MasonLiu/PyBot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

first commit

Browse Source
This commit is contained in:
MasonLiu 2024-12-03 00:03:14 +08:00
parent bcbd0f1f57
commit b636eb32f1
20 changed files with 3843 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
Core.py Normal file
View File

@ -0,0 +1,46 @@
import signal
from datetime import datetime
import sys
import time
from SendBot import SendToFeishu, gen_sign
from media.common import run
from media.freebuf import freebuf_main
from media.xianzhi import xianzhi_main
webhook_url, timestamp, sign = gen_sign()
def crab_job():
print("正在启动各爬虫并获取资源中...")
run()
xianzhi_main()
freebuf_main()
def signal_handler(sig, frame):
print("接收到退出信号,程序即将退出...")
sys.exit(0)
signal.signal(signal.SIGINT, signal_handler) # Ctrl+C
signal.signal(signal.SIGTERM, signal_handler) # kill命令
def main_loop():
while True:
try:
# 获取当前时间
now = datetime.now()
# 检查是否为特定时间点
if now.hour == 17 and now.minute == 25:
crab_job()
print("执行完毕,等待下一次执行...")
else:
print("正在等待执行...")
time.sleep(35) # 每隔35秒执行一次
except Exception as e:
print(f"发生错误: {e}")
msg = {"msg_type":"text","timestamp": f"{timestamp}","sign": f"{sign}","content":{"text":f"发生错误: {e} ,程序已暂停"}}
print(msg)
# SendToFeishu(msg)
exit()
if __name__ == "__main__":
main_loop()

142
JSON/4hou.json Normal file
View File

File diff suppressed because one or more lines are too long

162
JSON/anquanke.json Normal file
View File

@ -0,0 +1,162 @@
[
{
"guid": "https://www.anquanke.com/post/id/302345",
"title": "全国首个海洋可信数据空间启动360筑牢海洋数据安全新防线",
"author": " 安全客",
"description": null,
"source": "微信",
"pubDate": "2024-12-02 15:32:30"
},
{
"guid": "https://www.anquanke.com/post/id/302342",
"title": "MediaTek 修补了智能手机芯片组中的高严重性漏洞 CVE-2024-20125",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 15:20:44"
},
{
"guid": "https://www.anquanke.com/post/id/302339",
"title": "ShadowHound使用隐蔽高效的摄取器增强 Active Directory 侦察",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 15:00:17"
},
{
"guid": "https://www.anquanke.com/post/id/302336",
"title": "以加密货币钱包为目标的恶意 PyPI 软件包aiocpa 活动曝光",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 14:46:21"
},
{
"guid": "https://www.anquanke.com/post/id/302333",
"title": "CVE-2024-52338 Apache Arrow R软件包存在严重安全漏洞允许任意执行代码",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 14:40:00"
},
{
"guid": "https://www.anquanke.com/post/id/302330",
"title": "CVE-2024-8672 CVSS 9.9Widget Options 插件中的严重缺陷威胁 100,000+ 个网站",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 14:34:37"
},
{
"guid": "https://www.anquanke.com/post/id/302327",
"title": "CVE-2024-11980 CVSS 10十亿电动路由器中的严重缺陷",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 14:25:47"
},
{
"guid": "https://www.anquanke.com/post/id/302321",
"title": "被武器化的 Windows 工具 Wevtutil.exe 在新型攻击中被利用",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 11:19:00"
},
{
"guid": "https://www.anquanke.com/post/id/302318",
"title": "Trellix 企业安全管理器修补关键漏洞,包括 CVE-2024-11482 (CVSS 9.8)",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 10:45:29"
},
{
"guid": "https://www.anquanke.com/post/id/302315",
"title": "“Toast代码”行动 深度剖析 TA-RedAnt 对零日漏洞CVE-2024-38178的利用",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-12-02 10:39:57"
},
{
"guid": "https://www.anquanke.com/post/id/302311",
"title": "唯一入选两大创新典型案例360安全大模型闪耀乌镇",
"author": " 安全客",
"description": null,
"source": "微信",
"pubDate": "2024-11-29 14:16:14"
},
{
"guid": "https://www.anquanke.com/post/id/302308",
"title": "利用 CleverSoar 安装程序和 Nidhogg Rootkit 的恶性恶意软件活动",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-11-29 11:31:18"
},
{
"guid": "https://www.anquanke.com/post/id/302305",
"title": "发布 PoCWindows 驱动程序中的整数溢出漏洞可导致权限升级",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-11-29 11:22:55"
},
{
"guid": "https://www.anquanke.com/post/id/302302",
"title": "NHS 重大“网络事件”迫使医院使用笔和纸",
"author": " 安全客",
"description": null,
"source": "theregister",
"pubDate": "2024-11-29 11:14:57"
},
{
"guid": "https://www.anquanke.com/post/id/302299",
"title": "美国电信巨头 T-Mobile 检测到有线运营商的网络入侵企图",
"author": " 安全客",
"description": null,
"source": "TheHackersNews",
"pubDate": "2024-11-29 11:03:29"
},
{
"guid": "https://www.anquanke.com/post/id/302296",
"title": "VPN 漏洞、弱凭据助长勒索软件攻击",
"author": " 安全客",
"description": null,
"source": "helpnetsecurity",
"pubDate": "2024-11-29 10:55:05"
},
{
"guid": "https://www.anquanke.com/post/id/302293",
"title": "CVE-2024-42330 (CVSS 9.1) Zabbix 修补了严重远程代码执行漏洞",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-11-29 10:49:22"
},
{
"guid": "https://www.anquanke.com/post/id/302290",
"title": "TikTok 在最新安全举措中瞄准改变外观的滤镜和未成年人用户",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-11-29 10:44:26"
},
{
"guid": "https://www.anquanke.com/post/id/302287",
"title": "信用卡盗刷恶意软件曝光: 针对 Magento 结账页面",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-11-29 10:35:03"
},
{
"guid": "https://www.anquanke.com/post/id/302284",
"title": "Contiki-NG 物联网操作系统修补关键漏洞",
"author": " 安全客",
"description": null,
"source": "securityonline",
"pubDate": "2024-11-29 10:26:47"
}
]

