添加详细说明并优化程序

This commit is contained in:
MasonLiu 2024-12-05 09:49:17 +08:00
parent 3e55ce4f5e
commit 178d3fff40
21 changed files with 256 additions and 242 deletions

11
Core.py
View File

@ -16,15 +16,12 @@ from GotoSend_freebuf import Src_freebuf
from GotoSend_qianxin import Src_qianxin from GotoSend_qianxin import Src_qianxin
# 加载参数 # 加载参数
def get_params():
with open('./config.yaml', 'r', encoding="utf-8") as file: with open('./config.yaml', 'r', encoding="utf-8") as file:
config = yaml.safe_load(file) config = yaml.safe_load(file)
sleep_time = int(f"{config['sleep_time']}") # sleep_time = int(f"{config['sleep_time']}")
e_hour = int(f"{config['e_hour']}") e_hour = int(f"{config['e_hour']}")
return sleep_time, e_hour
sleep_time, e_hour = get_params()
def crab_job(): def crab_job():
print("正在启动各爬虫并获取资源中...") print("正在启动各爬虫并获取资源中...")

View File

@ -1,4 +1,188 @@
[ [
{
"title": "【Linux运维】宝塔环境升级HTTP/3",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMzIwNTY1OA==&mid=2247509575&idx=1&sn=94ea87716de2777f60f8187050014cfb",
"description": "本文简单的为大家分享如何在宝塔环境中如何升级http/3协议。",
"author": "kali笔记",
"category": "kali笔记",
"pubDate": "2024-12-05T09:12:03"
},
{
"title": "资产收集常用工具以及思路总结",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzMjIxNjExNg==&mid=2247485972&idx=1&sn=bd5d2a38ea67d7ed891e03e356d17c52",
"description": "这些常用的资产收集工具和思路你都了解并经常使用么?",
"author": "沃克学安全",
"category": "沃克学安全",
"pubDate": "2024-12-05T09:03:47"
},
{
"title": "CISA 警告 Zyxel 防火墙漏洞可能被利用进行攻击",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793379&idx=3&sn=62ee6dd06f47c5b1777c48cd0a47a9fa",
"description": "CISA 警告多款 Zyxel 防火墙设备中的路径遍历漏洞被积极利用。",
"author": "军哥网络安全读报",
"category": "军哥网络安全读报",
"pubDate": "2024-12-05T09:00:58"
},
{
"title": "记两次内网入侵溯源的真实案例",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMTUyMjUxMw==&mid=2247523029&idx=1&sn=2f33efd5da4783fc615dbbb96086cd73",
"description": "记两次内网入侵溯源的真实案例",
"author": "猫蛋儿安全",
"category": "猫蛋儿安全",
"pubDate": "2024-12-05T09:00:09"
},
{
"title": "实战红蓝谈一谈NSmartProxy流量特征在实战中的表现",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247485956&idx=1&sn=3471aaf7c173b144ec8beee719616a67",
"description": null,
"author": "神农Sec",
"category": "神农Sec",
"pubDate": "2024-12-05T08:32:38"
},
{
"title": "Linux应急响应检查工具【单机终极版】",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247492906&idx=1&sn=1bac25e1425fc528f71e7ed0ab1e3485",
"description": null,
"author": "夜组安全",
"category": "夜组安全",
"pubDate": "2024-12-05T08:04:28"
},
{
"title": "漏洞预警 | GitLab权限提升漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491639&idx=1&sn=39e40ca6d804352e6d20235db2217c6f",
"description": "GitLab存在权限提升漏洞由于GitLab中对LFS令牌的权限管理不当当攻击者获取目标用户的个人访问令牌后可以进一步滥用该PAT生成的LFS令牌利用该漏洞实现权限提升从而可能导致敏感信息泄露或执行未授权操作。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-05T08:03:24"
},
{
"title": "漏洞预警 | 用友NC SQL注入漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491639&idx=2&sn=ef0f15d92963fe62bd06df07429f9bce",
"description": "用友NC的/portal/pt/task/process接口存在SQL注入漏洞攻击者通过利用SQL注入漏洞配合数据库xp cmdshel可以执行任意命令从而控制服务器。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-12-05T08:03:24"
},
{
"title": "移动安全框架 (MobSF) 存在存储型XSS漏洞 | CVE-2024-53999",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247509613&idx=1&sn=3d46d512c0ea527fdba9869e770416e8",
"description": null,
"author": "李白你好",
"category": "李白你好",
"pubDate": "2024-12-05T08:01:27"
},
{
"title": "API安全漏洞靶场crapi漏洞复现",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486893&idx=1&sn=4910174c4a8925e18aae62644f0d7dec",
