|
||||||
|
"author": "沃克学安全",
|
||||||
|
"category": "沃克学安全",
|
||||||
|
"pubDate": "2024-12-05T09:03:47"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "CISA 警告 Zyxel 防火墙漏洞可能被利用进行攻击",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793379&idx=3&sn=62ee6dd06f47c5b1777c48cd0a47a9fa",
|
||||||
|
"description": "CISA 警告多款 Zyxel 防火墙设备中的路径遍历漏洞被积极利用。",
|
||||||
|
"author": "军哥网络安全读报",
|
||||||
|
"category": "军哥网络安全读报",
|
||||||
|
"pubDate": "2024-12-05T09:00:58"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "记两次内网入侵溯源的真实案例",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMTUyMjUxMw==&mid=2247523029&idx=1&sn=2f33efd5da4783fc615dbbb96086cd73",
|
||||||
|
"description": "记两次内网入侵溯源的真实案例",
|
||||||
|
"author": "猫蛋儿安全",
|
||||||
|
"category": "猫蛋儿安全",
|
||||||
|
"pubDate": "2024-12-05T09:00:09"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "实战红蓝:谈一谈NSmartProxy流量特征在实战中的表现",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247485956&idx=1&sn=3471aaf7c173b144ec8beee719616a67",
|
||||||
|
"description": null,
|
||||||
|
"author": "神农Sec",
|
||||||
|
"category": "神农Sec",
|
||||||
|
"pubDate": "2024-12-05T08:32:38"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Linux应急响应检查工具【单机终极版】",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247492906&idx=1&sn=1bac25e1425fc528f71e7ed0ab1e3485",
|
||||||
|
"description": null,
|
||||||
|
"author": "夜组安全",
|
||||||
|
"category": "夜组安全",
|
||||||
|
"pubDate": "2024-12-05T08:04:28"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "漏洞预警 | GitLab权限提升漏洞",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491639&idx=1&sn=39e40ca6d804352e6d20235db2217c6f",
|
||||||
|
"description": "GitLab存在权限提升漏洞,由于GitLab中对LFS令牌的权限管理不当,当攻击者获取目标用户的个人访问令牌后,可以进一步滥用该PAT生成的LFS令牌,利用该漏洞实现权限提升,从而可能导致敏感信息泄露或执行未授权操作。",
|
||||||
|
"author": "浅安安全",
|
||||||
|
"category": "浅安安全",
|
||||||
|
"pubDate": "2024-12-05T08:03:24"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "漏洞预警 | 用友NC SQL注入漏洞",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491639&idx=2&sn=ef0f15d92963fe62bd06df07429f9bce",
|
||||||
|
"description": "用友NC的/portal/pt/task/process接口存在SQL注入漏洞,攻击者通过利用SQL注入漏洞配合数据库xp cmdshel可以执行任意命令,从而控制服务器。",
|
||||||
|
"author": "浅安安全",
|
||||||
|
"category": "浅安安全",
|
||||||
|
"pubDate": "2024-12-05T08:03:24"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "移动安全框架 (MobSF) 存在存储型XSS漏洞 | CVE-2024-53999",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247509613&idx=1&sn=3d46d512c0ea527fdba9869e770416e8",
|
||||||
|
"description": null,
|
||||||
|
"author": "李白你好",
|
||||||
|
"category": "李白你好",
|
||||||
|
"pubDate": "2024-12-05T08:01:27"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "API安全漏洞靶场crapi漏洞复现",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486893&idx=1&sn=4910174c4a8925e18aae62644f0d7dec",
|
||||||
|
"description": "通过该靶场学习以及分析当前常用的API技术以及该技术中存在的安全问题。",
|
||||||
|
"author": "进击的HACK",
|
||||||
|
"category": "进击的HACK",
|
||||||
|
"pubDate": "2024-12-05T07:55:38"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Kubelet端口未授权深入利用",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493754&idx=2&sn=fdfca15ecb8b98bcd7d1e97201b26bdd",
|
||||||
|
"description": "漏洞描述K8s Node对外开启10250(Kubelet API)和10255端口(readonly AP",
|
||||||
|