1602
JSON/doonsec.json Normal file
View File

File diff suppressed because it is too large Load Diff

162
JSON/freebuf.json Normal file
View File

@ -0,0 +1,162 @@
[
{
"title": "印度电信安全新规引发大量吐槽",
"link": "https://www.freebuf.com/news/416631.html",
"description": "印度电信监管机构推出了旨在保护国家关键基础设施网络免受网络威胁的规则。",
"body": "<p>印度电信监管机构推出了旨在保护国家关键基础设施网络免受网络威胁的规则,但专家表示,这些新指南对用户的基本隐私权保护不足。</p><p>上周由印度电信部DoT发布的这些规定要求电信实体在六小时内报告网络安全事件与网络安全当局共享用户流量数据并采用包括风险管理方法、培训、网络测试和风险评估的网络安全政策。</p><p>这些措施是在2023年通过的具有里程碑意义的《电信法》下推出的对行",
"category": "资讯",
"pubDate": "Mon, 02 Dec 2024 13:52:30 +0800"
},
{
"title": "新型钓鱼工具包能让“菜鸟”轻松发动攻击",
"link": "https://www.freebuf.com/news/416616.html",
"description": "一种恶意电子邮件活动正利用名为 Rockstar 2FA 的网络钓鱼即服务PhaaS工具包窃取 Microsoft 365 用户帐户凭证。",
"body": "<p>据The Hacker News消息研究人员近日发出警告称一种恶意电子邮件活动正利用名为 Rockstar 2FA 的网络钓鱼即服务PhaaS工具包窃取 Microsoft 365 用户帐户凭证。</p><p><img src=\"https://image.3001.net/images/20241202/1733109695_674d27bfcbce0a33907d7.png!sm",
"category": "资讯",
"pubDate": "Mon, 02 Dec 2024 11:18:40 +0800"
},
{
"title": "损坏的Word钓鱼文件可以绕过微软安全防护",
"link": "https://www.freebuf.com/news/416610.html",
"description": "通过发送损坏的Word文档作为电子邮件附件使它们能够因为损坏状态而绕过安全软件但仍然可以被应用程序恢复。",
"body": "<p>一种新型的网络钓鱼攻击利用了微软Word文件恢复功能通过发送损坏的Word文档作为电子邮件附件使它们能够因为损坏状态而绕过安全软件但仍然可以被应用程序恢复。</p><p>威胁行为者不断寻找新的方法来绕过电子邮件安全软件将他们的网络钓鱼邮件送达到目标收件箱。由恶意软件狩猎公司Any.Run发现的一个新的网络钓鱼活动使用故意损坏的Word文档作为电子邮件附件这些邮件伪装成来自工资单和",
"category": "资讯",
"pubDate": "Mon, 02 Dec 2024 10:26:53 +0800"
},
{
"title": "一周网安优质PDF资源推荐丨FreeBuf知识大陆",
"link": "https://www.freebuf.com/news/416552.html",
"description": "各位读者周末好我们精选了本周知识大陆公开发布的10条优质资源让我们一起看看吧。",
"body": "<p>各位读者周末好以下是本周「FreeBuf知识大陆一周优质资源推荐」我们精选了本周知识大陆公开发布的10条优质资源让我们一起看看吧。</p><p><img src=\"https://image.3001.net/images/20241129/1732868224_6749788012adb40a28cdb.png!small\" width=\"690\" height=\"1200\" alt",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 16:16:39 +0800"
},
{
"title": "FreeBuf早报 | 史上最高漏洞赏金1.1亿元澳大利亚禁16岁以下使用社交媒体",
"link": "https://www.freebuf.com/news/416532.html",
"description": "国际加密货币交易所Uniswap Labs宣布在新版交易协议Uniswap v4上线之前将启动自称“历史上最高的漏洞赏金”计划。",
"body": "<h2 id=\"h2-1\">全球动态</h2><h3 id=\"h3-1\">1. 英国医疗保健提供者遭网络攻击,服务大受影响</h3><p align=\"left\">一场重大的网络攻击扰乱了威勒尔大学教学医院WUTH的运营该医院隶属于NHS基金会信托导致预约和程序推迟。【外刊-<a href=\"https://cybersecuritynews.com/uk-healthcare-provi",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 14:54:24 +0800"
},
{
"title": "FreeBuf周报 | VPN正成为企业入侵的关键路径知名压缩工具7-Zip存在严重漏洞",
"link": "https://www.freebuf.com/articles/416526.html",
"description": "总结推荐本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!",
"body": "<p>各位 Buffer 周末好以下是本周「FreeBuf周报」我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具保证大家不错过本周的每一个重点<img style=\"border-width:0px;line-height:inherit;max-width:635px;height:auto;\" src=\"https://image.3001.net/images/202209",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 14:02:37 +0800"
},
{
"title": "渗透测试 | 入门必备的 JavaScript 基础知识",
"link": "https://www.freebuf.com/articles/web/416515.html",
"description": "了解如何格式化.js文件、设置断点以及动态更改脚本的逻辑在使用 Web 应用程序时非常有用。",
"body": "<h3 id=\"h3-1\">渗透测试入门必备的JS基础</h3><p>JavaScript 在几乎所有现代 Web 应用程序中都得到了广泛使用。了解如何格式化<code>.js</code>文件、设置断点以及动态更改脚本的逻辑,在使用 Web 应用程序时非常有用。</p><h2 id=\"h2-1\">1. 浏览器开发者工具概述</h2><p>首先,让我们导航到一个网站并查看应用程序的资源。在我们的示",
"category": "Web安全",
"pubDate": "Fri, 29 Nov 2024 13:22:42 +0800"
},
{
"title": "为抵御风险投资低迷,以色列加大网络安全市场投资",
"link": "https://www.freebuf.com/news/416501.html",
"description": "持续的投资表明,以色列仍然是美国硅谷之外最强大的科技创新中心之一。",
"body": "<p>尽管全球针对网络安全公司的投资在 2022 年底开始放缓,但以色列网络安全产业的强劲表现超出了当地预期和全球经济挑战,即便该国还面临加沙地区局势不断升温的背景。</p><p><img src=\"https://image.3001.net/images/20241129/1732851509_674937350dad0e86a3396.png!small\" width=\"690\" heigh",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 11:34:47 +0800"
},
{
"title": "Tor 需要 200 个新的 WebTunnel 桥来对抗审查",
"link": "https://www.freebuf.com/news/416499.html",
"description": "Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥以对抗政府审查。目前Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。Tor 项目认为,设置更多的 WebTunnel 网桥是对俄罗斯日益严格的审查",
"body": "<p>Tor 项目已向隐私社区发出紧急呼吁,要求志愿者在今年年底前帮助部署 200 个新的 WebTunnel 桥以对抗政府审查。目前Tor 项目运营着 143 个 WebTunnel 网桥,帮助严格审查地区的用户绕过互联网访问限制和网站封锁,目前影响了浏览器内置的审查规避机制,包括 obfs4 连接和Snowflake。</p><p>Tor 项目认为,设置更多的 WebTunnel 网桥是对",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 11:33:37 +0800"
},
{
"title": "知名工业WiFi接入点被曝存在20多个漏洞",
"link": "https://www.freebuf.com/news/416495.html",
"description": "Advantech工业级无线接入点设备被曝光存在近二十个安全漏洞部分漏洞可被恶意利用以绕过身份验证并执行高权限代码。",
"body": "<p>近期Advantech工业级无线接入点设备被曝光存在近二十个安全漏洞部分漏洞可被恶意利用以绕过身份验证并执行高权限代码。<img src=\"https://image.3001.net/images/20241129/1732851076_674935841806b8cad795e.png!small\" alt=\"\" /></p><p>网络安全公司Nozomi Networks在周三发布",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 11:26:58 +0800"