"description": "通过该靶场学习以及分析当前常用的API技术以及该技术中存在的安全问题。",
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-05T07:55:38"
},
{
"title": "Kubelet端口未授权深入利用",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247493754&idx=2&sn=fdfca15ecb8b98bcd7d1e97201b26bdd",
"description": "漏洞描述K8s Node对外开启10250(Kubelet API)和10255端口(readonly AP",
"author": "七芒星实验室",
"category": "七芒星实验室",
"pubDate": "2024-12-05T07:02:55"
},
{
"title": "思科ASA漏洞CVE-2014-2120当前正在被利用攻击",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247492872&idx=1&sn=63eff1dd884f77fb706066595cc12e75",
"description": null,
"author": "黑猫安全",
"category": "黑猫安全",
"pubDate": "2024-12-05T07:01:27"
},
{
"title": "浅谈常见中间人攻击",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MzkwNDU1Mw==&mid=2247485363&idx=1&sn=3724a1da9ae81f364c92137a4175198a",
"description": null,
"author": "信安路漫漫",
"category": "信安路漫漫",
"pubDate": "2024-12-05T07:00:44"
},
{
"title": "哥斯拉源码解读+如何绕过waf检测",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517466&idx=1&sn=925493f67805f6648aa9d36a4185c46b",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2024-12-05T02:00:55"
},
{
"title": "版本更新 | 单文件一键击溃火绒进程 v1.1发布!",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247491559&idx=1&sn=80e7f6359e4fb08a364c31e2ccd5c59a",
"description": "单文件一键击溃火绒进程 v1.1发布!\\\\x0d\\\\x0a使用资源文件嵌入驱动避免直接依赖外部文件\\\\x0d\\\\x0a替换旧版本驱动文件旧版本驱动证书已过期",
"author": "星落安全团队",
"category": "星落安全团队",
"pubDate": "2024-12-05T00:00:59"
},
{
"title": "红蓝队病毒木马监控辅助工具12月3日更新",
"link": "https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247498820&idx=1&sn=2725bb5cbcb5e76e638a7e1c8836a0c7",
"description": null,
"author": "网络安全者",
"category": "网络安全者",
"pubDate": "2024-12-05T00:00:13"
},
{
"title": "最新Nessus2024.12.04版本主机漏洞扫描/探测工具下载|近期漏洞合集更新",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODE2MjkxMQ==&mid=2247489275&idx=1&sn=363d8f9e531b932bd18c27d845f83a21",
"description": "Nessus号称是世界上最流行的漏洞扫描程序全世界有超过75000个组织在使用它。该工具提供完整的电脑漏洞扫描服务并随时更新其漏洞数据库。Nessus不同于传统的漏洞扫描软件Nessus可同时在本机或远端上遥控进行系统的漏洞分析扫描",
"author": "渗透安全HackTwo",
"category": "渗透安全HackTwo",
"pubDate": "2024-12-05T00:00:12"
},
{
"title": "新型 Android 恶意软件 DroidBot 瞄准欧洲银行用户",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNDM4OTM3OQ==&mid=2247504934&idx=3&sn=09e44a53225b47183d331f0328fab9e4",
"description": null,
"author": "网络研究观",
"category": "网络研究观",
"pubDate": "2024-12-04T23:48:33"
},
{
"title": "Zabbix api_jsonrpc.php接口存在SQL注入漏洞CVE-2024-42327 附POC",
"link": "https://mp.weixin.qq.com/s?__biz=MzIxMjEzMDkyMA==&mid=2247487930&idx=1&sn=589b3837a2dc8ff72e861b99f6947f5d",
"description": null,
"author": "南风漏洞复现文库",
"category": "南风漏洞复现文库",
"pubDate": "2024-12-04T23:08:58"
},
{
"title": "工具集HeavenlyBypassAV免杀工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484771&idx=1&sn=edb658df8647f36d20266189ef2f35e3",
"description": null,
"author": "风铃Sec",
"category": "风铃Sec",
"pubDate": "2024-12-04T22:15:59"
},
{
"title": "一种巧妙内核级可绕过EDR的入侵手段",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxOTUyOTc0NQ==&mid=2247492675&idx=1&sn=2976f9793011ea7dacce961cadd32530",
"description": "这种攻击方式被称为BYOVD攻击, BYOVD 攻击的核心是攻击者将一个已知存在漏洞的内核驱动程序写入磁盘并加载,然后利用该漏洞执行特权操作。这些操作可能包括终止安全产品、绕过 EDR 防篡改保护、提取特权进程信息。",
"author": "二进制空间安全",
"category": "二进制空间安全",
"pubDate": "2024-12-04T21:45:51"
},
{
"title": "钓鱼网页散播银狐木马,远控后门威胁终端安全",
"link": "https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247520783&idx=1&sn=e6d18857c2b21d1bc8b80636051ff403",
"description": null,
"author": "火绒安全",
"category": "火绒安全",
