add qianxin
This commit is contained in:
parent
dd0073b497
commit
6445612e65
51
Core.py
51
Core.py
@ -12,6 +12,8 @@ from GotoSend_4hou import Src_4hou
|
|||||||
from GotoSend_anquanke import Src_anquanke
|
from GotoSend_anquanke import Src_anquanke
|
||||||
from GotoSend_doonsec import Src_doonsec
|
from GotoSend_doonsec import Src_doonsec
|
||||||
from GotoSend_xianzhi import Src_xianzhi
|
from GotoSend_xianzhi import Src_xianzhi
|
||||||
|
from GotoSend_freebuf import Src_freebuf
|
||||||
|
from GotoSend_qianxin import Src_qianxin
|
||||||
|
|
||||||
# 加载参数
|
# 加载参数
|
||||||
def get_params():
|
def get_params():
|
||||||
@ -35,6 +37,8 @@ def send_job(time_1):
|
|||||||
Src_anquanke(time_1)
|
Src_anquanke(time_1)
|
||||||
Src_doonsec(time_1)
|
Src_doonsec(time_1)
|
||||||
Src_xianzhi(time_1)
|
Src_xianzhi(time_1)
|
||||||
|
Src_freebuf(time_1)
|
||||||
|
Src_qianxin(time_1)
|
||||||
|
|
||||||
def signal_handler(sig, frame):
|
def signal_handler(sig, frame):
|
||||||
print("接收到退出信号,程序即将退出...")
|
print("接收到退出信号,程序即将退出...")
|
||||||
@ -46,13 +50,16 @@ signal.signal(signal.SIGTERM, signal_handler) # kill命令
|
|||||||
|
|
||||||
|
|
||||||
def main_loop():
|
def main_loop():
|
||||||
|
n = 1
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
# 执行任务
|
# 执行任务
|
||||||
|
print(f"第{n}次执行,当前时间为:{datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
|
||||||
crab_job()
|
crab_job()
|
||||||
send_job(e_hour)
|
send_job(e_hour)
|
||||||
print("执行完毕,等待下一次执行...")
|
print("执行完毕,等待下一次执行...")
|
||||||
time.sleep(e_hour * 60 * 60 - 60)
|
n += 1
|
||||||
|
time.sleep(e_hour * 60 * 60 - 3 * 60)
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f"发生错误: {e}, 程序已暂停")
|
print(f"发生错误: {e}, 程序已暂停")
|
||||||
@ -72,11 +79,11 @@ def check_rss_status(url):
|
|||||||
|
|
||||||
def test_rss_source():
|
def test_rss_source():
|
||||||
rss_info = ""
|
rss_info = ""
|
||||||
# url_1 = check_rss_status("https://forum.butian.net/Rss")
|
url_1 = check_rss_status("https://forum.butian.net/Rss")
|
||||||
# if url_1 == True:
|
if url_1 == True:
|
||||||
# rss_info += "奇安信 源正常\n"
|
rss_info += "奇安信 源正常\n"
|
||||||
# else:
|
else:
|
||||||
# rss_info += f"奇安信 源异常: {url_1}\n"
|
rss_info += f"奇安信 源异常: {url_1}\n"
|
||||||
|
|
||||||
url_2 = check_rss_status("https://wechat.doonsec.com/bayes_rss.xml")
|
url_2 = check_rss_status("https://wechat.doonsec.com/bayes_rss.xml")
|
||||||
if url_2 == True:
|
if url_2 == True:
|
||||||
@ -84,11 +91,11 @@ def test_rss_source():
|
|||||||
else:
|
else:
|
||||||
rss_info += f"洞见 源异常: {url_2}\n"
|
rss_info += f"洞见 源异常: {url_2}\n"
|
||||||
|
|
||||||
# url_3 = check_rss_status("https://www.huawei.com/cn/rss-feeds/psirt/rss")
|
url_3 = check_rss_status("https://www.huawei.com/cn/rss-feeds/psirt/rss")
|
||||||
# if url_3 == True:
|
if url_3 == True:
|
||||||
# rss_info += "华为 源正常\n"
|
rss_info += "华为 源正常\n"
|
||||||
# else:
|
else:
|
||||||
# rss_info += f"华为 源异常: {url_3}\n"
|
rss_info += f"华为 源异常: {url_3}\n"
|
||||||
|
|
||||||
# url_4 = check_rss_status("https://www.sec_wiki.com/news/rss")
|
# url_4 = check_rss_status("https://www.sec_wiki.com/news/rss")
|
||||||
# if url_4 == True:
|
# if url_4 == True:
|
||||||
@ -108,17 +115,17 @@ def test_rss_source():
|
|||||||
else:
|
else:
|
||||||
rss_info += f"嘶吼 源异常: {url_6}\n"
|
rss_info += f"嘶吼 源异常: {url_6}\n"
|
||||||
|
|
||||||
# url_7 = check_rss_status("https://paper.seebug.org/rss/")
|
url_7 = check_rss_status("https://paper.seebug.org/rss/")
|
||||||
# if url_7 == True:
|
if url_7 == True:
|
||||||
# rss_info += "Seebug社区 源正常\n"
|
rss_info += "Seebug社区 源正常\n"
|
||||||
# else:
|
else:
|
||||||
# rss_info += f"Seebug社区 源异常: {url_7}\n"
|
rss_info += f"Seebug社区 源异常: {url_7}\n"
|
||||||
|
|
||||||
# url_8 = check_rss_status("https://www.freebuf.com/feed")
|
url_8 = check_rss_status("https://www.freebuf.com/feed")
|
||||||
# if url_8 == True:
|
if url_8 == True:
|
||||||
# rss_info += "FreeBuf社区 源正常\n"
|
rss_info += "FreeBuf社区 源正常\n"
|
||||||
# else:
|
else:
|
||||||
# rss_info += f"FreeBuf社区 源异常: {url_8}\n"
|
rss_info += f"FreeBuf社区 源异常: {url_8}\n"
|
||||||
|
|
||||||
url_9 = check_rss_status("https://xz.aliyun.com/feed")
|
url_9 = check_rss_status("https://xz.aliyun.com/feed")
|
||||||
if url_9 == True:
|
if url_9 == True:
|
||||||
@ -135,7 +142,7 @@ if __name__ == "__main__":
|
|||||||
start_info += "程序已启动,当前时间为:" + datetime.now().strftime("%Y-%m-%d %H:%M:%S") + "\n"
|
start_info += "程序已启动,当前时间为:" + datetime.now().strftime("%Y-%m-%d %H:%M:%S") + "\n"
|
||||||
start_info += "程序作者:MasonLiu \t 开源地址:[GM-gitea](https://git.masonliu.com/MasonLiu/PyBot)" + "\n"
|
start_info += "程序作者:MasonLiu \t 开源地址:[GM-gitea](https://git.masonliu.com/MasonLiu/PyBot)" + "\n"
|
||||||
start_info += "时间配置:每隔" + str(e_hour) + "小时执行一次推送\n"
|
start_info += "时间配置:每隔" + str(e_hour) + "小时执行一次推送\n"
|
||||||
start_info += "启用源:\n嘶吼\n洞见微信安全资讯\n安全客\n先知社区\n"
|
start_info += "可启用源:\n嘶吼\n洞见微信安全资讯\n安全客\n先知社区\n"
|
||||||
SendToFeishu(start_info, "程序信息")
|
SendToFeishu(start_info, "程序信息")
|
||||||
# print(start_info)
|
# print(start_info)
|
||||||
SendToFeishu(rss_info, "RSS源状态")
|
SendToFeishu(rss_info, "RSS源状态")
|
||||||
|
134
GotoSend_freebuf.py
Normal file
134
GotoSend_freebuf.py
Normal file
@ -0,0 +1,134 @@
|
|||||||
|
import json
|
||||||
|
import sqlite3
|
||||||
|
import os
|
||||||
|
from datetime import datetime, timedelta