},
{
"title": "摄像头贴很有必要,黑客可不激活指示器而调用摄像头",
"link": "https://www.freebuf.com/news/416480.html",
"description": "通过刷新联想ThinkPad X230笔记本电脑上的摄像头固件可在摄像头本身激活的情况下独立控制其LED。",
"body": "<p>在你的笔记本电脑上贴上摄像头并不是一个愚蠢的想法。一位安全工程师发现通过刷新联想ThinkPad X230笔记本电脑上的摄像头固件可在摄像头本身激活的情况下独立控制其LED。换句话说可以在摄像头指示器不亮的情况下悄悄调用笔记本的摄像头。</p><p><img src=\"https://image.3001.net/images/20241129/1732849151_67492dff",
"category": "资讯",
"pubDate": "Fri, 29 Nov 2024 10:22:37 +0800"
},
{
"title": "内网代理篇 | 实验过程记录",
"link": "https://www.freebuf.com/articles/network/415550.html",
"description": "因为内网经常遇到不同网段跳板机为linux命令行无法可视化访问web的问题这是我们不想看到的所以做了一次内网代理实验的记录快速开展实验解决以上问题。",
"body": "<h1>内网多层代理实验记录</h1><p>本次简单搭建了一个环境做多层代理测试目的是解决内网渗透因为网段不同或者linux跳板无法访问web服务的情况。搭建了此环境环境比较简陋用kali的setoolkit钓鱼工具输搭建了个web。然后用ssh隧道将流量转给了节点3的windows至于为何不用kali当节点。是因为想同时写ssh隧道的教程和venom的教程。</p><p>节点1:kali",
"category": "网络安全",
"pubDate": "Fri, 29 Nov 2024 09:19:29 +0800"
},
{
"title": "MORF一款轻量级移动端网络安全侦查框架",
"link": "https://www.freebuf.com/sectool/416461.html",
"description": "MORF是一款功能强大、轻量级且独立于平台的移动端网络安全工具旨在帮助广大安全研究人员轻松识别和处理移动应用程序中的敏感信息。",
"body": "<h2 id=\"h2-1\">关于MORF</h2><p>MORF是一款功能强大、轻量级且独立于平台的移动端网络安全工具旨在帮助广大安全研究人员轻松识别和处理移动应用程序中的敏感信息。</p><p><img src=\"https://image.3001.net/images/20241128/1732804244_67487e9432a399da8fd7f.png!small\" width=\"6",
"category": "工具",
"pubDate": "Thu, 28 Nov 2024 22:33:27 +0800"
},
{
"title": "JavaSecLab 一款综合Java漏洞平台",
"link": "https://www.freebuf.com/sectool/416442.html",
"description": "JavaSecLab是一款综合型Java漏洞平台提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范等。",
"body": "<h2 id=\"h2-1\">项目介绍</h2><p>JavaSecLab是<strong>一款综合型Java漏洞平台</strong>提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范覆盖多种漏洞场景友好用户交互UI……<br /><img src=\"https://image.3001.net/images/20241128/1732785853_674836bd53c",
"category": "工具",
"pubDate": "Thu, 28 Nov 2024 17:30:55 +0800"
},
{
"title": "零时科技 || DCF 攻击事件分析",
"link": "https://www.freebuf.com/articles/blockchain-articles/416431.html",
"description": "我们监控到BNB Smart Chain上的一起攻击事件被攻击的项目为DCF本次攻击共造成约440,000 USD的损失。",
"body": "<p><img src=\"https://image.3001.net/images/20241128/1732779893_67481f759aeb648c2571f.jpg!small\" alt=\"\" width=\"690\" height=\"184\" /></p><h2 id=\"h2-1\"><strong>背景介绍</strong></h2><p>2024年11月25日我们监控到 BNB S",
"category": "区块链安全",
"pubDate": "Thu, 28 Nov 2024 15:49:35 +0800"
},
{
"title": "Bootkitty首个针对Linux的UEFI引导程序恶意软件",
"link": "https://www.freebuf.com/news/416423.html",
"description": "研究人员发现了首个专门针对Linux系统UEFI引导程序恶意软件。",
"body": "<p>研究人员发现了首个专门针对Linux系统UEFI引导程序恶意软件这标志着以前专注于Windows的隐蔽且难以清除的引导程序威胁发生了转变。</p><p>这款名为“Bootkitty”的Linux恶意软件是一个概念验证仅在某些Ubuntu版本和配置上有效而不是实际攻击中部署的完全成熟的威胁。引导程序恶意软件旨在感染计算机的启动过程在操作系统加载之前运行从而允许其在非常低的级别上控制系",
"category": "资讯",
"pubDate": "Thu, 28 Nov 2024 15:09:35 +0800"
},
{
"title": "索赔800万元字节跳动起诉篡改代码攻击模型的实习生",
"link": "https://www.freebuf.com/news/416403.html",
"description": "字节跳动公司近日正式就前实习生田柯宇篡改代码并攻击公司内部模型训练一案向北京市海淀区人民法院提起诉讼。",
"body": "<p>字节跳动公司近日正式就前实习生田柯宇篡改代码并攻击公司内部模型训练一案向北京市海淀区人民法院提起诉讼该案已被法院受理。字节跳动在诉讼中请求法院判令田柯宇赔偿公司侵权损失共计800万元人民币及合理支出2万元人民币并要求其公开赔礼道歉以维护公司的合法权益和声誉。</p><p>此案背景可追溯至字节跳动于11月5日发布的《企业纪律与职业道德委员会通报》该通报向公司全员披露了事件的详细情况。通",
"category": "资讯",
"pubDate": "Thu, 28 Nov 2024 14:08:40 +0800"
},
{
"title": "代码审计实战 | 若依 RuoYi4.6.0",
"link": "https://www.freebuf.com/articles/system/416395.html",
"description": "RuoYi 是一个 Java EE 企业级快速开发平台,内置模块如:部门管理、角色用户、菜单及按钮授权等。",
"body": "<h2 id=\"h2-1\">一.环境搭建</h2><p>RuoYi 是一个 Java EE 企业级快速开发平台基于经典技术组合Spring Boot、Apache Shiro、MyBatis、Thymeleaf、Bootstrap内置模块如部门管理、角色用户、菜单及按钮授权、数据权限、系统参数、日志管理、通知公告等。在线定时任务配置支持集群支持多数据源支持分布式事务。本次对此框架代",
"category": "系统安全",
"pubDate": "Thu, 28 Nov 2024 13:39:49 +0800"
},
{
"title": "FreeBuf早报 | 全球最大盗版IPTV网络被清剿ChatGPT可攻击Linux和Windows",
"link": "https://www.freebuf.com/news/416388.html",
"description": "研究人员展示了人工智能AI在增强道德黑客实践方面的巨大潜力特别是在Linux环境中。",
"body": "<h2 id=\"h2-1\">全球动态</h2><h3 id=\"h3-1\">1. ChatGPT在攻击Linux和Windows方面有巨大潜力</h3><p align=\"left\">研究人员展示了人工智能AI在增强道德黑客实践方面的巨大潜力特别是在Linux环境中。【外刊-<a href=\"https://cybersecuritynews.com/teaching-ai-to-hack/\"",
"category": "资讯",
"pubDate": "Thu, 28 Nov 2024 13:13:50 +0800"
},
{
"title": "微软或窃取你的Word、Excel文件以训练人工智能模型",
"link": "https://www.freebuf.com/news/416371.html",
"description": "微软在其生产力套件中的Connected Experiences选项已经引起了人们的恐慌有人指责默认设置可能会允许微软使用客户的Word和Excel文档及其他数据来训练AI模型。微软否认窃取个人文件的相关说法Windows相关方面强烈否认这些说法。一位发言人告诉The Register 杂志:“在 Microsoft 365的消费者和商业应用程序中微软不会在未经用户许可的情况下使用用户数据来训",
"body": "<p>微软在其生产力套件中的Connected Experiences选项已经引起了人们的恐慌有人指责默认设置可能会允许微软使用客户的Word和Excel文档及其他数据来训练AI模型。</p><p><b>微软否认窃取个人文件的相关说法</b></p><p>Windows相关方面强烈否认这些说法。一位发言人告诉The Register 杂志:“在 Microsoft 365的消费者和商业应用程序中",
"category": "资讯",
"pubDate": "Thu, 28 Nov 2024 11:32:43 +0800"
}
]