"author": "七芒星实验室",
|
||||||
|
"category": "七芒星实验室",
|
||||||
|
"pubDate": "2024-12-05T07:02:55"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "思科ASA漏洞CVE-2014-2120当前正在被利用攻击",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247492872&idx=1&sn=63eff1dd884f77fb706066595cc12e75",
|
||||||
|
"description": null,
|
||||||
|
"author": "黑猫安全",
|
||||||
|
"category": "黑猫安全",
|
||||||
|
"pubDate": "2024-12-05T07:01:27"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "浅谈常见中间人攻击",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MzkwNDU1Mw==&mid=2247485363&idx=1&sn=3724a1da9ae81f364c92137a4175198a",
|
||||||
|
"description": null,
|
||||||
|
"author": "信安路漫漫",
|
||||||
|
"category": "信安路漫漫",
|
||||||
|
"pubDate": "2024-12-05T07:00:44"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "哥斯拉源码解读+如何绕过waf检测",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517466&idx=1&sn=925493f67805f6648aa9d36a4185c46b",
|
||||||
|
"description": null,
|
||||||
|
"author": "船山信安",
|
||||||
|
"category": "船山信安",
|
||||||
|
"pubDate": "2024-12-05T02:00:55"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "版本更新 | 单文件一键击溃火绒进程 v1.1发布!",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491559&idx=1&sn=80e7f6359e4fb08a364c31e2ccd5c59a",
|
||||||
|
"description": "单文件一键击溃火绒进程 v1.1发布!\\\\x0d\\\\x0a使用资源文件嵌入驱动,避免直接依赖外部文件\\\\x0d\\\\x0a替换旧版本驱动文件,旧版本驱动证书已过期",
|
||||||
|
"author": "星落安全团队",
|
||||||
|
"category": "星落安全团队",
|
||||||
|
"pubDate": "2024-12-05T00:00:59"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "红蓝队病毒木马监控辅助工具(12月3日更新)",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247498820&idx=1&sn=2725bb5cbcb5e76e638a7e1c8836a0c7",
|
||||||
|
"description": null,
|
||||||
|
"author": "网络安全者",
|
||||||
|
"category": "网络安全者",
|
||||||
|
"pubDate": "2024-12-05T00:00:13"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "最新Nessus2024.12.04版本主机漏洞扫描/探测工具下载|近期漏洞合集更新",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODE2MjkxMQ==&mid=2247489275&idx=1&sn=363d8f9e531b932bd18c27d845f83a21",
|
||||||
|
"description": "Nessus号称是世界上最流行的漏洞扫描程序,全世界有超过75000个组织在使用它。该工具提供完整的电脑漏洞扫描服务,并随时更新其漏洞数据库。Nessus不同于传统的漏洞扫描软件,Nessus可同时在本机或远端上遥控,进行系统的漏洞分析扫描",
|
||||||
|
"author": "渗透安全HackTwo",
|
||||||
|
"category": "渗透安全HackTwo",
|
||||||
|
"pubDate": "2024-12-05T00:00:12"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "新型 Android 恶意软件 DroidBot 瞄准欧洲银行用户",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247504934&idx=3&sn=09e44a53225b47183d331f0328fab9e4",
|
||||||
|
"description": null,
|
||||||
|
"author": "网络研究观",
|
||||||
|
"category": "网络研究观",
|
||||||
|
"pubDate": "2024-12-04T23:48:33"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Zabbix api_jsonrpc.php接口存在SQL注入漏洞CVE-2024-42327 附POC",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzIxMjEzMDkyMA==&mid=2247487930&idx=1&sn=589b3837a2dc8ff72e861b99f6947f5d",
|
||||||
|
"description": null,
|
||||||
|
"author": "南风漏洞复现文库",
|
||||||
|
"category": "南风漏洞复现文库",
|
||||||
|
"pubDate": "2024-12-04T23:08:58"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "工具集:HeavenlyBypassAV(免杀工具)",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484771&idx=1&sn=edb658df8647f36d20266189ef2f35e3",
|
||||||
|
"description": null,
|
||||||
|
"author": "风铃Sec",