|
||||||
|
from SendBot import SendToFeishu
|
||||||
|
|
||||||
|
def create_database():
|
||||||
|
conn = sqlite3.connect('./db/freebuf.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
cursor.execute('''CREATE TABLE IF NOT EXISTS articles (
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||||
|
title TEXT,
|
||||||
|
link TEXT,
|
||||||
|
description TEXT,
|
||||||
|
pubDate DATETIME,
|
||||||
|
category TEXT
|
||||||
|
)''')
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
def insert_data(data):
|
||||||
|
conn = sqlite3.connect('./db/freebuf.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
for entry in data:
|
||||||
|
try:
|
||||||
|
# 解析 pubDate 字符串为 datetime 对象
|
||||||
|
pub_date = datetime.strptime(entry['pubDate'], '%a, %d %b %Y %H:%M:%S %z')
|
||||||
|
# 格式化 pubDate 为所需的格式
|
||||||
|
formatted_pub_date = pub_date.strftime('%Y-%m-%d %H:%M:%S')
|
||||||
|
except ValueError:
|
||||||
|
# 如果解析失败,使用原始 pubDate 字符串
|
||||||
|
formatted_pub_date = entry['pubDate']
|
||||||
|
|
||||||
|
cursor.execute('''
|
||||||
|
INSERT INTO articles (title, link, description, pubDate, category)
|
||||||
|
VALUES (?, ?, ?, ?, ?)
|
||||||
|
''', (entry['title'], entry['link'], entry['description'], formatted_pub_date, entry['category']))
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
def get_freebuf_json():
|
||||||
|
# 检查文件是否存在
|
||||||
|
if not os.path.exists('./JSON/freebuf.json'):
|
||||||
|
raise FileNotFoundError(f"freebuf.json文件不存在,请检查程序是否运行正常!")
|
||||||
|
|
||||||
|
# 打开并读取JSON文件
|
||||||
|
with open('./JSON/freebuf.json', 'r', encoding='utf-8') as file:
|
||||||
|
data = json.load(file)
|
||||||
|
|
||||||
|
# 假设data是一个包含多个JSON对象的列表
|
||||||
|
if not isinstance(data, list):
|
||||||
|
raise ValueError("JSON文件格式错误,请检查common.py是否异常!")
|
||||||
|
|
||||||
|
# 提取所需字段并编号
|
||||||
|
total_data = []
|
||||||
|
for index, item in enumerate(data, start=1):
|
||||||
|
entry = {
|
||||||
|
"id": index,
|
||||||
|
"title": item.get("title", ""),
|
||||||
|
"link": item.get("link", ""),
|
||||||
|
"description": item.get("description", ""),
|
||||||
|
"pubDate": item.get("pubDate", ""),
|
||||||
|
"category": item.get("category", "")
|
||||||
|
}
|
||||||
|
total_data.append(entry)
|
||||||
|
|
||||||
|
return total_data
|
||||||
|
|
||||||
|
def select_articles(e_hour):
|
||||||
|
conn = sqlite3.connect('./db/freebuf.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
|
||||||
|
# 获取当前日期和时间
|
||||||
|
now = datetime.now()
|
||||||
|
start_time = now - timedelta(hours=e_hour)
|
||||||
|
end_time = now
|
||||||
|
|
||||||
|
# 查询指定时间段内的数据
|
||||||
|
cursor.execute('''
|
||||||
|
SELECT * FROM articles
|
||||||
|
WHERE pubDate BETWEEN ? AND ?
|
||||||
|
''', (start_time.strftime('%Y-%m-%d %H:%M:%S'), end_time.strftime('%Y-%m-%d %H:%M:%S')))
|
||||||
|
|
||||||
|
results = cursor.fetchall()
|
||||||
|
conn.close()
|
||||||
|
return results
|
||||||
|
|
||||||
|
def clear_table():
|
||||||
|
conn = sqlite3.connect('./db/freebuf.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
cursor.execute('DELETE FROM articles')
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
def get_filtered_articles(entries):
|
||||||
|
result = ""
|
||||||
|
for entry in entries:
|
||||||
|
result += f"类型:{entry[5]}\t文章:{entry[1]}\n"
|
||||||
|
result += f"链接:{entry[2]}\t上传时间:{entry[4]}\n"
|
||||||
|
result += "-" * 40 + "\n" # 添加分隔线以便区分不同文章
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
|
def Src_freebuf(e_hour):
|
||||||
|
if not os.path.exists('./db/freebuf.db'):
|
||||||
|
# 创建数据库和表
|
||||||
|
create_database()
|
||||||
|
|
||||||
|
# 清空表
|
||||||
|
clear_table()
|
||||||
|
|
||||||
|
# 获取 JSON 数据
|
||||||
|
freebuf_data = get_freebuf_json()
|
||||||
|
|
||||||
|
# 插入数据到数据库
|
||||||
|
insert_data(freebuf_data)
|
||||||
|
|
||||||
|
# 查询指定时间段内的数据
|
||||||
|
filtered_articles = select_articles(e_hour)
|
||||||
|
# print(filtered_articles)
|
||||||
|
|
||||||
|
if filtered_articles:
|
||||||
|
results = get_filtered_articles(filtered_articles)
|
||||||
|
print("Freebuf资讯递送中:")
|
||||||
|
SendToFeishu(results, "Freebuf资讯递送")
|
||||||
|
print("-" * 40 + "\n")
|
||||||
|
# print(results)
|
||||||
|
else:
|
||||||
|
# 如果为空,则跳过执行
|
||||||
|
print("Freebuf数据为空,跳过执行。")
|
||||||
|
# print(results)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
Src_freebuf(4)
|
126
GotoSend_qianxin.py
Normal file
126
GotoSend_qianxin.py
Normal file
@ -0,0 +1,126 @@
|
|||||||
|
import json
|
||||||
|
import sqlite3
|
||||||
|
import os
|
||||||
|
from datetime import datetime, timedelta
|
||||||
|
from SendBot import SendToFeishu
|
||||||
|
|
||||||
|
def create_database():
|
||||||
|
conn = sqlite3.connect('./db/qianxin.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
cursor.execute('''CREATE TABLE IF NOT EXISTS articles (
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||||
|
title TEXT,
|
||||||
|
guid TEXT,
|
||||||
|
source TEXT,
|
||||||
|
description TEXT,
|
||||||
|
pubDate DATETIME
|
||||||
|
)''')
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
def insert_data(data):
|
||||||
|
conn = sqlite3.connect('./db/qianxin.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
for entry in data:
|
||||||
|
cursor.execute('''
|
||||||
|
INSERT INTO articles (title, guid, source, description, pubDate)
|
||||||
|
VALUES (?, ?, ?, ?, ?)
