From a4899b9571a189e6b37db53fbcd89750cba35179 Mon Sep 17 00:00:00 2001 From: MasonLiu <2857911564@qq.com> Date: Fri, 29 Nov 2024 16:00:23 +0800 Subject: [PATCH] update --- LICENSE | 21 -------------- README.md | 14 ++------- github_cve_monitor.py | 66 ++++++++++++++++++++++++++++++++++--------- tools_list.yaml | 17 +++++++++-- 4 files changed, 69 insertions(+), 49 deletions(-) delete mode 100644 LICENSE diff --git a/LICENSE b/LICENSE deleted file mode 100644 index a2fbdf1..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2022 yhy - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md index b7f502a..89849ef 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,8 @@ # github-cve-monitor -![github-cve-monitor](https://socialify.git.ci/yhy0/github-cve-monitor/image?description=1&forks=1&issues=1&language=1&name=1&owner=1&pattern=Floating%20Cogs&pulls=1&stargazers=1&theme=Light) - ## 实时监控github上新增的cve和安全工具更新,多渠道推送通知 -每3分钟检测一次github是否有新的cve漏洞提交或者安全工具更新记录,若有则通过配置的渠道通知用户 +每30分钟检测一次github是否有新的cve漏洞提交或者安全工具更新记录,若有则通过配置的渠道通知用户 时间间隔修改在 467 行 @@ -33,12 +31,4 @@ screen -r github_cve -# 鸣谢 - - [洛米唯熊](https://my.oschina.net/u/4581868/blog/4380482) - - [kiang70](https://github.com/kiang70/Github-Monitor) - - 感谢 [JetBrains](https://www.jetbrains.com/?from=github-cve-monitor) 提供的一系列好用的 IDE 和对本项目的支持。 - -![JetBrains Logo (Main) logo](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg) +代码改良源:https://github.com/yhy0/github-cve-monitor \ No newline at end of file diff --git a/github_cve_monitor.py b/github_cve_monitor.py index f4f35c9..4f437ad 100644 --- a/github_cve_monitor.py +++ b/github_cve_monitor.py @@ -1,13 +1,15 @@ #!/usr/bin/python3 # -*- coding:utf-8 -*- # @Author : yhy&ddm&w4ter +# @SecAuthor : MasonLiu -# 每3分钟检测一次githu +# 每30分钟检测一次github(可适当提高速率,30分钟为个人设置防github反爬机制) # 是否有新的cve漏洞提交记录,若有则通过server酱和钉钉机器人推送,飞书捷径推送(二者配置一个即可) # 建议使用screen命令运行在自己的linux vps后台上,就可以愉快的接收各种cve了 # https://my.oschina.net/u/4581868/blog/4380482 # https://github.com/kiang70/Github-Monitor import json +from bs4 import BeautifulSoup from collections import OrderedDict import requests, time, re import dingtalkchatbot.chatbot as cb @@ -127,7 +129,7 @@ def getNews(): if pushed_at == str(today_date): today_cve_info_tmp.append({"cve_name": cve_name, "cve_url": cve_url, "pushed_at": pushed_at}) else: - print("[-] 该{}的更新时间为{}, 不属于今天的CVE".format(cve_name, pushed_at)) + print("[-] {}的更新时间为{}, 不属于今天的CVE".format(cve_name, pushed_at)) except Exception as e: pass else: @@ -173,7 +175,7 @@ def getKeywordNews(keyword): today_keyword_info_tmp.append({"keyword_name": keyword_name, "keyword_url": keyword_url, "pushed_at": pushed_at}) print("[+] keyword: {} ,{}".format(keyword, keyword_name)) else: - print("[-] keyword: {} ,该{}的更新时间为{}, 不属于今天".format(keyword, keyword_name, pushed_at)) + print("[-] keyword: {} ,{}的更新时间为{}, 非今日更新".format(keyword, keyword_name, pushed_at)) except Exception as e: pass else: @@ -232,10 +234,10 @@ def get_today_keyword_info(today_keyword_info_data): pass Verify = query_keyword_info_database(today_keyword_name) if Verify == 0: - print("[+] 数据库里不存在{}".format(today_keyword_name)) + print("[+] 数据库中不存在{}".format(today_keyword_name)) today_all_keyword_info.append(today_keyword_info_data[i]) else: - print("[-] 数据库里存在{}".format(today_keyword_name)) + print("[-] 数据库中存在{}".format(today_keyword_name)) except Exception as e: pass return today_all_keyword_info @@ -255,6 +257,7 @@ def cve_insert_into_sqlite3(data): pass conn.commit() conn.close() + #查询数据库里是否存在该CVE的方法 def query_cve_info_database(cve_name): conn = sqlite3.connect('data.db') @@ -262,6 +265,7 @@ def query_cve_info_database(cve_name): sql_grammar = "SELECT cve_name FROM cve_monitor WHERE cve_name = '{}';".format(cve_name) cursor = cur.execute(sql_grammar) return len(list(cursor)) + #查询数据库里是否存在该tools工具名字的方法 def query_tools_info_database(tools_name): conn = sqlite3.connect('data.db') @@ -269,6 +273,7 @@ def query_tools_info_database(tools_name): sql_grammar = "SELECT tools_name FROM redteam_tools_monitor WHERE tools_name = '{}';".format(tools_name) cursor = cur.execute(sql_grammar) return len(list(cursor)) + #获取不存在数据库里的CVE信息 def get_today_cve_info(today_cve_info_data): today_all_cve_info = [] @@ -279,13 +284,14 @@ def get_today_cve_info(today_cve_info_data): if exist_cve(today_cve_name) == 1: Verify = query_cve_info_database(today_cve_name.upper()) if Verify == 0: - print("[+] 数据库里不存在{}".format(today_cve_name.upper())) + print("[+] 数据库中不存在{}".format(today_cve_name.upper())) today_all_cve_info.append(today_cve_info_data[i]) else: - print("[-] 数据库里存在{}".format(today_cve_name.upper())) + print("[-] 数据库中存在{}".format(today_cve_name.upper())) except Exception as e: pass return today_all_cve_info + #获取红队工具信息插入到数据库 def tools_insert_into_sqlite3(data): conn = sqlite3.connect('data.db') @@ -301,11 +307,13 @@ def tools_insert_into_sqlite3(data): print("[-] 红队工具表数据库里存在{}".format(data[i]['tools_name'])) conn.commit() conn.close() + #读取本地红队工具链接文件转换成list def load_tools_list(): with open('tools_list.yaml', 'r', encoding='utf-8') as f: list = yaml.load(f,Loader=yaml.FullLoader) return list['tools_list'], list['keyword_list'], list['user_list'] + #获取红队工具的名称,更新时间,版本名称信息 def get_pushed_at_time(tools_list): tools_info_list = [] @@ -339,6 +347,7 @@ def tools_query_sqlite3(tools_name): conn.close() print("[###########] tools_query_sqlite3 函数内 result_list 的值 为 - > {}".format(result_list)) return result_list + #获取更新了的红队工具在数据库里面的时间和版本 def get_tools_update_list(data): tools_update_list = [] @@ -531,7 +540,7 @@ def translate(word): 'keyfrom': 'fanyi.web', 'action': 'FY_BY_CLICKBUTTION', } - url = 'http://fanyi.youdao.com/translate_o?smartresult=dict&smartresult=rule' + url = 'http://fanyi.youdao.com/translate?smartresult=dict&smartresult=rule' header = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36', 'Referer': 'http://fanyi.youdao.com/', @@ -609,10 +618,38 @@ def get_cve_des_zh(cve): return des, cve_time except Exception as e: pass + +# 获取github 描述 +def get_des(url): + try: + # 发送HTTP请求获取网页内容 + response = requests.get(url, headers=github_headers, timeout=10) + response.raise_for_status() # 检查请求是否成功 + + # 解析HTML内容 + soup = BeautifulSoup(response.text, 'html.parser') + + # 查找class为'f4 my-3'的p标签 + p_tag = soup.find('p', class_='f4 my-3') + + if p_tag: + # 获取文本并去除首尾空白 + content = p_tag.get_text(strip=True) + if content.startswith('"') and content.endswith('"'): + content = content[1:-1] # 去掉首尾的双引号 + return content + else: + print("标签未找到") + return None + + except requests.RequestException as e: + print(f"Error fetching the URL: {e}") + return None + #发送CVE信息到社交工具 def sendNews(data): try: - text = '有新的CVE送达! \r\n** 请自行分辨是否为红队钓鱼!!! **' + text = '程序发现新CVE上传!请注意辨别是否为恶意钓鱼行为! \r\n' # 获取 cve 名字 ,根据cve 名字,获取描述,并翻译 for i in range(len(data)): try: @@ -642,12 +679,13 @@ def sendNews(data): #发送信息到社交工具 def sendKeywordNews(keyword, data): try: - text = '有新的关键字监控 - {} - 送达! \r\n** 请自行分辨是否为红队钓鱼!!! **'.format(keyword) + text = '发现新文件,请注意辨别钓鱼行为。关键词:{} \r\n'.format(keyword) # 获取 cve 名字 ,根据cve 名字,获取描述,并翻译 for i in range(len(data)): try: + des = get_des(data[i]['keyword_url']) keyword_name = data[i]['keyword_name'] - body = "项目名称: " + keyword_name + "\r\n" + "Github地址: " + str(data[i]['keyword_url']) + "\r\n" + body = "项目名称: " + keyword_name + "\r\n" + "Github地址: " + str(data[i]['keyword_url']) + "\r\n" + "描述: " + "\r\n" + des if load_config()[0] == "dingding": dingding(text, body, load_config()[2], load_config()[3]) print("钉钉 发送 CVE 成功") @@ -699,7 +737,7 @@ if __name__ == '__main__': print("\r\n\t\t 关键字监控 \t\t\r\n") # 关键字监控 , 最好不要太多关键字,防止 github 次要速率限制 https://docs.github.com/en/rest/overview/resources-in-the-rest-api#secondary-rate-limits= for keyword in keyword_list: - time.sleep(1) # 每个关键字停 1s ,防止关键字过多导致速率限制 + time.sleep(10) # 每个关键字停 10 s ,防止关键字过多导致速率限制 keyword_data = getKeywordNews(keyword) if len(keyword_data) > 0: @@ -709,10 +747,10 @@ if __name__ == '__main__': keyword_insert_into_sqlite3(today_keyword_data) print("\r\n\t\t 红队工具监控 \t\t\r\n") - time.sleep(5*60) + time.sleep(30*60) tools_list_new, keyword_list, user_list = load_tools_list() data2 = get_pushed_at_time(tools_list_new) # 再次从文件中获取工具列表,并从 github 获取相关信息, - data3 = get_tools_update_list(data2) # 与 3 分钟前数据进行对比,如果在三分钟内有新增工具清单或者工具有更新则通知一下用户 + data3 = get_tools_update_list(data2) # 与 30 分钟前数据进行对比,如果在30分钟内有新增工具清单或者工具有更新则通知一下用户 for i in range(len(data3)): try: send_body(data3[i]['api_url'],data3[i]['pushed_at'],data3[i]['tag_name']) diff --git a/tools_list.yaml b/tools_list.yaml index 37962f4..cf1d32f 100644 --- a/tools_list.yaml +++ b/tools_list.yaml @@ -12,12 +12,25 @@ tools_list: - https://api.github.com/repos/shadow1ng/fscan - https://api.github.com/repos/SafeGroceryStore/MDUT - https://api.github.com/repos/EdgeSecurityTeam/Vulnerability + - https://api.github.com/repos/wy876/POC + - https://api.github.com/Vme18000yuan/FreePOC keyword_list: - - Sql注入 + - sql注入 - cnvd - 未授权 - + - 漏洞POC + - RCE + - 渗透测试 + - 反序列化 + - 攻防 + - webshell + - 红队 + - redteam + - 信息收集 + - 绕过 + - bypass av + user_list: - yhy0 - su18