"pubDate": "2024-12-04T21:44:58"
},
{
"title": "微软驱动程序关键漏洞已被APT组织利用",
"link": "https://mp.weixin.qq.com/s?__biz=MzI5NTM4OTQ5Mg==&mid=2247632689&idx=3&sn=3c9e08e5af95f26a73913ce6e7ded2bc",
"description": null,
"author": "商密君",
"category": "商密君",
"pubDate": "2024-12-04T20:25:28"
},
{ {
"title": "微软驱动程序关键漏洞已被APT组织利用", "title": "微软驱动程序关键漏洞已被APT组织利用",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308802&idx=1&sn=ed99bbd47f1003dc1db38fa05309efca", "link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308802&idx=1&sn=ed99bbd47f1003dc1db38fa05309efca",
@ -207,6 +391,22 @@
"category": "白帽子左一", "category": "白帽子左一",
"pubDate": "2024-12-04T12:02:44" "pubDate": "2024-12-04T12:02:44"
}, },
{
"title": "干货|一文搞懂加密流量检测的解决方法和技术细节",
"link": "https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651247107&idx=2&sn=14422cc225f026b33245b6fe143ea536",
"description": null,
"author": "e安在线",
"category": "e安在线",
"pubDate": "2024-12-04T11:32:47"
},
{
"title": "系统文件管理行为漏洞导致本地提权",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0OTU2ODQ4Mw==&mid=2247486517&idx=1&sn=388de17165c44f34a9aa9f95be1ac96f",
"description": "文章从两个C语言底层函数出发分析在处理文件时缺少对符号链接的严格检测导致macOS的隐私绕过与本地提权及缓解方案。",
"author": "奇安信天工实验室",
"category": "奇安信天工实验室",
"pubDate": "2024-12-04T11:30:51"
},
{ {
"title": "一文学会fastjson漏洞", "title": "一文学会fastjson漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484160&idx=1&sn=768fc0310477001e491b83ee2ccdbd59", "link": "https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484160&idx=1&sn=768fc0310477001e491b83ee2ccdbd59",
@ -455,6 +655,14 @@
"category": "Ting的安全笔记", "category": "Ting的安全笔记",
"pubDate": "2024-12-03T18:59:24" "pubDate": "2024-12-03T18:59:24"
}, },
{
"title": "11月漏洞快报 | Apache OFBiz 表达式注入漏洞、Oracle 文件泄露漏洞...",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NzE0NTIxMg==&mid=2651134656&idx=2&sn=64e0a5818023dfe7a4f9a1c5e1101a01",
"description": null,
"author": "梆梆安全",
"category": "梆梆安全",
"pubDate": "2024-12-03T17:54:30"
},
{ {
"title": "无文件攻击的恶意软件加载器PSLoramyra技术分析", "title": "无文件攻击的恶意软件加载器PSLoramyra技术分析",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492450&idx=1&sn=e25fe33cdbf7b2905dddbe3f503934ad", "link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492450&idx=1&sn=e25fe33cdbf7b2905dddbe3f503934ad",
@ -487,6 +695,14 @@
"category": "Ots安全", "category": "Ots安全",
"pubDate": "2024-12-03T17:30:13" "pubDate": "2024-12-03T17:30:13"
}, },
{
"title": "【技术分享】从网站搭建到木马免杀捆绑与拿shell全过程",
"link": "https://mp.weixin.qq.com/s?__biz=MzIyNTIxNDA1Ng==&mid=2659211256&idx=1&sn=7be75392df645155a215faa354d98e14",
"description": null,
"author": "暗影网安实验室",
"category": "暗影网安实验室",
"pubDate": "2024-12-03T17:20:54"
},
{ {
"title": "【免杀+钓鱼】钓鱼页面搭建+免杀捆绑拿shell", "title": "【免杀+钓鱼】钓鱼页面搭建+免杀捆绑拿shell",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxMDc0MTc5Mw==&mid=2247483778&idx=1&sn=617673eea861e0f39c1b0c1f5e976558", "link": "https://mp.weixin.qq.com/s?__biz=MzkxMDc0MTc5Mw==&mid=2247483778&idx=1&sn=617673eea861e0f39c1b0c1f5e976558",
@ -1382,221 +1598,5 @@
"author": "信安百科", "author": "信安百科",
"category": "信安百科", "category": "信安百科",
"pubDate": "2024-12-01T09:30:50" "pubDate": "2024-12-01T09:30:50"
},
{
"title": "MSSQL 易受表情符号字符串攻击",
"link": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247492773&idx=2&sn=356e6eb678864f0c70a40e74e70059a7",
"description": null,
"author": "独眼情报",
"category": "独眼情报",
"pubDate": "2024-12-01T09:01:33"
},
{
"title": "DOME - 子域枚举开源工具",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247488427&idx=1&sn=ac04df3251c75fcf833990f391ea0cf5",