|
||||||
|
"category": "风铃Sec",
|
||||||
|
"pubDate": "2024-12-04T22:15:59"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "一种巧妙内核级可绕过EDR的入侵手段",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492675&idx=1&sn=2976f9793011ea7dacce961cadd32530",
|
||||||
|
"description": "这种攻击方式被称为BYOVD攻击, BYOVD 攻击的核心是攻击者将一个已知存在漏洞的内核驱动程序写入磁盘并加载,然后利用该漏洞执行特权操作。这些操作可能包括终止安全产品、绕过 EDR 防篡改保护、提取特权进程信息。",
|
||||||
|
"author": "二进制空间安全",
|
||||||
|
"category": "二进制空间安全",
|
||||||
|
"pubDate": "2024-12-04T21:45:51"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "钓鱼网页散播银狐木马,远控后门威胁终端安全",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247520783&idx=1&sn=e6d18857c2b21d1bc8b80636051ff403",
|
||||||
|
"description": null,
|
||||||
|
"author": "火绒安全",
|
||||||
|
"category": "火绒安全",
|
||||||
|
"pubDate": "2024-12-04T21:44:58"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "微软驱动程序关键漏洞已被APT组织利用",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247632689&idx=3&sn=3c9e08e5af95f26a73913ce6e7ded2bc",
|
||||||
|
"description": null,
|
||||||
|
"author": "商密君",
|
||||||
|
"category": "商密君",
|
||||||
|
"pubDate": "2024-12-04T20:25:28"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "微软驱动程序关键漏洞已被APT组织利用",
|
"title": "微软驱动程序关键漏洞已被APT组织利用",
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308802&idx=1&sn=ed99bbd47f1003dc1db38fa05309efca",
|
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308802&idx=1&sn=ed99bbd47f1003dc1db38fa05309efca",
|
||||||
@ -207,6 +391,22 @@
|
|||||||
"category": "白帽子左一",
|
"category": "白帽子左一",
|
||||||
"pubDate": "2024-12-04T12:02:44"
|
"pubDate": "2024-12-04T12:02:44"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"title": "干货|一文搞懂加密流量检测的解决方法和技术细节",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247107&idx=2&sn=14422cc225f026b33245b6fe143ea536",
|
||||||
|
"description": null,
|
||||||
|
"author": "e安在线",
|
||||||
|
"category": "e安在线",
|
||||||
|
"pubDate": "2024-12-04T11:32:47"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "系统文件管理行为漏洞导致本地提权",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTU2ODQ4Mw==&mid=2247486517&idx=1&sn=388de17165c44f34a9aa9f95be1ac96f",
|
||||||
|
"description": "文章从两个C语言底层函数出发,分析在处理文件时,缺少对符号链接的严格检测,导致macOS的隐私绕过与本地提权及缓解方案。",
|
||||||
|
"author": "奇安信天工实验室",
|
||||||
|
"category": "奇安信天工实验室",
|
||||||
|
"pubDate": "2024-12-04T11:30:51"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "一文学会fastjson漏洞",
|
"title": "一文学会fastjson漏洞",
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484160&idx=1&sn=768fc0310477001e491b83ee2ccdbd59",
|
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484160&idx=1&sn=768fc0310477001e491b83ee2ccdbd59",
|
||||||
@ -455,6 +655,14 @@
|
|||||||
"category": "Ting丶的安全笔记",
|
"category": "Ting丶的安全笔记",
|
||||||
"pubDate": "2024-12-03T18:59:24"
|
"pubDate": "2024-12-03T18:59:24"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"title": "11月漏洞快报 | Apache OFBiz 表达式注入漏洞、Oracle 文件泄露漏洞...",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NzE0NTIxMg==&mid=2651134656&idx=2&sn=64e0a5818023dfe7a4f9a1c5e1101a01",
|
||||||
|
"description": null,
|
||||||
|
"author": "梆梆安全",
|
||||||
|
"category": "梆梆安全",
|
||||||
|
"pubDate": "2024-12-03T17:54:30"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "无文件攻击的恶意软件加载器:PSLoramyra技术分析",