|
||||||
|
''', (entry['title'], entry['guid'], entry['source'], entry['description'], entry['pubDate']))
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
def get_qianxin_json():
|
||||||
|
# 检查文件是否存在
|
||||||
|
if not os.path.exists('./JSON/qianxin.json'):
|
||||||
|
raise FileNotFoundError(f"qianxin.json文件不存在,请检查程序是否运行正常!")
|
||||||
|
|
||||||
|
# 打开并读取JSON文件
|
||||||
|
with open('./JSON/qianxin.json', 'r', encoding='utf-8') as file:
|
||||||
|
data = json.load(file)
|
||||||
|
|
||||||
|
# 假设data是一个包含多个JSON对象的列表
|
||||||
|
if not isinstance(data, list):
|
||||||
|
raise ValueError("JSON文件格式错误,请检查common.py是否异常!")
|
||||||
|
|
||||||
|
# 提取所需字段并编号
|
||||||
|
total_data = []
|
||||||
|
for index, item in enumerate(data, start=1):
|
||||||
|
entry = {
|
||||||
|
"id": index,
|
||||||
|
"title": item.get("title", ""),
|
||||||
|
"guid": item.get("guid", ""),
|
||||||
|
"description": item.get("description", ""),
|
||||||
|
"pubDate": item.get("pubDate", ""),
|
||||||
|
"source": item.get("source", "")
|
||||||
|
}
|
||||||
|
total_data.append(entry)
|
||||||
|
|
||||||
|
return total_data
|
||||||
|
|
||||||
|
def select_articles(e_hour):
|
||||||
|
conn = sqlite3.connect('./db/qianxin.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
|
||||||
|
# 获取当前日期和时间
|
||||||
|
now = datetime.now()
|
||||||
|
start_time = now - timedelta(hours=e_hour)
|
||||||
|
end_time = now
|
||||||
|
|
||||||
|
# 查询指定时间段内的数据
|
||||||
|
cursor.execute('''
|
||||||
|
SELECT * FROM articles
|
||||||
|
WHERE pubDate BETWEEN ? AND ?
|
||||||
|
''', (start_time.strftime('%Y-%m-%d %H:%M:%S'), end_time.strftime('%Y-%m-%d %H:%M:%S')))
|
||||||
|
|
||||||
|
results = cursor.fetchall()
|
||||||
|
conn.close()
|
||||||
|
return results
|
||||||
|
|
||||||
|
def clear_table():
|
||||||
|
conn = sqlite3.connect('./db/qianxin.db')
|
||||||
|
cursor = conn.cursor()
|
||||||
|
cursor.execute('DELETE FROM articles')
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
def get_filtered_articles(entries):
|
||||||
|
result = ""
|
||||||
|
for entry in entries:
|
||||||
|
result += f"来源:{entry[3]}\t文章:{entry[1]}\n"
|
||||||
|
result += f"链接:{entry[2]}\t上传时间:{entry[5]}\n"
|
||||||
|
result += f"描述:{entry[4]}\n"
|
||||||
|
result += "-" * 40 + "\n" # 添加分隔线以便区分不同文章
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
|
def Src_qianxin(e_hour):
|
||||||
|
if not os.path.exists('./db/qianxin.db'):
|
||||||
|
# 创建数据库和表
|
||||||
|
create_database()
|
||||||
|
|
||||||
|
# 清空表
|
||||||
|
clear_table()
|
||||||
|
|
||||||
|
# 获取 JSON 数据
|
||||||
|
M_qianxin_data = get_qianxin_json()
|
||||||
|
|
||||||
|
# 插入数据到数据库
|
||||||
|
insert_data(M_qianxin_data)
|
||||||
|
|
||||||
|
# 查询指定时间段内的数据
|
||||||
|
filtered_articles = select_articles(e_hour)
|
||||||
|
# print(filtered_articles)
|
||||||
|
|
||||||
|
if filtered_articles:
|
||||||
|
results = get_filtered_articles(filtered_articles)
|
||||||
|
print("奇安信攻防社区资讯递送中:")
|
||||||
|
SendToFeishu(results, "奇安信攻防社区资讯递送")
|
||||||
|
print("-" * 40 + "\n")
|
||||||
|
# print(results)
|
||||||
|
else:
|
||||||
|
# 如果为空,则跳过执行
|
||||||
|
print("奇安信攻防社区数据为空,跳过执行。")
|
||||||
|
# print(results)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
Src_qianxin(4)
|
File diff suppressed because one or more lines are too long
@ -1,162 +1,162 @@
|
|||||||
[
|
[
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302345",
|
"guid": "https://www.anquanke.com/post/id/302432",
|
||||||
"title": "全国首个海洋可信数据空间启动!360筑牢海洋数据安全新防线",
|
"title": "AI全新赋能,360开启终端All in One 5.0时代",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "微信",
|
"source": "微信",
|
||||||
"pubDate": "2024-12-02 15:32:30"
|
"pubDate": "2024-12-04 14:44:35"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302342",
|
"guid": "https://www.anquanke.com/post/id/302429",
|
||||||
"title": "MediaTek 修补了智能手机芯片组中的高严重性漏洞 (CVE-2024-20125)",
|
"title": "日本加密服务因价值3.08亿美元的比特币被盗而关闭",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "therecord",
|
||||||
|
"pubDate": "2024-12-04 14:36:18"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302426",
|
||||||
|
"title": "能源行业承包商称勒索软件攻击限制了对 IT 系统的访问",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "therecord",
|
||||||
|
"pubDate": "2024-12-04 14:31:13"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302423",
|
||||||
|
"title": "韩国撤销戒严令,加密货币市场回暖",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "Cointelegraph.com News",
|
||||||
|
"pubDate": "2024-12-04 14:25:11"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302420",
|
||||||
|
"title": "法国移动运营商联手应对日益猖獗的欺诈行为",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "infosecurity",
|
||||||
|
"pubDate": "2024-12-04 11:31:24"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302417",
|
||||||
|
"title": "ASA漏洞CVE-2014-2120正在被恶意利用",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "securityaffairs",
|
||||||
|