122
JSON/huawei.json Normal file
View File

@ -0,0 +1,122 @@
[
{
"title": "安全通告 - 华为全屋音乐系统路径穿越漏洞",
"pubDate": "2024-06-19T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-cn",
"description": null
},
{
"title": "安全通告 - 涉及部分华为家庭路由器的连接劫持漏洞",
"pubDate": "2024-06-19T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为部分家庭路由产品的连接劫持漏洞",
"pubDate": "2024-04-24T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为智能音箱部分产品的内存溢出漏洞",
"pubDate": "2024-04-17T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-samovishss-28e21e39-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为PC部分产品的内存缓冲区边界操作限制不当漏洞",
"pubDate": "2024-04-17T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为终端PC部分产品接口权限控制不当的漏洞",
"pubDate": "2024-04-17T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为终端PC部分产品异常条件检查不当的漏洞",
"pubDate": "2024-04-17T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-hppvticfuoec-8ffde288-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为终端PC部分产品对参数长度不一致的处理不当漏洞",
"pubDate": "2024-04-17T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为终端PC部分产品接口权限控制不当的漏洞",
"pubDate": "2024-04-17T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-voiiaciahpp-6376e0c7-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为终端智慧屏部分产品的身份认证绕过漏洞",
"pubDate": "2023-12-06T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-ibvishssp-4bf951d4-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为路由器产品的流量劫持漏洞",
"pubDate": "2023-05-17T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为某打印机产品的系统命令注入漏洞",
"pubDate": "2023-04-26T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-sciviahpp-6bcddec5-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为HiLink AI Life产品的身份认证绕过漏洞",
"pubDate": "2023-04-26T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为某打印机产品的对输入的错误解析类漏洞",
"pubDate": "2023-04-26T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-moivihp-2f201af9-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为某打印机产品的对输入的错误解析类漏洞",
"pubDate": "2023-04-26T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-moivihp-73cabdde-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为某音箱产品的越界写入漏洞",
"pubDate": "2023-03-01T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-oobwviatp-89e403d4-cn",
"description": null
},
{
"title": "关于E5573Cs-322产品存在拒绝服务漏洞的声明",
"pubDate": "2023-02-10T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-notices/2021/huawei-sn-20230210-01-dos-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为儿童智能手表Simba-AL00的身份认证绕过漏洞",
"pubDate": "2023-02-08T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-iabvithcswsa-c385b2dc-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为全屋智能某软件的不正确的权限分配漏洞",
"pubDate": "2023-02-01T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-ipavihwhis-1556afc2-cn",
"description": null
},
{
"title": "安全通告 - 涉及华为全屋智能某软件的不正确的权限分配漏洞",
"pubDate": "2023-02-01T00:00:00",
"link": "//www.huawei.com/cn/psirt/security-advisories/2023/huawei-sa-ipavihwhis-1afe7781-cn",
"description": "<p style=\"margin: 8pt -10.5pt 8pt 0cm;\"></p>"
}
]