|
"title": "无文件攻击的恶意软件加载器:PSLoramyra技术分析",
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492450&idx=1&sn=e25fe33cdbf7b2905dddbe3f503934ad",
|
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492450&idx=1&sn=e25fe33cdbf7b2905dddbe3f503934ad",
|
||||||
@ -487,6 +695,14 @@
|
|||||||
"category": "Ots安全",
|
"category": "Ots安全",
|
||||||
"pubDate": "2024-12-03T17:30:13"
|
"pubDate": "2024-12-03T17:30:13"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"title": "【技术分享】从网站搭建到木马免杀捆绑与拿shell全过程",
|
||||||
|
"link": "https://mp.weixin.qq.com/s?__biz=MzIyNTIxNDA1Ng==&mid=2659211256&idx=1&sn=7be75392df645155a215faa354d98e14",
|
||||||
|
"description": null,
|
||||||
|
"author": "暗影网安实验室",
|
||||||
|
"category": "暗影网安实验室",
|
||||||
|
"pubDate": "2024-12-03T17:20:54"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "【免杀+钓鱼】钓鱼页面搭建+免杀捆绑拿shell",
|
"title": "【免杀+钓鱼】钓鱼页面搭建+免杀捆绑拿shell",
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMDc0MTc5Mw==&mid=2247483778&idx=1&sn=617673eea861e0f39c1b0c1f5e976558",
|
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMDc0MTc5Mw==&mid=2247483778&idx=1&sn=617673eea861e0f39c1b0c1f5e976558",
|
||||||
@ -1382,221 +1598,5 @@
|
|||||||
"author": "信安百科",
|
"author": "信安百科",
|
||||||
"category": "信安百科",
|
"category": "信安百科",
|
||||||
"pubDate": "2024-12-01T09:30:50"
|
"pubDate": "2024-12-01T09:30:50"
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "MSSQL 易受表情符号字符串攻击",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492773&idx=2&sn=356e6eb678864f0c70a40e74e70059a7",
|
|
||||||
"description": null,
|
|
||||||
"author": "独眼情报",
|
|
||||||
"category": "独眼情报",
|
|
||||||
"pubDate": "2024-12-01T09:01:33"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "DOME - 子域枚举开源工具",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247488427&idx=1&sn=ac04df3251c75fcf833990f391ea0cf5",
|
|
||||||
"description": null,
|
|
||||||
"author": "白帽学子",
|
|
||||||
"category": "白帽学子",
|
|
||||||
"pubDate": "2024-12-01T08:11:26"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "实战 | 某院校小程序记录",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486882&idx=1&sn=e671f66e3e175873a54dd828b009a94c",
|
|
||||||
"description": null,
|
|
||||||
"author": "进击的HACK",
|
|
||||||
"category": "进击的HACK",
|
|
||||||
"pubDate": "2024-12-01T07:55:21"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "Advantech工业级Wi-Fi接入点多个安全漏洞",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzUxMjc0MTE3Mw==&mid=2247494775&idx=1&sn=663d228539b8c7d0207554d994968758",
|
|
||||||
"description": "Advantech EKI 系列工业级 Wi-Fi 接入点中,发现了多达 20 个安全漏洞,其中 6 个漏洞被标记为关键漏洞。这些漏洞可能允许攻击者绕过身份验证、执行恶意代码,并可能完全控制受影响的设备。",
|
|
||||||
"author": "锋刃科技",
|
|
||||||
"category": "锋刃科技",
|
|
||||||
"pubDate": "2024-12-01T02:13:29"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "Java Filter型 Tomcat内存马",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517399&idx=1&sn=678b5cf4e766af4700f802cebbed227b",
|
|
||||||
"description": null,
|
|
||||||
"author": "船山信安",
|
|
||||||
"category": "船山信安",
|
|
||||||
"pubDate": "2024-12-01T00:22:06"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "免杀马为何无法在他人机器上线?",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247495843&idx=2&sn=b4b42603bfc2c59f9c71ebb1e6eb471d",