"pubDate": "2024-12-04 11:24:59"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302414",
|
||||||
|
"title": "Play Store上发现15款针对数百万人的SpyLoan应用程序",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "hackread",
|
||||||
|
"pubDate": "2024-12-04 11:19:55"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302411",
|
||||||
|
"title": "保护您的网络: Zyxel 发布固件更新",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "securityonline",
|
"source": "securityonline",
|
||||||
"pubDate": "2024-12-02 15:20:44"
|
"pubDate": "2024-12-04 11:02:26"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302339",
|
"guid": "https://www.anquanke.com/post/id/302407",
|
||||||
"title": "ShadowHound:使用隐蔽高效的摄取器增强 Active Directory 侦察",
|
"title": "谷歌浏览器解决 V8 JavaScript 引擎中的高严重性漏洞 (CVE-2024-12053)",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "securityonline",
|
"source": "securityonline",
|
||||||
"pubDate": "2024-12-02 15:00:17"
|
"pubDate": "2024-12-04 10:47:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302336",
|
"guid": "https://www.anquanke.com/post/id/302404",
|
||||||
"title": "以加密货币钱包为目标的恶意 PyPI 软件包:aiocpa 活动曝光",
|
"title": "威胁行为者利用Gafgyt恶意软件利用配置错误的Docker远程API服务器进行攻击",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "securityonline",
|
"source": "securityonline",
|
||||||
"pubDate": "2024-12-02 14:46:21"
|
"pubDate": "2024-12-04 10:37:57"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302333",
|
"guid": "https://www.anquanke.com/post/id/302397",
|
||||||
"title": "CVE-2024-52338: Apache Arrow R软件包存在严重安全漏洞,允许任意执行代码",
|
"title": "CVE-2024-48651:ProFTPD 漏洞为攻击者提供 Root 访问权限",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "securityonline",
|
"source": "securityonline",
|
||||||
"pubDate": "2024-12-02 14:40:00"
|
"pubDate": "2024-12-03 15:23:53"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302330",
|
"guid": "https://www.anquanke.com/post/id/302394",
|
||||||
"title": "CVE-2024-8672 (CVSS 9.9):Widget Options 插件中的严重缺陷威胁 100,000+ 个网站",
|
"title": "针对 Windows 任务计划程序缺陷 (CVE-2024-49039) 发布的零日漏洞利用代码,该漏洞已被 RomCom Group 积极利用",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "securityonline",
|
"source": "securityonline",
|
||||||
"pubDate": "2024-12-02 14:34:37"
|
"pubDate": "2024-12-03 15:16:41"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302327",
|
"guid": "https://www.anquanke.com/post/id/302390",
|
||||||
"title": "CVE-2024-11980 (CVSS 10):十亿电动路由器中的严重缺陷",
|
"title": "领跑中国市场!360安全大模型获权威机构安全运营实测认证",
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-12-02 14:25:47"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302321",
|
|
||||||
"title": "被武器化的 Windows 工具 Wevtutil.exe 在新型攻击中被利用",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-12-02 11:19:00"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302318",
|
|
||||||
"title": "Trellix 企业安全管理器修补关键漏洞,包括 CVE-2024-11482 (CVSS 9.8)",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-12-02 10:45:29"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302315",
|
|
||||||
"title": "“Toast代码”行动: 深度剖析 TA-RedAnt 对零日漏洞(CVE-2024-38178)的利用",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-12-02 10:39:57"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302311",
|
|
||||||
"title": "唯一入选两大创新典型案例,360安全大模型闪耀乌镇",
|
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "微信",
|
"source": "微信",
|
||||||
"pubDate": "2024-11-29 14:16:14"
|
"pubDate": "2024-12-03 15:01:22"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302308",
|
"guid": "https://www.anquanke.com/post/id/302387",
|
||||||
"title": "利用 CleverSoar 安装程序和 Nidhogg Rootkit 的恶性恶意软件活动",
|
"title": "黑客利用 DeFi 漏洞在 2024 年从加密货币中盗取 14.8 亿美元",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "securityonline",
|
"source": "hackread",
|
||||||
"pubDate": "2024-11-29 11:31:18"
|
"pubDate": "2024-12-03 14:56:10"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302305",
|
"guid": "https://www.anquanke.com/post/id/302384",
|
||||||
"title": "发布 PoC:Windows 驱动程序中的整数溢出漏洞可导致权限升级",
|
"title": "施乐、诺基亚、美国银行、摩根士丹利等公司 76 万员工的数据在网上泄露",
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-11-29 11:22:55"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302302",
|
|
||||||
"title": "NHS 重大“网络事件”迫使医院使用笔和纸",
|
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "theregister",
|
"source": "theregister",
|
||||||
"pubDate": "2024-11-29 11:14:57"
|
"pubDate": "2024-12-03 14:43:32"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://www.anquanke.com/post/id/302299",
|
"guid": "https://www.anquanke.com/post/id/302381",
|
||||||
"title": "美国电信巨头 T-Mobile 检测到有线运营商的网络入侵企图",
|
"title": "Horns & Hooves活动利用NetSupport和BurnsRAT进行广泛妥协",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "securityonline",
|
||||||
|
"pubDate": "2024-12-03 14:31:35"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302378",
|
||||||
|
"title": "从美国到阿联酋: APT35 扩大网络间谍活动范围",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "securityonline",
|
||||||
|