72
JSON/qianxin.json Normal file
View File

@ -0,0 +1,72 @@
[
{
"guid": "https://forum.butian.net/share/3916",
"title": "HKCERT24 Rev bashed 和 MBTI Radar WP",
"description": "周末的时候打了hkcert24的比赛里面很多题目设置很有趣这里挑选其中rev方向的的bashed和MBTI Radar 记录一下wp",
"source": "subject",
"pubDate": "2024-12-02 10:05:50"
},
{
"guid": "https://forum.butian.net/share/3965",
"title": "【2024补天白帽城市沙龙-广州站】终端对抗的评估与验证实践",
"description": "演讲议题:终端对抗的评估与验证实践",
"source": "subject",
"pubDate": "2024-11-28 18:28:54"
},
{
"guid": "https://forum.butian.net/share/3964",
"title": "【2024补天白帽城市沙龙-广州站】蓝牙漏洞敞开大门:无需密码的致命安全隐患",
"description": "演讲议题:蓝牙漏洞敞开大门:无需密码的致命安全隐患",
"source": "subject",
"pubDate": "2024-11-28 18:21:29"
},
{
"guid": "https://forum.butian.net/share/3963",
"title": "【2024补天白帽城市沙龙-广州站】大模型Cos 与越狱框架探索",
"description": "演讲议题大模型Cos 与越狱框架探索",
"source": "subject",
"pubDate": "2024-11-28 18:19:30"
},
{
"guid": "https://forum.butian.net/share/3910",
"title": "XCTF分站赛SCTF2024Pwn方向题解",
"description": "本文详细记录了笔者做SCTF2024Pwn方向题目的过程希望对打Pwn的你有所启发",
"source": "subject",
"pubDate": "2024-11-28 09:33:40"
},
{
"guid": "https://forum.butian.net/share/3900",
"title": "ksmbd 条件竞争漏洞挖掘:思路与案例",
"description": "ksmbd 条件竞争漏洞挖掘:思路与案例\n本文介绍从代码审计的角度分析、挖掘条件竞争、UAF 漏洞思路,并以 ksmbd 为实例介绍审计的过程和几个经典漏洞案例。\n分析代码版本为linux-6.5.5\n相关漏...",
"source": "subject",
"pubDate": "2024-11-27 10:00:01"
},
{
"guid": "https://forum.butian.net/share/3915",
"title": "利用js挖掘漏洞",
"description": "在漏洞挖掘中通过对js的挖掘可发现诸多安全问题此文章主要记录学习如何利用JS测试以及加密参数逆向相关的漏洞挖掘。",
"source": "subject",
"pubDate": "2024-11-26 09:37:28"
},
{
"guid": "https://forum.butian.net/share/3899",
"title": "从rust堆看堆块伪造",
"description": "本文章详细分析了强网杯S8的chat_with_me这道题从rust堆看堆块伪造最后getshell",
"source": "subject",
"pubDate": "2024-11-22 10:00:02"
},
{
"guid": "https://forum.butian.net/share/3897",
"title": "go中栈溢出的总结",
"description": "本篇文章详细记录了自己复现强网杯S8中qroute这道题的过程并又做了一些CISCN中go的栈溢出相关题目记录了复现过程遇到的困难以及解决方法希望能对你学习go的栈溢出有所帮助",
"source": "subject",
"pubDate": "2024-11-21 09:00:00"
},
{
"guid": "https://forum.butian.net/share/3883",
"title": "Linux系统下反弹shell的理解",
"description": "之前研究过一段时间的反弹shell所以本文是我个人对反弹shell的理解当然本人才疏学浅如有啥错的地方各位师傅指出共同学习一起进步",
"source": "subject",
"pubDate": "2024-11-21 09:00:00"
}
]

62
JSON/sec_wiki.json Normal file
View File

@ -0,0 +1,62 @@
[
{
"title": "\nSecWiki News 2024-12-01 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-12-01",
"pubDate": "\nSun, 01 Dec 2024 23:58:20 +0800",
"description": "\n<a target='_blank' href='https://mp.weixin.qq.com/s/HKs2d7nqNb4--JElMxSX4A'>X信4.0聊天记录数据库文件解密分析</a> by ourren<br><br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-30 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-30",
"pubDate": "\nSat, 30 Nov 2024 23:58:20 +0800",
"description": "\n今日暂未更新资讯~<br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-29 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-29",
"pubDate": "\nFri, 29 Nov 2024 23:58:20 +0800",
"description": "\n今日暂未更新资讯~<br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-28 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-28",
"pubDate": "\nThu, 28 Nov 2024 23:58:20 +0800",
"description": "\n今日暂未更新资讯~<br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-27 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-27",
"pubDate": "\nWed, 27 Nov 2024 23:58:20 +0800",
"description": "\n<a target='_blank' href='https://mp.weixin.qq.com/s/ZpxvtGcl0zuZP_hGtwZWrA'>大模型供应链研究路线图</a> by ourren<br><br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-26 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-26",
"pubDate": "\nTue, 26 Nov 2024 23:58:20 +0800",
"description": "\n<a target='_blank' href='https://mp.weixin.qq.com/s/lnqPULgXcg4Nr0xxhOOUlw'>Botconf 2024 议题慢递</a> by Avenger<br><br><a target='_blank' href='https://blog.xlab.app/p/4db211d3/'>Chrome扩展攻击指南全局视角</a> by tmr<br><br><a target='_blank' href='https://blog.xlab.app/p/4db211d2/'>Chrome扩展攻击指南漏洞分析</a> by tmr<br><br><a target='_blank' href='https://blog.xlab.app/p/4db211d1/'>Chrome扩展攻击指南基础知识</a> by tmr<br><br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-25 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-25",
"pubDate": "\nMon, 25 Nov 2024 23:58:20 +0800",
"description": "\n今日暂未更新资讯~<br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-24 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-24",
"pubDate": "\nSun, 24 Nov 2024 23:58:20 +0800",
"description": "\n今日暂未更新资讯~<br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-23 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-23",
"pubDate": "\nSat, 23 Nov 2024 23:58:20 +0800",
"description": "\n<a target='_blank' href='https://paper.seebug.org/3240/'>APT-K-47 武器披露之 Asyncshell 的前世今生</a> by ourren<br><br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
},
{
"title": "\nSecWiki News 2024-11-22 Review",
"link": "\nhttp://www.sec-wiki.com/?2024-11-22",
"pubDate": "\nFri, 22 Nov 2024 23:58:20 +0800",
"description": "\n<a target='_blank' href='https://mp.weixin.qq.com/s/YhFmz1xpzH3cSXBUlTqm8w'>从何同学视频看开源协议的重要性</a> by 洞源实验室<br><br>更多最新文章,请访问<a href=http://www.sec-wiki.com/>SecWiki</a>\n"
}
]