"description": null,
"author": "白帽学子",
"category": "白帽学子",
"pubDate": "2024-12-01T08:11:26"
},
{
"title": "实战 | 某院校小程序记录",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247486882&idx=1&sn=e671f66e3e175873a54dd828b009a94c",
"description": null,
"author": "进击的HACK",
"category": "进击的HACK",
"pubDate": "2024-12-01T07:55:21"
},
{
"title": "Advantech工业级Wi-Fi接入点多个安全漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzUxMjc0MTE3Mw==&mid=2247494775&idx=1&sn=663d228539b8c7d0207554d994968758",
"description": "Advantech EKI 系列工业级 Wi-Fi 接入点中,发现了多达 20 个安全漏洞,其中 6 个漏洞被标记为关键漏洞。这些漏洞可能允许攻击者绕过身份验证、执行恶意代码,并可能完全控制受影响的设备。",
"author": "锋刃科技",
"category": "锋刃科技",
"pubDate": "2024-12-01T02:13:29"
},
{
"title": "Java Filter型 Tomcat内存马",
"link": "https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247517399&idx=1&sn=678b5cf4e766af4700f802cebbed227b",
"description": null,
"author": "船山信安",
"category": "船山信安",
"pubDate": "2024-12-01T00:22:06"
},
{
"title": "免杀马为何无法在他人机器上线?",
"link": "https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247495843&idx=2&sn=b4b42603bfc2c59f9c71ebb1e6eb471d",
"description": "编写好的免杀马本地双击执行运行没有问题但是通过webshell传输或远程下载到对方主机后执行却没有任何上线反应。",
"author": "Khan安全攻防实验室",
"category": "Khan安全攻防实验室",
"pubDate": "2024-12-01T00:01:16"
},
{
"title": "一款内存马检测工具",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247486188&idx=1&sn=6d66d60b58ab897f28653e3d8d6b060d",
"description": null,
"author": "TtTeam",
"category": "TtTeam",
"pubDate": "2024-11-30T22:46:18"
},
{
"title": "攻防实战-fuzz上传接口到内网",
"link": "https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247496445&idx=1&sn=5dada7b97b53d2949eda0c804ef64b96",
"description": null,
"author": "迪哥讲事",
"category": "迪哥讲事",
"pubDate": "2024-11-30T22:36:52"
},
{
"title": "针对中文和越南语用户的新型恶意软件“CleverSoar”",
"link": "https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492444&idx=1&sn=c1acace85acaab5c9d17e390fbe5fa27",
"description": "近日一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。",
"author": "白泽安全实验室",
"category": "白泽安全实验室",
"pubDate": "2024-11-30T20:46:16"
},
{
"title": "从 LFI 到 RCE 的旅程!!!",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3NTk4MzY0MA==&mid=2247487651&idx=1&sn=a9782b91db81e5ea2f469639d77d348d",
"description": null,
"author": "琴音安全",
"category": "琴音安全",
"pubDate": "2024-11-30T19:19:04"
},
{
"title": "CVE-2024-48307JeecgBoot SQL 注入漏洞POC",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2ODcxMjYzMA==&mid=2247485712&idx=1&sn=34d09311081e1ccdcc96464b3824f719",
"description": "CVE-2024-48307JeecgBoot SQL 注入漏洞POC",
"author": "信安百科",
"category": "信安百科",
"pubDate": "2024-11-30T18:00:13"
},
{
"title": "微信4.0聊天记录数据库文件解密分析",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458584587&idx=1&sn=bd672102f10e062f90cd9276a1d2ca2f",
"description": "看雪论坛作者IDtechliu",
"author": "看雪学苑",
"category": "看雪学苑",
"pubDate": "2024-11-30T17:59:42"
},
{
"title": "CVE-2024-11477: 7Zip 中的“代码执行”漏洞 Writeup",
"link": "https://mp.weixin.qq.com/s?__biz=MzAxODM5ODQzNQ==&mid=2247485494&idx=1&sn=c9d6028a35da67abc3c0a4ae39c4383d",
"description": null,
"author": "securitainment",
"category": "securitainment",
"pubDate": "2024-11-30T17:17:00"
},
{
"title": "PE文件结构-DOS头部&DOS stub",
"link": "https://mp.weixin.qq.com/s?__biz=Mzk0MjY1ODE5Mg==&mid=2247484743&idx=1&sn=ff670183241515ace4f11069609c870a",
"description": null,
"author": "风铃Sec",
"category": "风铃Sec",
"pubDate": "2024-11-30T16:23:56"
},
{
"title": "免杀—Sysmon Bypass",