"pubDate": "2024-12-03 11:35:47"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302374",
|
||||||
|
"title": "德国联邦司法部发布计算机刑法草案,白帽黑客迎来合法曙光",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "安全客",
|
||||||
|
"pubDate": "2024-12-03 11:14:52"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302371",
|
||||||
|
"title": "关于开展“清朗·网络平台算法典型问题治理”专项行动的通知",
|
||||||
|
"author": " 安全客",
|
||||||
|
"description": null,
|
||||||
|
"source": "国家网信办",
|
||||||
|
"pubDate": "2024-12-03 10:58:19"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://www.anquanke.com/post/id/302368",
|
||||||
|
"title": "新型 Ymir 勒索软件利用内存进行隐蔽攻击;目标是企业网络",
|
||||||
"author": " 安全客",
|
"author": " 安全客",
|
||||||
"description": null,
|
"description": null,
|
||||||
"source": "TheHackersNews",
|
"source": "TheHackersNews",
|
||||||
"pubDate": "2024-11-29 11:03:29"
|
"pubDate": "2024-12-03 10:49:26"
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302296",
|
|
||||||
"title": "VPN 漏洞、弱凭据助长勒索软件攻击",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "helpnetsecurity",
|
|
||||||
"pubDate": "2024-11-29 10:55:05"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302293",
|
|
||||||
"title": "CVE-2024-42330 (CVSS 9.1): Zabbix 修补了严重远程代码执行漏洞",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-11-29 10:49:22"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302290",
|
|
||||||
"title": "TikTok 在最新安全举措中瞄准改变外观的滤镜和未成年人用户",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-11-29 10:44:26"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302287",
|
|
||||||
"title": "信用卡盗刷恶意软件曝光: 针对 Magento 结账页面",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-11-29 10:35:03"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://www.anquanke.com/post/id/302284",
|
|
||||||
"title": "Contiki-NG 物联网操作系统修补关键漏洞",
|
|
||||||
"author": " 安全客",
|
|
||||||
"description": null,
|
|
||||||
"source": "securityonline",
|
|
||||||
"pubDate": "2024-11-29 10:26:47"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
1856
JSON/doonsec.json
1856
JSON/doonsec.json
File diff suppressed because it is too large
Load Diff
@ -1,4 +1,92 @@
|
|||||||
[
|
[
|
||||||
|
{
|
||||||
|
"title": "立即修复,微软驱动程序关键漏洞已被APT组织利用",
|
||||||
|
"link": "https://www.freebuf.com/news/416830.html",
|
||||||
|
"description": "2024年8月,微软发布安全更新已经修复该漏洞,强烈建议组织及时进行修复。",
|
||||||
|
"body": "<p>近日,微软被曝Windows AFD.sys漏洞(编号:CVE-2024-38193)正在被黑客组织利用。该漏洞被归类为自带易受攻击驱动程序(BYOVD)漏洞,可影响Windows套接字的注册I/O(RIO)扩展,并允许攻击者远程接管整个系统。</p><p>漏洞影响版本包括Windows 11(ARM64、x64,多个版本)、Windows 10(ARM64、x64、32位,多个版本)、Wi",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Wed, 04 Dec 2024 14:37:40 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "思科安全设备ASA十年老漏洞正在被利用",
|
||||||
|
"link": "https://www.freebuf.com/news/416826.html",
|
||||||
|
"description": "该漏洞最初于2014年披露,它允许未经身份验证的远程攻击者对WebVPN用户执行XSS攻击。",
|
||||||
|
"body": "<p>近期,思科系统公司(Cisco Systems)更新了关于CVE-2014-2120的安全公告,警告客户该漏洞已在野外被利用。CVE-2014-2120是一个影响思科自适应安全设备(ASA)软件的WebVPN登录页面的跨站脚本(XSS)漏洞。该漏洞最初于2014年披露,它允许未经身份验证的远程攻击者对WebVPN用户执行XSS攻击。</p><p><img src=\"https://image",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Wed, 04 Dec 2024 14:12:46 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "因涉嫌实施侵入性的监控行为,苹果公司在加州被员工起诉",
|
||||||
|
"link": "https://www.freebuf.com/news/416797.html",
|
||||||
|
"description": "一名现任苹果员工于美国当地时间12月1日向加利福尼亚州法院提起诉讼,指控苹果侵入性的监控行为干预了员工的个人生活。",
|
||||||
|
"body": "<p>据Cyber Security News消息,一名现任苹果员工于美国当地时间12月1日向加利福尼亚州法院提起诉讼,指控苹果侵入性的监控行为干预了员工的个人生活。</p><p><img src=\"https://image.3001.net/images/20241204/1733280393_674fc28912cc0257261a4.png!small\" alt=\"\" width=\"646",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Wed, 04 Dec 2024 10:34:21 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "FreeBuf早报 | 苹果被员工起诉监控越界;暗网头目背叛终身监禁",
|
||||||
|
"link": "https://www.freebuf.com/news/416759.html",
|
||||||
|
"description": "苹果要求员工上班期间只能使用苹果设备,并鼓励他们在个人设备上也使用苹果产品。",
|
||||||
|
"body": "<h2 id=\"h2-1\">全球动态</h2><h3 id=\"h3-1\">1. 工信部通报27款侵害用户权益行为的APP及SDK</h3><p>近期,工信部组织第三方检测机构进行抽查,共发现27款App及SDK存在侵害用户权益行为,主要集中在信息窗口关不掉、乱跳转,违规收集个人信息以及过度索取权限等问题。工信部要求相关App开发者限期整改,对于整改落实不到位的,将采取企业约谈、App下架、行政处罚",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Tue, 03 Dec 2024 16:41:40 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "知名开源监控系统Zabbix存在SQL 注入漏洞",
|
||||||
|
"link": "https://www.freebuf.com/news/416735.html",
|
||||||
|
"description": "攻击者可以通过操控特定的API调用,注入恶意SQL代码,从而获得未授权的访问和控制权限。",
|
||||||
|
"body": "<p style=\"list-style-type:none;\">Zabbix 存在 SQL 注入漏洞(CVE-2024-42327),该漏洞是由于在 Zabbix前端的CUser类中的addRelatedObjects函数未对输入数据进行充分验证和转义,导致具有API访问权限的恶意用户可以通过user.get API传递特制输入触发SQL注入攻击,进而利用该漏洞实现权限提升或访问敏感数据。</p",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Tue, 03 Dec 2024 13:46:22 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "只需几分钟,AWS密钥泄露即被利用",
|
||||||
|
"link": "https://www.freebuf.com/news/416720.html",
|
||||||
|