122
JSON/seebug.json Normal file
View File

@ -0,0 +1,122 @@
[
{
"title": "Uncontrolled PCDN: Observation and Case Analysis of the Current State of PCDN Technology\n",
"link": "https://paper.seebug.org/3245/",
"description": "Author: Knownsec 404 Active Defense Team\nDate: November 22, 2024\n中文版https://paper.seebug.org/3242\nBackground Introduction\nIn October 2024, Knownsec 404 Active Defense Team detected abnormal traffi...\n",
"pubDate": "Mon, 02 Dec 2024 06:13:00 +0000",
"guid": "https://paper.seebug.org/3245/",
"category": "情报分析"
},
{
"title": "Android 恶意软件混淆与对抗技术专题\n",
"link": "https://paper.seebug.org/3244/",
"description": "作者启明星辰ADLab\n原文链接https://mp.weixin.qq.com/s/LIAkPLZ_vVOUGjFymdEH-w\n第一章 概 述\n近年来Android恶意软件数量不断攀升其采用的攻击和对抗技术也变得越来越复杂。为了对抗安全分析绕过安全检测窃取敏感数据或破坏系统安全恶意软件利用各种对抗技术来伪装和隐藏其恶意行为和代码逻辑。这些对抗技术中针对资源、文件、字节码指...\n",
"pubDate": "Wed, 27 Nov 2024 08:10:00 +0000",
"guid": "https://paper.seebug.org/3244/",
"category": "移动安全"
},
{
"title": "Prompt 越狱手册\n",
"link": "https://paper.seebug.org/3243/",
"description": "作者:洺熙\n本文为作者投稿Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱paper@seebug.org\n以下皆为作者洺熙个人观点或洺熙认同的看法本文一切也只用于技术交流切勿用于不法目的一切纷争与作者本人无关\n由于书写本文的时候是从0到1开始写的所以根据受益人群的不同可以自行选择对应目录进行观看同步开源至https://github.com/Acm...\n",
"pubDate": "Wed, 27 Nov 2024 03:32:00 +0000",
"guid": "https://paper.seebug.org/3243/",
"category": "AI安全"
},
{
"title": "失控的PCDN观察PCDN技术现状与案例分析\n",
"link": "https://paper.seebug.org/3242/",
"description": "作者知道创宇404积极防御实验室\n日期2024年11月22日\n背景介绍\n2024年10月知道创宇404积极防御实验室监测到某客户网站流量异常疑似遭到CC攻击。经过分析本次CC攻击疑似为PCDN厂商为了平衡上下行流量对客户网站视频文件进行的盗刷流量行为。\n在调查分析的过程中我们发现PCDN技术的发展正逐渐失控。为了深入研究我们对PCDN技术现状及其背后的产业链进行了调查和分析并...\n",
"pubDate": "Fri, 22 Nov 2024 12:38:00 +0000",
"guid": "https://paper.seebug.org/3242/",
"category": "情报分析"
},
{
"title": "APT-K-47 武器披露之 Asyncshell 的前世今生\n",
"link": "https://paper.seebug.org/3240/",
"description": "作者知道创宇404高级威胁情报团队\n日期2024年11月22日\nEnglish version: https://paper.seebug.org/3241/\n1. 事件背景\n近期知道创宇404高级威胁情报团队在日常跟踪APT过程中发现了APT-K-47组织利用“朝觐”话题发起的攻击活动攻击者利用CHM文件执行相同目录下的恶意载荷。最终载荷功能比较简单仅支持cmd shell且使...\n",
"pubDate": "Fri, 22 Nov 2024 05:22:00 +0000",
"guid": "https://paper.seebug.org/3240/",
"category": "威胁情报"
},
{
"title": "Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell\n",
"link": "https://paper.seebug.org/3241/",
"description": "AuthorKnownsec 404 Advanced Threat Intelligence team\ndateNovember 22, 2024\n中文版https://paper.seebug.org/3240\n1. Background of the incident\nRecently, in the course of daily APT tracking,the Knowns...\n",
"pubDate": "Fri, 22 Nov 2024 05:10:00 +0000",
"guid": "https://paper.seebug.org/3241/",
"category": "威胁情报"
},
{
"title": "使用 ZoomEye 增强新语法拓线 LockBit 3.0 勒索软件联盟基础设施\n",
"link": "https://paper.seebug.org/3238/",
"description": "作者知道创宇404实验室\n日期2024年11月21日\nEnglish version: https://paper.seebug.org/3239/\n一摘要\nLockBit 3.0 是一种知名的勒索软件由网络犯罪组织通过“勒索软件即服务”RaaS模式运作。LockBit 3.0勒索软件联盟是使用该恶意软件进行攻击的独立黑客,他们以分成方式合作。这些成员利用 LockBit 提供的...\n",
"pubDate": "Thu, 21 Nov 2024 02:19:00 +0000",
"guid": "https://paper.seebug.org/3238/",
"category": "专题报告"
},
{
"title": "Identify Infrastructure Linked To LockBit 3.0 Ransomware Affiliates By ZoomEye Enhanced New Syntax\n",
"link": "https://paper.seebug.org/3239/",
"description": "Author: Knownsec 404 team\nDate: November 20, 2024\n中文版https://paper.seebug.org/3238/\n1. Abstract\nLockBit 3.0 is a well-known ransomware operated through a &quot;Ransomware-as-a-Service&quot; (RaaS) model. Th...\n",
"pubDate": "Tue, 19 Nov 2024 03:20:00 +0000",
"guid": "https://paper.seebug.org/3239/",
"category": "404 English Paper"
},
{
"title": "CVE-2022-20474分析——LazyValue下的Self-changed Bundle\n",
"link": "https://paper.seebug.org/3237/",
"description": "作者Cxxsheng\n本文为作者投稿Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱paper@seebug.org\n前言\n温馨提示阅读本文前应当对Bundle Mismatch相关漏洞有初步了解以下参考资料假如您还没有读过建议先阅读一下\n\nBundle风水——Android序列化与反序列化不匹配漏洞详解经典的入门级别教程。\nAndroid 反序列化...\n",
"pubDate": "Fri, 15 Nov 2024 08:36:00 +0000",
"guid": "https://paper.seebug.org/3237/",
"category": "漏洞分析"
},
{
"title": "LedgerHQ 软件供应链安全事件\n",
"link": "https://paper.seebug.org/3236/",
"description": "作者:维一零\n原文链接https://weiyiling.cn/one/ledgerhq_npmjs_hijack_review\n0x00 前言\n写这篇的文章的原因如下\n1、 去年有及时关注到这起供应链攻击事件,但由于不熟悉区块链安全以及对关键代码的解密困难未能深入分析,就先收藏留存;\n2、 对区块链安全的兴趣日益加深,以及职业发展需求驱动下开始尝试学习储备相关知识技能;\n3、 最近突然...\n",
"pubDate": "Thu, 14 Nov 2024 04:21:00 +0000",
"guid": "https://paper.seebug.org/3236/",
"category": "区块链"
},
{
"title": "N1CTF24 PHP Master Writeup\n",
"link": "https://paper.seebug.org/3235/",
"description": "作者m4p1e\n原文链接https://m4p1e.com/2024/11/12/n1ctf24-php-master/\n0x01 介绍\n在刚刚过去的N1CTF24上我出了一道关于PHP的pwn题其中涉及到的漏洞[1]是真实存在的并且目前依然没有被修复。非常遗憾期待的PHP master并没有出现在这次的比赛中让我们期待下次的PHP rising star xd。在这篇文章中我...\n",
"pubDate": "Thu, 14 Nov 2024 02:12:00 +0000",
"guid": "https://paper.seebug.org/3235/",
"category": "CTF"
},
{
"title": "Vigor3900 固件仿真及漏洞分析(CVE-2024-44844、CVE-2024-44845)\n",
"link": "https://paper.seebug.org/3234/",
"description": "作者fan@知道创宇404实验室\n时间2024年11月13日\n1.前言\n我在日常跟踪漏洞情报的过程中看到 Vigor3900 最新版本固件 1.5.1.6 存在多处后台命令注入漏洞(CVE-2024-44844/CVE-2024-44845)[1]。正好最近看到几个固件仿真小工具,我打算一并试试效果。\n2.产品介绍\nVigor3900 是 DrayTek 推出的一款高性能、多功能的企业...\n",
"pubDate": "Wed, 13 Nov 2024 04:23:00 +0000",
"guid": "https://paper.seebug.org/3234/",
"category": "404专栏"
},
{
"title": "CodeQL 入门和基本使用\n",
"link": "https://paper.seebug.org/3233/",
"description": "作者0x7F@知道创宇404实验室\n日期2024年11月12日\n1.前言\nCodeQL 是 GitHub 推出的一种静态代码分析工具,用于查找和修复代码中的漏洞和安全问题。该工具最早由 Semmle 团队开发并命名为 Semmle QL应用于自家的源代码分析平台 LGTM(Looks Good To Me) 上2020年Github 收购了 Semmle 团队并成立了 Securi...\n",
"pubDate": "Tue, 12 Nov 2024 06:07:00 +0000",
"guid": "https://paper.seebug.org/3233/",
"category": "404专栏"
},
{
"title": "使用 ZoomEye 平台 进行 C2 资产拓线\n",
"link": "https://paper.seebug.org/3232/",
"description": "作者知道创宇404实验室\n时间2024年10月21日\n1 摘要\n本文基于推特社交平台上一则C2的IP地址及其相关文件信息以此作为线索使用ZoomEye网络空间搜索引擎 [1] 进行C2资产拓线发现更多属于该黑客组织的C2网络资产并针对这些C2服务器上的木马程序进行分析获取黑客组织的惯用攻击手法和独有特征。\n2 概述\n2024年9月8日推特社交平台上有一位安全研究员发布了一则C...\n",
"pubDate": "Mon, 21 Oct 2024 07:29:00 +0000",
"guid": "https://paper.seebug.org/3232/",
"category": "404专栏"
},
{
"title": "APT-Patchwork 组织测试 Badnews 新变种?\n",
"link": "https://paper.seebug.org/3231/",
"description": "作者知道创宇404高级威胁情报团队\n时间2024年9月30日\n1.分析概述\n近期知道创宇404高级威胁情报团队在分析过程中发现一个与Patchwork组织历史TTP极其相似的样本该样本使用Patchwork常用的donut加载执行最终的载荷。最终载荷与该组织已知的武器badnews在代码方面存在大量重合相比老版本的badnews具备以下特点\n1) 使用base64+Salsa2...\n",
"pubDate": "Mon, 30 Sep 2024 06:18:00 +0000",
"guid": "https://paper.seebug.org/3231/",
"category": "威胁情报"
}
]