|
|
||||||
"description": "编写好的免杀马本地双击执行运行没有问题,但是通过webshell传输或远程下载到对方主机后,执行却没有任何上线反应。",
|
|
||||||
"author": "Khan安全攻防实验室",
|
|
||||||
"category": "Khan安全攻防实验室",
|
|
||||||
"pubDate": "2024-12-01T00:01:16"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "一款内存马检测工具",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486188&idx=1&sn=6d66d60b58ab897f28653e3d8d6b060d",
|
|
||||||
"description": null,
|
|
||||||
"author": "TtTeam",
|
|
||||||
"category": "TtTeam",
|
|
||||||
"pubDate": "2024-11-30T22:46:18"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "攻防实战-fuzz上传接口到内网",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496445&idx=1&sn=5dada7b97b53d2949eda0c804ef64b96",
|
|
||||||
"description": null,
|
|
||||||
"author": "迪哥讲事",
|
|
||||||
"category": "迪哥讲事",
|
|
||||||
"pubDate": "2024-11-30T22:36:52"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "针对中文和越南语用户的新型恶意软件“CleverSoar”",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492444&idx=1&sn=c1acace85acaab5c9d17e390fbe5fa27",
|
|
||||||
"description": "近日,一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。",
|
|
||||||
"author": "白泽安全实验室",
|
|
||||||
"category": "白泽安全实验室",
|
|
||||||
"pubDate": "2024-11-30T20:46:16"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "从 LFI 到 RCE 的旅程!!!",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTk4MzY0MA==&mid=2247487651&idx=1&sn=a9782b91db81e5ea2f469639d77d348d",
|
|
||||||
"description": null,
|
|
||||||
"author": "琴音安全",
|
|
||||||
"category": "琴音安全",
|
|
||||||
"pubDate": "2024-11-30T19:19:04"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "CVE-2024-48307|JeecgBoot SQL 注入漏洞(POC)",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485712&idx=1&sn=34d09311081e1ccdcc96464b3824f719",
|
|
||||||
"description": "CVE-2024-48307|JeecgBoot SQL 注入漏洞(POC)",
|
|
||||||
"author": "信安百科",
|
|
||||||
"category": "信安百科",
|
|
||||||
"pubDate": "2024-11-30T18:00:13"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "微信4.0聊天记录数据库文件解密分析",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458584587&idx=1&sn=bd672102f10e062f90cd9276a1d2ca2f",
|
|
||||||
"description": "看雪论坛作者ID:techliu",
|
|
||||||
"author": "看雪学苑",
|
|
||||||
"category": "看雪学苑",
|
|
||||||
"pubDate": "2024-11-30T17:59:42"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "CVE-2024-11477: 7Zip 中的“代码执行”漏洞 Writeup",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485494&idx=1&sn=c9d6028a35da67abc3c0a4ae39c4383d",
|
|
||||||
"description": null,
|
|
||||||
"author": "securitainment",
|
|
||||||
"category": "securitainment",
|
|
||||||
"pubDate": "2024-11-30T17:17:00"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "PE文件结构-DOS头部&DOS stub",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484743&idx=1&sn=ff670183241515ace4f11069609c870a",
|
|
||||||
"description": null,
|
|
||||||
"author": "风铃Sec",
|
|
||||||
"category": "风铃Sec",
|
|
||||||
"pubDate": "2024-11-30T16:23:56"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "免杀—Sysmon Bypass",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484329&idx=1&sn=97180b4e66f5712766311ebdd90312ba",
|
|
||||||
"description": "免杀之Sysmon Bypass",
|
|
||||||
"author": "Ting丶的安全笔记",
|
|
||||||
"category": "Ting丶的安全笔记",
|
|
||||||