"description": "Clutch Security的研究人员进行了一项测试,以查看这种情况发生的速度有多快。",
|
||||||
|
"body": "<p>开发者经常无意中在网上暴露AWS访问密钥,这已不是秘密,这些密钥在组织有机会撤销它们之前,就被攻击者抓取并滥用。Clutch Security的研究人员进行了一项测试,以查看这种情况发生的速度有多快。</p><p><img src=\"https://image.3001.net/images/20241203/1733204055_674e9857af59cfdecf8da.png!smal",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Tue, 03 Dec 2024 11:50:54 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "新型恶意软件能利用LogoFAIL漏洞感染Linux系统",
|
||||||
|
"link": "https://www.freebuf.com/news/416709.html",
|
||||||
|
"description": "由韩国BoB培训计划的网络安全学生利用 LogoFAIL 漏洞创建了新型恶意软件Bootkitty,能够攻击Linux系统设备。",
|
||||||
|
"body": "<p>据BleepingComputer消息,韩国Best of the Best (BoB) 培训计划的网络安全学生利用 LogoFAIL 漏洞创建了新型恶意软件Bootkitty,能够攻击Linux系统设备。</p><p>固件安全公司Binarly 于2023 年 11 月发现了 LogoFAIL,并警告其可能被用于实际攻击。而安全公司ESET表示,Bootkitty 是第一个专门针对 Lin",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Tue, 03 Dec 2024 11:12:26 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "FreeBuf 赠书第109期 | API攻防:Web API安全指南",
|
||||||
|
"link": "https://www.freebuf.com/articles/416686.html",
|
||||||
|
"description": "这本书就体系化地讲解了Web API 的漏洞挖掘方法和防御策略,能够帮助组织构建起API安全体系。",
|
||||||
|
"body": "<p>知名网络安全公司HackerOne发布的《2023年黑客力量安全报告》透露,已有30名优秀的白帽子各自获得了超100万美元的奖励,而其中最厉害的白帽奖励超过了400万美元。</p><p>HackerOne是全球领先的漏洞赏金平台,自2012年成立以来,HackerOne已向白帽子和漏洞研究人员发放了超过3亿美元的奖励。</p><p>白帽遵循一套道德准则和职业操守,在获得组织的明确授权后,通过",
|
||||||
|
"category": "活动",
|
||||||
|
"pubDate": "Mon, 02 Dec 2024 18:54:59 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "浅谈一次edusrc | 文件上传成功getshell",
|
||||||
|
"link": "https://www.freebuf.com/vuls/416682.html",
|
||||||
|
"description": "这篇文章偏基础的src漏洞挖掘,并且讲的内容还是偏向edusrc方面的。",
|
||||||
|
"body": "<h2 id=\"h2-1\">0x1 前言</h2><p>这里记录一下我在微信小程序挖人社局等一些人力资源和社会保障部信息中心漏洞,人社这类漏洞相对于web应用端的漏洞来讲要好挖很多,里面的WAF过滤等一些验证也少。比如你在开始学习src漏洞挖掘,就可以从微信小程序下手。<br />一般像这类漏洞可以在微信小程序检索<strong>就业、人社、贷款</strong>等关键字</p><p><img s",
|
||||||
|
"category": "漏洞",
|
||||||
|
"pubDate": "Mon, 02 Dec 2024 18:22:10 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "FreeBuf早报 | 苹果Safari远程代码执行漏洞被广泛利用;蓝牙芯片漏洞影响15亿用户",
|
||||||
|
"link": "https://www.freebuf.com/news/416669.html",
|
||||||
|
"description": "Safari中的一个关键远程代码执行漏洞已被发现并被广泛利用。该漏洞存在于WebKit的JavaScriptCore组件中。",
|
||||||
|
"body": "<h2 id=\"h2-1\">全球动态</h2><h3 id=\"h3-1\">1. 国家安全部:警惕开源信息成为泄密源头</h3><p>大数据时代,信息在网络空间发布、传播渠道愈发丰富多样。值得警惕的是,一些敏感信息在未经脱密处理、未经风险隐患评估的情况下,通过互联网公开传播,成为境外间谍情报机关获取开源情报的重要来源,对我国家安全构成威胁。 【<a href=\"https://www.secrss.",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Mon, 02 Dec 2024 17:27:57 +0800"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "因软件更新,丹麦第一电信运营商宕机超过24小时",
|
||||||
|
"link": "https://www.freebuf.com/news/416662.html",
|
||||||
|
"description": "丹麦电信运营商 TDC Net 遭遇大规模电信服务中断,导致所有用户无法使用移动电话、短信和网络接入服务。",
|
||||||
|
"body": "<p>上周(11月28日),丹麦发生了一起大规模手机故障事件。丹麦电信运营商 TDC Net 遭遇大规模电信服务中断,导致所有用户无法使用移动电话、短信和网络接入服务,持续时间长达至少一天。</p><p>这次中断事件严重扰乱了成千上万人的通信,并引发了人们对基本电信服务可靠性的严重担忧。受影响的群体包括紧急救援人员、医院和通勤上班一族,这表明了现代社会依赖无缝连接的程度。<img src=\"htt",
|
||||||
|
"category": "资讯",
|
||||||
|
"pubDate": "Mon, 02 Dec 2024 16:38:31 +0800"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "印度电信安全新规引发大量吐槽",
|
"title": "印度电信安全新规引发大量吐槽",
|
||||||
"link": "https://www.freebuf.com/news/416631.html",
|
"link": "https://www.freebuf.com/news/416631.html",
|
||||||
@ -41,7 +129,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"title": "FreeBuf周报 | VPN正成为企业入侵的关键路径;知名压缩工具7-Zip存在严重漏洞",
|
"title": "FreeBuf周报 | VPN正成为企业入侵的关键路径;知名压缩工具7-Zip存在严重漏洞",
|
||||||
"link": "https://www.freebuf.com/articles/416526.html",
|
"link": "https://www.freebuf.com/news/416526.html",
|
||||||
"description": "总结推荐本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!",
|
"description": "总结推荐本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!",
|
||||||
"body": "<p>各位 Buffer 周末好,以下是本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!<img style=\"border-width:0px;line-height:inherit;max-width:635px;height:auto;\" src=\"https://image.3001.net/images/202209",
|
"body": "<p>各位 Buffer 周末好,以下是本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!<img style=\"border-width:0px;line-height:inherit;max-width:635px;height:auto;\" src=\"https://image.3001.net/images/202209",
|
||||||
"category": "资讯",
|
"category": "资讯",
|
||||||
@ -70,93 +158,5 @@
|
|||||||
"body": "<p>Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥,以对抗政府审查。目前,Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。</p><p>Tor 项目认为,设置更多的 WebTunnel 网桥是对",
|
"body": "<p>Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥,以对抗政府审查。目前,Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。</p><p>Tor 项目认为,设置更多的 WebTunnel 网桥是对",
|
||||||
"category": "资讯",
|
"category": "资讯",
|
||||||
"pubDate": "Fri, 29 Nov 2024 11:33:37 +0800"
|
"pubDate": "Fri, 29 Nov 2024 11:33:37 +0800"
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "知名工业WiFi接入点被曝存在20多个漏洞",
|
|
||||||
"link": "https://www.freebuf.com/news/416495.html",
|
|
||||||