1002
JSON/xianzhi.json Normal file
View File

File diff suppressed because it is too large Load Diff

97
SendBot.py Normal file
View File

@ -0,0 +1,97 @@
import requests
import json
import hashlib
import base64
import hmac
import time
import yaml
# # 官方提供用以验证签名的函数
# def gen_sign(timestamp, secret):
# # 拼接timestamp和secret
# string_to_sign = '{}\n{}'.format(timestamp, secret)
# hmac_code = hmac.new(string_to_sign.encode("utf-8"), digestmod=hashlib.sha256).digest()
# # 对结果进行base64处理
# sign = base64.b64encode(hmac_code).decode('utf-8')
# return sign
def gen_sign():
with open('./config.yaml', 'r') as file:
config = yaml.safe_load(file)
secret = f"{config['secret']}"
# print(secret)
webhook_url = f"https://open.feishu.cn/open-apis/bot/v2/hook/{config['key']}"
# print(webhook_url)
timestamp = int(time.time())
#拼接timestamp和secret
string_to_sign = '{}\n{}'.format(timestamp, secret)
hmac_code = hmac.new(string_to_sign.encode("utf-8"), digestmod=hashlib.sha256).digest()
# 对结果进行base64处理
sign = base64.b64encode(hmac_code).decode('utf-8')
return webhook_url, timestamp, sign
webhook_url, timestamp, sign = gen_sign()
# 主函数
def SendToFeishu(msg):
# WebHook请求头
headers = {
"Content-Type": "application/json",
}
msg_encode=json.dumps(msg,ensure_ascii=True).encode("utf-8")
response=requests.post(url=webhook_url,data=msg_encode,headers=headers)
try:
# 解析 JSON 字符串
response_data = json.loads(response.content)
# 检查 msg 字段
if response_data.get('msg') == 'success':
print("飞书发送成功")
elif response_data.get('msg') == 'sign match fail or timestamp is not within one hour from current time':
print("发送失败: 签名验证错误,请检查签名密钥是否正确!")
else:
print("发送失败: 其他错误,请检查请求参数是否正确!")
except json.JSONDecodeError as e:
print(f"JSON 解析错误: {e}")
# print(sign)
# print(response.content)
# 测试用消息体
test_msg = {
"timestamp": f"{timestamp}",
"sign": f"{sign}",
"msg_type": "interactive",
"card": {
"elements":
[{
"tag": "markdown",
"content": "请单件文档查看昨天讨论的方案相关飞书文档,注意作者为 <font color=red> **张三** <font> 版本为 \n*002* ,版本 ~~001~~ 已经删除。文件地址是 [https://www.feishu.cn](https://www.feishu.cn),打开次数:1次"
},
{
"actions":
[{
"tag": "button",
"text": {
"content": "点此访问原文",
"tag": "lark_md"
},
"url": "https://www.masonliu.com",
"type": "default",
"value": {}
}],
"tag": "action"
}],
"header": {
"title": {
"content": "网安资讯传递",
"tag": "plain_text"
}
}
}
}
if __name__ == '__main__':
SendToFeishu(test_msg)

BIN
__pycache__/SendBot.cpython-312.pyc Normal file
View File

Binary file not shown.