"pubDate": "2024-11-30T15:51:31"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "Docker Registry 未授权访问漏洞利用(工具+利用思路)",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MTg2NzI5OA==&mid=2247484746&idx=1&sn=fc5e8cfb4ee4912ca505e0adde2012ea",
|
|
||||||
"description": "Docker Registry 未授权访问漏洞利用(工具+利用思路)",
|
|
||||||
"author": "黑熊安全",
|
|
||||||
"category": "黑熊安全",
|
|
||||||
"pubDate": "2024-11-30T15:09:07"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "从 LFI 到 RCE 的旅程!!!",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247484119&idx=1&sn=c39d95f9cf5532ea16ca05fd549f5fcb",
|
|
||||||
"description": null,
|
|
||||||
"author": "富贵安全",
|
|
||||||
"category": "富贵安全",
|
|
||||||
"pubDate": "2024-11-30T12:15:57"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "基于DNS CNAME类型记录的XSS",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNTY3MTE5MA==&mid=2247485547&idx=1&sn=95919c9b7c476e946d3440b27dea7083",
|
|
||||||
"description": null,
|
|
||||||
"author": "星空网络安全",
|
|
||||||
"category": "星空网络安全",
|
|
||||||
"pubDate": "2024-11-30T12:08:38"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "记一次框架利用接管学工系统",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247545536&idx=1&sn=1896fad11838d044b00a64c75dfdb7cf",
|
|
||||||
"description": null,
|
|
||||||
"author": "掌控安全EDU",
|
|
||||||
"category": "掌控安全EDU",
|
|
||||||
"pubDate": "2024-11-30T12:02:46"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "知名工业WiFi接入点被曝存在20多个漏洞",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308588&idx=3&sn=507f9cfa85259269aad5b20cdc369747",
|
|
||||||
"description": "Advantech工业级无线接入点设备被曝光存在近二十个安全漏洞。",
|
|
||||||
"author": "FreeBuf",
|
|
||||||
"category": "FreeBuf",
|
|
||||||
"pubDate": "2024-11-30T10:02:13"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "DICOMHawk:用于检测和记录未经授权访问尝试的蜜罐系统",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308588&idx=4&sn=e8d31b9dfca8249e83e10d731c975e7a",
|
|
||||||
"description": "该工具可以帮助广大研究人员检测和记录未经授权的访问尝试。",
|
|
||||||
"author": "FreeBuf",
|
|
||||||
"category": "FreeBuf",
|
|
||||||
"pubDate": "2024-11-30T10:02:13"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "Windows驱动程序暴整数溢出漏洞可致权限提升",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655260600&idx=2&sn=d45fcadd0c225f99fa9553f8b67beeb0",
|
|
||||||
"description": null,
|
|
||||||
"author": "计算机与网络安全",
|
|
||||||
"category": "计算机与网络安全",
|
|
||||||
"pubDate": "2024-11-30T09:57:46"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "记一次autodecode aes解密渗透实战",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzIwMjUyNDM0OA==&mid=2247485758&idx=1&sn=ceb53d7f248bdb6829047e68ea8c3b56",
|
|
||||||
"description": null,
|
|
||||||
"author": "ListSec",
|
|
||||||
"category": "ListSec",
|
|
||||||
"pubDate": "2024-11-30T09:37:41"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "某众测记录|细心 = or ≠ 漏洞 ?",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491120&idx=1&sn=8db3b58d4bf3b995f085d9bb757a355f",
|
|
||||||
"description": null,
|
|
||||||
"author": "实战安全研究",
|
|
||||||
"category": "实战安全研究",
|
|
||||||
"pubDate": "2024-11-30T09:03:22"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "网络钓鱼服务“Rockstar 2FA”利用 AiTM 攻击瞄准 Microsoft 365 用户",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793322&idx=2&sn=825623d5d2889860d29af04cc1f4a6e9",