"description": "Advantech工业级无线接入点设备被曝光存在近二十个安全漏洞,部分漏洞可被恶意利用以绕过身份验证并执行高权限代码。",
|
|
||||||
"body": "<p>近期,Advantech工业级无线接入点设备被曝光存在近二十个安全漏洞,部分漏洞可被恶意利用以绕过身份验证并执行高权限代码。<img src=\"https://image.3001.net/images/20241129/1732851076_674935841806b8cad795e.png!small\" alt=\"\" /></p><p>网络安全公司Nozomi Networks在周三发布",
|
|
||||||
"category": "资讯",
|
|
||||||
"pubDate": "Fri, 29 Nov 2024 11:26:58 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "摄像头贴很有必要,黑客可不激活指示器而调用摄像头",
|
|
||||||
"link": "https://www.freebuf.com/news/416480.html",
|
|
||||||
"description": "通过刷新联想ThinkPad X230笔记本电脑上的摄像头固件,可在摄像头本身激活的情况下独立控制其LED。",
|
|
||||||
"body": "<p>在你的笔记本电脑上贴上摄像头并不是一个愚蠢的想法。一位安全工程师发现,通过刷新联想ThinkPad X230笔记本电脑上的摄像头固件,可在摄像头本身激活的情况下独立控制其LED。换句话说,可以在摄像头指示器不亮的情况下,悄悄调用笔记本的摄像头。</p><p><img src=\"https://image.3001.net/images/20241129/1732849151_67492dff",
|
|
||||||
"category": "资讯",
|
|
||||||
"pubDate": "Fri, 29 Nov 2024 10:22:37 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "内网代理篇 | 实验过程记录",
|
|
||||||
"link": "https://www.freebuf.com/articles/network/415550.html",
|
|
||||||
"description": "因为内网经常遇到不同网段,跳板机为linux命令行无法可视化访问web的问题,这是我们不想看到的,所以做了一次内网代理实验的记录,快速开展实验,解决以上问题。",
|
|
||||||
"body": "<h1>内网多层代理实验记录</h1><p>本次简单搭建了一个环境做多层代理测试,目的是解决内网渗透因为网段不同或者linux跳板无法访问web服务的情况。搭建了此环境,环境比较简陋,用kali的setoolkit钓鱼工具输搭建了个web。然后用ssh隧道将流量转给了节点3的windows,至于为何不用kali当节点。是因为想同时写ssh隧道的教程和venom的教程。</p><p>节点1:kali",
|
|
||||||
"category": "网络安全",
|
|
||||||
"pubDate": "Fri, 29 Nov 2024 09:19:29 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "MORF:一款轻量级移动端网络安全侦查框架",
|
|
||||||
"link": "https://www.freebuf.com/sectool/416461.html",
|
|
||||||
"description": "MORF是一款功能强大、轻量级且独立于平台的移动端网络安全工具,旨在帮助广大安全研究人员轻松识别和处理移动应用程序中的敏感信息。",
|
|
||||||
"body": "<h2 id=\"h2-1\">关于MORF</h2><p>MORF是一款功能强大、轻量级且独立于平台的移动端网络安全工具,旨在帮助广大安全研究人员轻松识别和处理移动应用程序中的敏感信息。</p><p><img src=\"https://image.3001.net/images/20241128/1732804244_67487e9432a399da8fd7f.png!small\" width=\"6",
|
|
||||||
"category": "工具",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 22:33:27 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "JavaSecLab 一款综合Java漏洞平台",
|
|
||||||
"link": "https://www.freebuf.com/sectool/416442.html",
|
|
||||||
"description": "JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范等。",
|
|
||||||
"body": "<h2 id=\"h2-1\">项目介绍</h2><p>JavaSecLab是<strong>一款综合型Java漏洞平台</strong>,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……<br /><img src=\"https://image.3001.net/images/20241128/1732785853_674836bd53c",
|
|
||||||
"category": "工具",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 17:30:55 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "零时科技 || DCF 攻击事件分析",
|
|
||||||
"link": "https://www.freebuf.com/articles/blockchain-articles/416431.html",
|
|
||||||
"description": "我们监控到BNB Smart Chain上的一起攻击事件,被攻击的项目为DCF,本次攻击共造成约440,000 USD的损失。",
|
|
||||||
"body": "<p><img src=\"https://image.3001.net/images/20241128/1732779893_67481f759aeb648c2571f.jpg!small\" alt=\"\" width=\"690\" height=\"184\" /></p><h2 id=\"h2-1\"><strong>背景介绍</strong></h2><p>2024年11月25日,我们监控到 BNB S",
|
|
||||||
"category": "区块链安全",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 15:49:35 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "Bootkitty:首个针对Linux的UEFI引导程序恶意软件",
|
|
||||||
"link": "https://www.freebuf.com/news/416423.html",
|
|
||||||
"description": "研究人员发现了首个专门针对Linux系统UEFI引导程序恶意软件。",
|
|
||||||
"body": "<p>研究人员发现了首个专门针对Linux系统UEFI引导程序恶意软件,这标志着以前专注于Windows的隐蔽且难以清除的引导程序威胁发生了转变。</p><p>这款名为“Bootkitty”的Linux恶意软件是一个概念验证,仅在某些Ubuntu版本和配置上有效,而不是实际攻击中部署的完全成熟的威胁。引导程序恶意软件旨在感染计算机的启动过程,在操作系统加载之前运行,从而允许其在非常低的级别上控制系",
|
|
||||||
"category": "资讯",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 15:09:35 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "索赔800万元,字节跳动起诉篡改代码攻击模型的实习生",
|
|
||||||
"link": "https://www.freebuf.com/news/416403.html",
|
|
||||||
"description": "字节跳动公司近日正式就前实习生田柯宇篡改代码并攻击公司内部模型训练一案向北京市海淀区人民法院提起诉讼。",
|
|
||||||
"body": "<p>字节跳动公司近日正式就前实习生田柯宇篡改代码并攻击公司内部模型训练一案向北京市海淀区人民法院提起诉讼,该案已被法院受理。字节跳动在诉讼中请求法院判令田柯宇赔偿公司侵权损失共计800万元人民币及合理支出2万元人民币,并要求其公开赔礼道歉,以维护公司的合法权益和声誉。</p><p>此案背景可追溯至字节跳动于11月5日发布的《企业纪律与职业道德委员会通报》,该通报向公司全员披露了事件的详细情况。通",
|
|
||||||
"category": "资讯",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 14:08:40 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "代码审计实战 | 若依 RuoYi4.6.0",
|
|
||||||
"link": "https://www.freebuf.com/articles/system/416395.html",
|
|
||||||
"description": "RuoYi 是一个 Java EE 企业级快速开发平台,内置模块如:部门管理、角色用户、菜单及按钮授权等。",
|
|
||||||
"body": "<h2 id=\"h2-1\">一.环境搭建</h2><p>RuoYi 是一个 Java EE 企业级快速开发平台,基于经典技术组合(Spring Boot、Apache Shiro、MyBatis、Thymeleaf、Bootstrap),内置模块如:部门管理、角色用户、菜单及按钮授权、数据权限、系统参数、日志管理、通知公告等。在线定时任务配置;支持集群,支持多数据源,支持分布式事务。本次对此框架代",
|
|
||||||
"category": "系统安全",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 13:39:49 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "FreeBuf早报 | 全球最大盗版IPTV网络被清剿;ChatGPT可攻击Linux和Windows",
|
|