"link": "https://mp.weixin.qq.com/s?__biz=MzkyODY3NjkyNQ==&mid=2247484329&idx=1&sn=97180b4e66f5712766311ebdd90312ba",
"description": "免杀之Sysmon Bypass",
"author": "Ting的安全笔记",
"category": "Ting的安全笔记",
"pubDate": "2024-11-30T15:51:31"
},
{
"title": "Docker Registry 未授权访问漏洞利用(工具+利用思路)",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg2MTg2NzI5OA==&mid=2247484746&idx=1&sn=fc5e8cfb4ee4912ca505e0adde2012ea",
"description": "Docker Registry 未授权访问漏洞利用(工具+利用思路)",
"author": "黑熊安全",
"category": "黑熊安全",
"pubDate": "2024-11-30T15:09:07"
},
{
"title": "从 LFI 到 RCE 的旅程!!!",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247484119&idx=1&sn=c39d95f9cf5532ea16ca05fd549f5fcb",
"description": null,
"author": "富贵安全",
"category": "富贵安全",
"pubDate": "2024-11-30T12:15:57"
},
{
"title": "基于DNS CNAME类型记录的XSS",
"link": "https://mp.weixin.qq.com/s?__biz=MzkxNTY3MTE5MA==&mid=2247485547&idx=1&sn=95919c9b7c476e946d3440b27dea7083",
"description": null,
"author": "星空网络安全",
"category": "星空网络安全",
"pubDate": "2024-11-30T12:08:38"
},
{
"title": "记一次框架利用接管学工系统",
"link": "https://mp.weixin.qq.com/s?__biz=MzUyODkwNDIyMg==&mid=2247545536&idx=1&sn=1896fad11838d044b00a64c75dfdb7cf",
"description": null,
"author": "掌控安全EDU",
"category": "掌控安全EDU",
"pubDate": "2024-11-30T12:02:46"
},
{
"title": "知名工业WiFi接入点被曝存在20多个漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308588&idx=3&sn=507f9cfa85259269aad5b20cdc369747",
"description": "Advantech工业级无线接入点设备被曝光存在近二十个安全漏洞。",
"author": "FreeBuf",
"category": "FreeBuf",
"pubDate": "2024-11-30T10:02:13"
},
{
"title": "DICOMHawk用于检测和记录未经授权访问尝试的蜜罐系统",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651308588&idx=4&sn=e8d31b9dfca8249e83e10d731c975e7a",
"description": "该工具可以帮助广大研究人员检测和记录未经授权的访问尝试。",
"author": "FreeBuf",
"category": "FreeBuf",
"pubDate": "2024-11-30T10:02:13"
},
{
"title": "Windows驱动程序暴整数溢出漏洞可致权限提升",
"link": "https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655260600&idx=2&sn=d45fcadd0c225f99fa9553f8b67beeb0",
"description": null,
"author": "计算机与网络安全",
"category": "计算机与网络安全",
"pubDate": "2024-11-30T09:57:46"
},
{
"title": "记一次autodecode aes解密渗透实战",
"link": "https://mp.weixin.qq.com/s?__biz=MzIwMjUyNDM0OA==&mid=2247485758&idx=1&sn=ceb53d7f248bdb6829047e68ea8c3b56",
"description": null,
"author": "ListSec",
"category": "ListSec",
"pubDate": "2024-11-30T09:37:41"
},
{
"title": "某众测记录|细心 = or ≠ 漏洞 ",
"link": "https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247491120&idx=1&sn=8db3b58d4bf3b995f085d9bb757a355f",
"description": null,
"author": "实战安全研究",
"category": "实战安全研究",
"pubDate": "2024-11-30T09:03:22"
},
{
"title": "网络钓鱼服务“Rockstar 2FA”利用 AiTM 攻击瞄准 Microsoft 365 用户",
"link": "https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649793322&idx=2&sn=825623d5d2889860d29af04cc1f4a6e9",
"description": "足以以假乱真的钓鱼网络服务利用中间人攻击。",
"author": "军哥网络安全读报",
"category": "军哥网络安全读报",
"pubDate": "2024-11-30T09:01:02"
},
{
"title": "漏洞预警 | 西迪特Wi-Fi Web管理系统远程命令执行和登录绕过漏洞",
"link": "https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247491603&idx=3&sn=677995c6d32ab004efcf3e5216b28147",
"description": "西迪特Wi-Fi Web管理系统存在远程命令执行和登录绕过漏洞攻击者可通过该漏洞执行任意命令、接管该服务建议相关用户及时更新。",
"author": "浅安安全",
"category": "浅安安全",
"pubDate": "2024-11-30T08:00:24"
},
{
"title": "Ubuntu Linux 受到“需要重启”漏洞的影响,该漏洞会导致本地提权到 root",
"link": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247491684&idx=1&sn=a4cd67263f4e366037fdcace8843b6c2",
"description": null,
"author": "犀牛安全",
"category": "犀牛安全",
"pubDate": "2024-11-30T00:01:29"
} }
] ]