|
|
||||||
"description": "足以以假乱真的钓鱼网络服务利用中间人攻击。",
|
|
||||||
"author": "军哥网络安全读报",
|
|
||||||
"category": "军哥网络安全读报",
|
|
||||||
"pubDate": "2024-11-30T09:01:02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "漏洞预警 | 西迪特Wi-Fi Web管理系统远程命令执行和登录绕过漏洞",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491603&idx=3&sn=677995c6d32ab004efcf3e5216b28147",
|
|
||||||
"description": "西迪特Wi-Fi Web管理系统存在远程命令执行和登录绕过漏洞,攻击者可通过该漏洞执行任意命令、接管该服务,建议相关用户及时更新。",
|
|
||||||
"author": "浅安安全",
|
|
||||||
"category": "浅安安全",
|
|
||||||
"pubDate": "2024-11-30T08:00:24"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "Ubuntu Linux 受到“需要重启”漏洞的影响,该漏洞会导致本地提权到 root",
|
|
||||||
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491684&idx=1&sn=a4cd67263f4e366037fdcace8843b6c2",
|
|
||||||
"description": null,
|
|
||||||
"author": "犀牛安全",
|
|
||||||
"category": "犀牛安全",
|
|
||||||
"pubDate": "2024-11-30T00:01:29"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
@ -1,4 +1,12 @@
|
|||||||
[
|
[
|
||||||
|
{
|
||||||
|
"title": "FreeBuf早报 | 今年黑客已窃取 14.9 亿美元加密货币;Cloudflare开发人员域正被滥用",
|
||||||
|
"link": "https://www.freebuf.com/news/416863.html",
|
||||||
|
"description": "Web3 漏洞赏金平台 Immunefi 的一份新报告显示,2024 年迄今已记录了近 14.9 亿美元的加密货币损失,主要是由于黑客事件。",
|
||||||
|
"body": "<h2 id=\"h2-1\">全球动态</h2><h3 id=\"h3-1\">1. 中国多个协会声明:美国芯片不再安全、不再可靠,慎用</h3><p>中国互联网协会、中国半导体行业协会、中汽协、中国通信企业协会齐发声,谨慎采购美国芯片。 【<a href=\"https://www.secrss.com/articles/73037\"><u>阅读原文</u></a>】</p><h3 id=\"h3-2\">",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Wed, 04 Dec 2024 17:35:23 +0800"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "立即修复,微软驱动程序关键漏洞已被APT组织利用",
|
"title": "立即修复,微软驱动程序关键漏洞已被APT组织利用",
|
||||||
"link": "https://www.freebuf.com/news/416830.html",
|
"link": "https://www.freebuf.com/news/416830.html",
|
||||||
@ -150,13 +158,5 @@
|
|||||||
"body": "<p>尽管全球针对网络安全公司的投资在 2022 年底开始放缓,但以色列网络安全产业的强劲表现超出了当地预期和全球经济挑战,即便该国还面临加沙地区局势不断升温的背景。</p><p><img src=\"https://image.3001.net/images/20241129/1732851509_674937350dad0e86a3396.png!small\" width=\"690\" heigh",
|
"body": "<p>尽管全球针对网络安全公司的投资在 2022 年底开始放缓,但以色列网络安全产业的强劲表现超出了当地预期和全球经济挑战,即便该国还面临加沙地区局势不断升温的背景。</p><p><img src=\"https://image.3001.net/images/20241129/1732851509_674937350dad0e86a3396.png!small\" width=\"690\" heigh",
|
||||||
"category": "资讯",
|
"category": "资讯",
|
||||||
"pubDate": "Fri, 29 Nov 2024 11:34:47 +0800"
|
"pubDate": "Fri, 29 Nov 2024 11:34:47 +0800"
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "Tor 需要 200 个新的 WebTunnel 桥来对抗审查",
|
|
||||||
"link": "https://www.freebuf.com/news/416499.html",
|
|
||||||
"description": "Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥,以对抗政府审查。目前,Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。Tor 项目认为,设置更多的 WebTunnel 网桥是对俄罗斯日益严格的审查",
|
|
||||||
"body": "<p>Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥,以对抗政府审查。目前,Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。</p><p>Tor 项目认为,设置更多的 WebTunnel 网桥是对",
|
|
||||||
"category": "资讯",
|
|
||||||
"pubDate": "Fri, 29 Nov 2024 11:33:37 +0800"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
@ -1,4 +1,11 @@
|
|||||||
[
|
[
|
||||||
|
{
|
||||||
|
"guid": "https://forum.butian.net/share/3913",
|