||||||
"link": "https://www.freebuf.com/news/416388.html",
|
|
||||||
"description": "研究人员展示了人工智能(AI)在增强道德黑客实践方面的巨大潜力,特别是在Linux环境中。",
|
|
||||||
"body": "<h2 id=\"h2-1\">全球动态</h2><h3 id=\"h3-1\">1. ChatGPT在攻击Linux和Windows方面有巨大潜力</h3><p align=\"left\">研究人员展示了人工智能(AI)在增强道德黑客实践方面的巨大潜力,特别是在Linux环境中。【外刊-<a href=\"https://cybersecuritynews.com/teaching-ai-to-hack/\"",
|
|
||||||
"category": "资讯",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 13:13:50 +0800"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"title": "微软或窃取你的Word、Excel文件以训练人工智能模型?",
|
|
||||||
"link": "https://www.freebuf.com/news/416371.html",
|
|
||||||
"description": "微软在其生产力套件中的Connected Experiences选项已经引起了人们的恐慌,有人指责默认设置可能会允许微软使用客户的Word和Excel文档及其他数据来训练AI模型。微软否认窃取个人文件的相关说法Windows相关方面强烈否认这些说法。一位发言人告诉The Register 杂志:“在 Microsoft 365的消费者和商业应用程序中,微软不会在未经用户许可的情况下使用用户数据来训",
|
|
||||||
"body": "<p>微软在其生产力套件中的Connected Experiences选项已经引起了人们的恐慌,有人指责默认设置可能会允许微软使用客户的Word和Excel文档及其他数据来训练AI模型。</p><p><b>微软否认窃取个人文件的相关说法</b></p><p>Windows相关方面强烈否认这些说法。一位发言人告诉The Register 杂志:“在 Microsoft 365的消费者和商业应用程序中",
|
|
||||||
"category": "资讯",
|
|
||||||
"pubDate": "Thu, 28 Nov 2024 11:32:43 +0800"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
@ -1,4 +1,25 @@
|
|||||||
[
|
[
|
||||||
|
{
|
||||||
|
"guid": "https://forum.butian.net/share/3912",
|
||||||
|
"title": "基于ptrace的沙箱绕过",
|
||||||
|
"description": "本文记录复现羊城杯hard-sandbox这道题的过程,并在途中学习了基于ptrace的沙箱绕过",
|
||||||
|
"source": "subject",
|
||||||
|
"pubDate": "2024-12-04 10:00:01"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://forum.butian.net/share/3952",
|
||||||
|
"title": "多轮对话越狱大模型",
|
||||||
|
"description": "最近奇安信办的datacon有个AI安全赛道,其中的挑战之一就是与越狱相关的,不同的地方在于它关注的是多轮越狱",
|
||||||
|
"source": "subject",
|
||||||
|
"pubDate": "2024-12-04 09:00:02"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"guid": "https://forum.butian.net/share/3911",
|
||||||
|
"title": "Web Pwn常见利用方式总结",
|
||||||
|
"description": "本篇文章总结了web pwn常见的利用方式",
|
||||||
|
"source": "subject",
|
||||||
|
"pubDate": "2024-12-03 09:31:45"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"guid": "https://forum.butian.net/share/3916",
|
"guid": "https://forum.butian.net/share/3916",
|
||||||
"title": "HKCERT24 Rev bashed 和 MBTI Radar WP",
|
"title": "HKCERT24 Rev bashed 和 MBTI Radar WP",
|
||||||
@ -47,26 +68,5 @@
|
|||||||
"description": "在漏洞挖掘中,通过对js的挖掘可发现诸多安全问题,此文章主要记录学习如何利用JS测试以及加密参数逆向相关的漏洞挖掘。",
|
"description": "在漏洞挖掘中,通过对js的挖掘可发现诸多安全问题,此文章主要记录学习如何利用JS测试以及加密参数逆向相关的漏洞挖掘。",
|
||||||
"source": "subject",
|
"source": "subject",
|
||||||
"pubDate": "2024-11-26 09:37:28"
|
"pubDate": "2024-11-26 09:37:28"
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://forum.butian.net/share/3899",
|
|
||||||
"title": "从rust堆看堆块伪造",
|
|
||||||
"description": "本文章详细分析了强网杯S8的chat_with_me这道题,从rust堆看堆块伪造,最后getshell",
|
|
||||||
"source": "subject",
|
|
||||||
"pubDate": "2024-11-22 10:00:02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://forum.butian.net/share/3897",
|
|
||||||
"title": "go中栈溢出的总结",
|
|
||||||
"description": "本篇文章详细记录了自己复现强网杯S8中qroute这道题的过程,并又做了一些CISCN中go的栈溢出相关题目,记录了复现过程遇到的困难,以及解决方法,希望能对你学习go的栈溢出有所帮助",
|
|
||||||
"source": "subject",
|
|
||||||
"pubDate": "2024-11-21 09:00:00"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"guid": "https://forum.butian.net/share/3883",
|
|
||||||
"title": "Linux系统下反弹shell的理解",
|
|
||||||
"description": "之前研究过一段时间的反弹shell,所以本文是我个人对反弹shell的理解,当然,本人才疏学浅,如有啥错的地方,各位师傅指出,共同学习一起进步!!!",
|
|
||||||
"source": "subject",
|
|
||||||
"pubDate": "2024-11-21 09:00:00"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
1456
JSON/xianzhi.json
1456
JSON/xianzhi.json
File diff suppressed because it is too large
Load Diff
10
README.md
10
README.md
@ -1,5 +1,9 @@
|
|||||||
## 持续更新中
|
## 持续更新中
|
||||||
|
|
||||||
RSS订阅链接来源:https://github.com/zhengjim/Chinese-Security-RSS
|
RSS订阅链接来源:https://github.com/zhengjim/Chinese-Security-RSS <br>
|
||||||
使用python-json进行格式化,然后使用飞书webhook机器人进行发送
|
使用python-json进行格式化,然后使用飞书webhook机器人进行发送 <br>
|
||||||
config.yaml可指定大部分可能需要的参数
|
config.yaml可指定大部分可能需要的参数 <br>
|
||||||
|
|
||||||
|
### 使用方法:
|
||||||
|
先下载支持库:`pip install -r requirements.txt`
|
||||||
|
随后便可直接运行:`python Core.py`
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
__pycache__/GotoSend_xianzhi.cpython-312.pyc
Normal file
BIN
__pycache__/GotoSend_xianzhi.cpython-312.pyc
Normal file
Binary file not shown.
BIN
db/freebuf.db
Normal file
BIN
db/freebuf.db
Normal file
Binary file not shown.
BIN
db/qianxin.db
Normal file
BIN
db/qianxin.db
Normal file
Binary file not shown.
BIN
imgs/首次运行提示.jpg
Normal file
BIN
imgs/首次运行提示.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 53 KiB |
Binary file not shown.
@ -135,3 +135,4 @@ def run():
|
|||||||
huawei_main()
|
huawei_main()
|
||||||
doonsec_main()
|
doonsec_main()
|
||||||
qianxin_main()
|
qianxin_main()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user