View File

@ -1,4 +1,12 @@
[ [
{
"title": "FreeBuf早报 | 今年黑客已窃取 14.9 亿美元加密货币Cloudflare开发人员域正被滥用",
"link": "https://www.freebuf.com/news/416863.html",
"description": "Web3 漏洞赏金平台 Immunefi 的一份新报告显示2024 年迄今已记录了近 14.9 亿美元的加密货币损失,主要是由于黑客事件。",
"body": "<h2 id=\"h2-1\">全球动态</h2><h3 id=\"h3-1\">1. 中国多个协会声明:美国芯片不再安全、不再可靠,慎用</h3><p>中国互联网协会、中国半导体行业协会、中汽协、中国通信企业协会齐发声,谨慎采购美国芯片。 【<a href=\"https://www.secrss.com/articles/73037\"><u>阅读原文</u></a>】</p><h3 id=\"h3-2\">",
"category": "资讯",
"pubDate": "Wed, 04 Dec 2024 17:35:23 +0800"
},
{ {
"title": "立即修复微软驱动程序关键漏洞已被APT组织利用", "title": "立即修复微软驱动程序关键漏洞已被APT组织利用",
"link": "https://www.freebuf.com/news/416830.html", "link": "https://www.freebuf.com/news/416830.html",
@ -150,13 +158,5 @@
"body": "<p>尽管全球针对网络安全公司的投资在 2022 年底开始放缓,但以色列网络安全产业的强劲表现超出了当地预期和全球经济挑战,即便该国还面临加沙地区局势不断升温的背景。</p><p><img src=\"https://image.3001.net/images/20241129/1732851509_674937350dad0e86a3396.png!small\" width=\"690\" heigh", "body": "<p>尽管全球针对网络安全公司的投资在 2022 年底开始放缓,但以色列网络安全产业的强劲表现超出了当地预期和全球经济挑战,即便该国还面临加沙地区局势不断升温的背景。</p><p><img src=\"https://image.3001.net/images/20241129/1732851509_674937350dad0e86a3396.png!small\" width=\"690\" heigh",
"category": "资讯", "category": "资讯",
"pubDate": "Fri, 29 Nov 2024 11:34:47 +0800" "pubDate": "Fri, 29 Nov 2024 11:34:47 +0800"
},
{
"title": "Tor 需要 200 个新的 WebTunnel 桥来对抗审查",
"link": "https://www.freebuf.com/news/416499.html",
"description": "Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥以对抗政府审查。目前Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。Tor 项目认为,设置更多的 WebTunnel 网桥是对俄罗斯日益严格的审查",
"body": "<p>Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥以对抗政府审查。目前Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。</p><p>Tor 项目认为,设置更多的 WebTunnel 网桥是对",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 11:33:37 +0800"
} }
] ]