||||||
|
"title": "qemu逃逸入门及例题复现",
|
||||||
|
"description": "本文章详细记录了笔者对qemu逃逸的理解,同时复现了两个经典的CTF中的qemu逃逸的题目,详细记录了复现的过程,希望对你学习qemu逃逸有所帮助",
|
||||||
|
"source": "subject",
|
||||||
|
"pubDate": "2024-12-05 09:36:56"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://forum.butian.net/share/3912",
|
"guid": "https://forum.butian.net/share/3912",
|
||||||
"title": "基于ptrace的沙箱绕过",
|
"title": "基于ptrace的沙箱绕过",
|
||||||
@ -61,12 +68,5 @@
|
|||||||
"description": "ksmbd 条件竞争漏洞挖掘:思路与案例\n本文介绍从代码审计的角度分析、挖掘条件竞争、UAF 漏洞思路,并以 ksmbd 为实例介绍审计的过程和几个经典漏洞案例。\n分析代码版本为:linux-6.5.5\n相关漏...",
|
"description": "ksmbd 条件竞争漏洞挖掘:思路与案例\n本文介绍从代码审计的角度分析、挖掘条件竞争、UAF 漏洞思路,并以 ksmbd 为实例介绍审计的过程和几个经典漏洞案例。\n分析代码版本为:linux-6.5.5\n相关漏...",
|
||||||
"source": "subject",
|
"source": "subject",
|
||||||
"pubDate": "2024-11-27 10:00:01"
|
"pubDate": "2024-11-27 10:00:01"
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://forum.butian.net/share/3915",
|
|
||||||
"title": "利用js挖掘漏洞",
|
|
||||||
"description": "在漏洞挖掘中,通过对js的挖掘可发现诸多安全问题,此文章主要记录学习如何利用JS测试以及加密参数逆向相关的漏洞挖掘。",
|
|
||||||
"source": "subject",
|
|
||||||
"pubDate": "2024-11-26 09:37:28"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
18
README.md
@ -4,6 +4,24 @@ RSS订阅链接来源:https://github.com/zhengjim/Chinese-Security-RSS <br>
|
|||||||
使用python-json进行格式化,然后使用飞书webhook机器人进行发送 <br>
|
使用python-json进行格式化,然后使用飞书webhook机器人进行发送 <br>
|
||||||
config.yaml可指定大部分可能需要的参数 <br>
|
config.yaml可指定大部分可能需要的参数 <br>
|
||||||
|
|
||||||
|
<br>
|
||||||
### 使用方法:
|
### 使用方法:
|
||||||
先下载支持库:`pip install -r requirements.txt` <br>
|
先下载支持库:`pip install -r requirements.txt` <br>
|
||||||
随后便可直接运行:`python Core.py` <br>
|
随后便可直接运行:`python Core.py` <br>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
### 配置
|
||||||
|
首先先在飞书中创建群组,然后再创建WebHook机器人 <br>
|
||||||
|
![群组](./imgs/group.jpg) <br>
|
||||||
|
![添加机器人](./imgs/add_bot.jpg) <br>
|
||||||
|
随后,在配置机器人时可打开签名验证(您也可自行选择IP白名单) <br>
|
||||||
|
![机器人配置](./imgs/bot_config.jpg) <br>
|
||||||
|
再之后,将配置信息填入config.yaml文件当中 <br>
|
||||||
|
![配置](./imgs/config.jpg) <br>
|
||||||
|
那么选择,您就可以开始运行使用了。 <br>
|
||||||
|
|
||||||
|
|
||||||
|
<br>
|
||||||
|
### 运行结果
|
||||||
|
![飞书展示](./imgs/start.jpg) <br>
|
||||||
|
![后端展示](./imgs/run.jpg) <br>
|
BIN
__pycache__/GotoSend_freebuf.cpython-312.pyc
Normal file
BIN
__pycache__/GotoSend_qianxin.cpython-312.pyc
Normal file
@ -1,5 +1,4 @@
|
|||||||
key: 22b68f21-def4-4bd5-96eb-71d78ee995f7
|
key: aa04a02f-d7bf-4279-bd48-44c4f28c8f74
|
||||||
secret: 9gE9j1kT5bh9HvCyoPcIHc
|
secret: 4tq65T4jm1MO2IlxvHxBWe
|
||||||
sleep_time: 35 # 秒数
|
|
||||||
# 结算时间范围
|
# 结算时间范围
|
||||||
e_hour: 4 # 程序运行时间间隔
|
e_hour: 4 # 程序运行时间间隔
|
BIN
db/4hou.db
BIN
db/anquanke.db
BIN
db/doonsec.db
BIN
db/freebuf.db
BIN
db/qianxin.db
BIN
db/xianzhi.db
BIN
imgs/add_bot.jpg
Normal file
After Width: | Height: | Size: 267 KiB |
BIN
imgs/bot_config.jpg
Normal file
After Width: | Height: | Size: 113 KiB |
BIN
imgs/config.jpg
Normal file
After Width: | Height: | Size: 24 KiB |
BIN
imgs/group.jpg
Normal file
After Width: | Height: | Size: 147 KiB |
BIN
imgs/run.jpg
Normal file
After Width: | Height: | Size: 117 KiB |
BIN
imgs/start.jpg
Normal file
After Width: | Height: | Size: 95 KiB |
BIN
imgs/首次运行提示.jpg
Before Width: | Height: | Size: 53 KiB |