2
config.yaml Normal file
View File

@ -0,0 +1,2 @@
key: 22b68f21-def4-4bd5-96eb-71d78ee995f7
secret: 9gE9j1kT5bh9HvCyoPcIHc

BIN
media/__pycache__/common.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
media/__pycache__/freebuf.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
media/__pycache__/xianzhi.cpython-312.pyc Normal file
View File

Binary file not shown.

137
media/common.py Normal file
View File

@ -0,0 +1,137 @@
import os
import requests
import xml.etree.ElementTree as ET
import json
# 测试用爬虫请求头
headers = {
"Content-Type": "application/json",
"Cache-Control": "no-cache",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-User": "?1",
"Sec-Fetch-Dest": "document",
"Accept-Language": "zh-CN,zh;q=0.9"
}
def fetch_rss(url, headers):
response = requests.get(url, headers=headers)
response.raise_for_status() # 检查请求是否成功
return response.content
def parse_rss(rss_content):
items = []
root = ET.fromstring(rss_content)
for item in root.findall('.//item'):
item_dict = {}
for child in item:
item_dict[child.tag] = child.text
items.append(item_dict)
return items
def save_to_json(data, filename):
with open(filename, 'w', encoding='utf-8') as f:
json.dump(data, f, ensure_ascii=False, indent=4)
# seebug 爬虫
def seebug_main():
url = "https://paper.seebug.org/rss/"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/seebug.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/seebug.json')
print("数据已保存到./JSON/seebug.json")
# 4hou 爬虫
def M_4hou_main():
url = "https://www.4hou.com/feed"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/4hou.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/4hou.json')
print("数据已保存到./JSON/4hou.json")
# 安全客 爬虫
def anquanke_main():
url = "https://api.anquanke.com/data/v1/rss"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/anquanke.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/anquanke.json')
print("数据已保存到./JSON/anquanke.json")
# sec_wiki 爬虫
def sec_wiki_main():
url = "https://www.sec_wiki.com/news/rss"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/sec_wiki.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/sec_wiki.json')
print("数据已保存到./JSON/sec_wiki.json")
# 华为 爬虫
def huawei_main():
url = "https://www.huawei.com/cn/rss-feeds/psirt/rss"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/huawei.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/huawei.json')
print("数据已保存到./JSON/huawei.json")
# 洞见微信聚合爬虫
def doonsec_main():
url = "https://wechat.doonsec.com/bayes_rss.xml"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/doonsec.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/doonsec.json')
print("数据已保存到./JSON/doonsec.json")
# 奇安信 爬虫
def qianxin_main():
url = "https://forum.butian.net/Rss"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/qianxin.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/qianxin.json')
print("数据已保存到./JSON/qianxin.json")
def run():
# seebug_main()
# M_4hou_main()
# anquanke_main()
# sec_wiki_main()
huawei_main()
doonsec_main()
qianxin_main()

56
media/freebuf.py Normal file
View File

@ -0,0 +1,56 @@
import os
import requests
import xml.etree.ElementTree as ET
import json
# 测试用爬虫请求头
headers = {
"Content-Type": "application/json",
"Cache-Control": "no-cache",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-User": "?1",
"Sec-Fetch-Dest": "document",
"Accept-Language": "zh-CN,zh;q=0.9"
}
def fetch_rss(url, headers):
response = requests.get(url, headers=headers)
response.raise_for_status() # 检查请求是否成功
return response.content
def parse_rss(rss_content):
items = []
root = ET.fromstring(rss_content)
for item in root.findall('.//item'):
item_dict = {}
for child in item:
tag = child.tag
# 将一标签替换名称方便处理
if tag.startswith('{http://purl.org/rss/1.0/modules/content/}'):
tag = 'body'
item_dict[tag] = child.text
items.append(item_dict)
return items
def save_to_json(data, filename):
with open(filename, 'w', encoding='utf-8') as f:
json.dump(data, f, ensure_ascii=False, indent=4)
def freebuf_main():
url = "https://www.freebuf.com/feed"
rss_content = fetch_rss(url, headers)
items = parse_rss(rss_content)
# 确保目录存在
os.makedirs(os.path.dirname('./JSON/freebuf.json'), exist_ok=True)
# 将解析后的数据保存到 JSON 文件
save_to_json(items, './JSON/freebuf.json')
print("数据已保存到 ./JSON/freebuf.json")
if __name__ == '__main__':
freebuf_main()

54
media/xianzhi.py Normal file
View File

@ -0,0 +1,54 @@
import os
import requests
import xml.etree.ElementTree as ET
import xmltodict
import json
# 测试用爬虫请求头
headers = {
"Content-Type": "application/atom+xml; charset=utf-8",
"Cache-Control": "no-cache",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Accept-Language": "zh-CN,zh;q=0.9"
}
def fetch_rss(url, headers):
response = requests.get(url, headers=headers)
response.raise_for_status() # 检查请求是否成功
# print(response.content.decode('utf-8')) # 打印响应内容,确保获取的数据是正确的 XML 格式
return response.content
# 先知社区 爬虫
def xianzhi_main():
url = "https://xz.aliyun.com/feed"
rss_content = fetch_rss(url, headers)
# 将 XML 数据转换为 Python 字典
data = xmltodict.parse(rss_content)
# 提取所有的 <entry> 元素
entries = data['feed']['entry']
# 创建一个空列表来存储每个 <entry> 的 JSON 数据
entries_json = []
# 遍历每个 <entry> 元素,提取信息,并添加到列表中
for entry in entries:
entry_dict = {
'title': entry.get('title', ''),
'link': entry.get('link', {}).get('@href', ''), # 提取链接
'published': entry.get('published', ''),
'id': entry.get('id', ''),
'summary': entry.get('summary', '')
}
entries_json.append(entry_dict)
# 将 <entry> 元素的列表转换为 JSON 格式
json_data = json.dumps(entries_json, ensure_ascii=False, indent=4)
# 保存 JSON 数据到文件
with open('./JSON/xianzhi.json', 'w', encoding='utf-8') as json_file:
json_file.write(json_data)
print("数据已保存到./JSON/xianzhi.json")

3
requirements.txt Normal file
View File

@ -0,0 +1,3 @@
pyyaml
xmltodict
schedule