View File

@ -1,4 +1,11 @@
[ [
{
"guid": "https://forum.butian.net/share/3913",
"title": "qemu逃逸入门及例题复现",
"description": "本文章详细记录了笔者对qemu逃逸的理解同时复现了两个经典的CTF中的qemu逃逸的题目详细记录了复现的过程希望对你学习qemu逃逸有所帮助",
"source": "subject",
"pubDate": "2024-12-05 09:36:56"
},
{ {
"guid": "https://forum.butian.net/share/3912", "guid": "https://forum.butian.net/share/3912",
"title": "基于ptrace的沙箱绕过", "title": "基于ptrace的沙箱绕过",
@ -61,12 +68,5 @@
"description": "ksmbd 条件竞争漏洞挖掘:思路与案例\n本文介绍从代码审计的角度分析、挖掘条件竞争、UAF 漏洞思路,并以 ksmbd 为实例介绍审计的过程和几个经典漏洞案例。\n分析代码版本为linux-6.5.5\n相关漏...", "description": "ksmbd 条件竞争漏洞挖掘:思路与案例\n本文介绍从代码审计的角度分析、挖掘条件竞争、UAF 漏洞思路,并以 ksmbd 为实例介绍审计的过程和几个经典漏洞案例。\n分析代码版本为linux-6.5.5\n相关漏...",
"source": "subject", "source": "subject",
"pubDate": "2024-11-27 10:00:01" "pubDate": "2024-11-27 10:00:01"
},
{
"guid": "https://forum.butian.net/share/3915",
"title": "利用js挖掘漏洞",
"description": "在漏洞挖掘中通过对js的挖掘可发现诸多安全问题此文章主要记录学习如何利用JS测试以及加密参数逆向相关的漏洞挖掘。",
"source": "subject",
"pubDate": "2024-11-26 09:37:28"
} }
] ]

View File

@ -4,6 +4,24 @@ RSS订阅链接来源https://github.com/zhengjim/Chinese-Security-RSS <br>
使用python-json进行格式化然后使用飞书webhook机器人进行发送 <br> 使用python-json进行格式化然后使用飞书webhook机器人进行发送 <br>
config.yaml可指定大部分可能需要的参数 <br> config.yaml可指定大部分可能需要的参数 <br>
<br>
### 使用方法: ### 使用方法:
先下载支持库:`pip install -r requirements.txt` <br> 先下载支持库:`pip install -r requirements.txt` <br>
随后便可直接运行:`python Core.py` <br> 随后便可直接运行:`python Core.py` <br>
<br>
### 配置
首先先在飞书中创建群组然后再创建WebHook机器人 <br>
![群组](./imgs/group.jpg) <br>
![添加机器人](./imgs/add_bot.jpg) <br>
随后在配置机器人时可打开签名验证您也可自行选择IP白名单 <br>
![机器人配置](./imgs/bot_config.jpg) <br>
再之后将配置信息填入config.yaml文件当中 <br>
![配置](./imgs/config.jpg) <br>
那么选择,您就可以开始运行使用了。 <br>
<br>
### 运行结果
![飞书展示](./imgs/start.jpg) <br>
![后端展示](./imgs/run.jpg) <br>

Binary file not shown.

Binary file not shown.

View File

@ -1,5 +1,4 @@
key: 22b68f21-def4-4bd5-96eb-71d78ee995f7 key: aa04a02f-d7bf-4279-bd48-44c4f28c8f74
secret: 9gE9j1kT5bh9HvCyoPcIHc secret: 4tq65T4jm1MO2IlxvHxBWe
sleep_time: 35 # 秒数
# 结算时间范围 # 结算时间范围
e_hour: 4 # 程序运行时间间隔 e_hour: 4 # 程序运行时间间隔

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
imgs/add_bot.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 267 KiB

BIN
imgs/bot_config.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 113 KiB

BIN
imgs/config.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

BIN
imgs/group.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 147 KiB

BIN
imgs/run.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 117 KiB

BIN
imgs/start.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 95 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 53 KiB