MasonLiu/github-cve-monitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
MasonLiu 2024-11-29 16:00:23 +08:00
parent 570b0645f8
commit a4899b9571
4 changed files with 69 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
LICENSE
View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2022 yhy
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

14
README.md
View File

@ -1,10 +1,8 @@
# github-cve-monitor
![github-cve-monitor](https://socialify.git.ci/yhy0/github-cve-monitor/image?description=1&forks=1&issues=1&language=1&name=1&owner=1&pattern=Floating%20Cogs&pulls=1&stargazers=1&theme=Light)
## 实时监控github上新增的cve和安全工具更新多渠道推送通知
每3分钟检测一次github是否有新的cve漏洞提交或者安全工具更新记录若有则通过配置的渠道通知用户
每30分钟检测一次github是否有新的cve漏洞提交或者安全工具更新记录若有则通过配置的渠道通知用户
时间间隔修改在 467 行
@ -33,12 +31,4 @@ screen -r github_cve
<img src="images/image-20211118145021974.png" />
# 鸣谢
[洛米唯熊](https://my.oschina.net/u/4581868/blog/4380482)
[kiang70](https://github.com/kiang70/Github-Monitor)
感谢 [JetBrains](https://www.jetbrains.com/?from=github-cve-monitor) 提供的一系列好用的 IDE 和对本项目的支持。
![JetBrains Logo (Main) logo](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)
代码改良源https://github.com/yhy0/github-cve-monitor

66
github_cve_monitor.py
View File

@ -1,13 +1,15 @@
#!/usr/bin/python3
# -*- coding:utf-8 -*-
# @Author : yhy&ddm&w4ter
# @SecAuthor : MasonLiu
# 每3分钟检测一次githu
# 每30分钟检测一次github(可适当提高速率30分钟为个人设置防github反爬机制)
# 是否有新的cve漏洞提交记录若有则通过server酱和钉钉机器人推送,飞书捷径推送(二者配置一个即可)
# 建议使用screen命令运行在自己的linux vps后台上就可以愉快的接收各种cve了
# https://my.oschina.net/u/4581868/blog/4380482
# https://github.com/kiang70/Github-Monitor
import json
from bs4 import BeautifulSoup
from collections import OrderedDict
import requests, time, re
import dingtalkchatbot.chatbot as cb
@ -127,7 +129,7 @@ def getNews():
if pushed_at == str(today_date):
today_cve_info_tmp.append({"cve_name": cve_name, "cve_url": cve_url, "pushed_at": pushed_at})
else:
print("[-] {}的更新时间为{}, 不属于今天的CVE".format(cve_name, pushed_at))
print("[-] {}的更新时间为{}, 不属于今天的CVE".format(cve_name, pushed_at))
except Exception as e:
pass
else:
@ -173,7 +175,7 @@ def getKeywordNews(keyword):
today_keyword_info_tmp.append({"keyword_name": keyword_name, "keyword_url": keyword_url, "pushed_at": pushed_at})
print("[+] keyword: {} ,{}".format(keyword, keyword_name))
else:
print("[-] keyword: {} ,{}的更新时间为{}, 不属于今天".format(keyword, keyword_name, pushed_at))
print("[-] keyword: {} ,{}的更新时间为{}, 非今日更新".format(keyword, keyword_name, pushed_at))
except Exception as e:
pass
else:
@ -232,10 +234,10 @@ def get_today_keyword_info(today_keyword_info_data):
pass
Verify = query_keyword_info_database(today_keyword_name)
if Verify == 0:
print("[+] 数据库不存在{}".format(today_keyword_name))
print("[+] 数据库不存在{}".format(today_keyword_name))
today_all_keyword_info.append(today_keyword_info_data[i])
else:
print("[-] 数据库存在{}".format(today_keyword_name))
print("[-] 数据库存在{}".format(today_keyword_name))
except Exception as e:
pass
return today_all_keyword_info
@ -255,6 +257,7 @@ def cve_insert_into_sqlite3(data):
pass
conn.commit()
conn.close()
#查询数据库里是否存在该CVE的方法
def query_cve_info_database(cve_name):
conn = sqlite3.connect('data.db')
@ -262,6 +265,7 @@ def query_cve_info_database(cve_name):
sql_grammar = "SELECT cve_name FROM cve_monitor WHERE cve_name = '{}';".format(cve_name)
cursor = cur.execute(sql_grammar)
return len(list(cursor))
#查询数据库里是否存在该tools工具名字的方法
def query_tools_info_database(tools_name):
conn = sqlite3.connect('data.db')
@ -269,6 +273,7 @@ def query_tools_info_database(tools_name):
sql_grammar = "SELECT tools_name FROM redteam_tools_monitor WHERE tools_name = '{}';".format(tools_name)
cursor = cur.execute(sql_grammar)
return len(list(cursor))
#获取不存在数据库里的CVE信息
def get_today_cve_info(today_cve_info_data):
today_all_cve_info = []
@ -279,13 +284,14 @@ def get_today_cve_info(today_cve_info_data):
if exist_cve(today_cve_name) == 1:
Verify = query_cve_info_database(today_cve_name.upper())
if Verify == 0:
print("[+] 数据库不存在{}".format(today_cve_name.upper()))
print("[+] 数据库不存在{}".format(today_cve_name.upper()))
today_all_cve_info.append(today_cve_info_data[i])
else:
print("[-] 数据库存在{}".format(today_cve_name.upper()))
print("[-] 数据库存在{}".format(today_cve_name.upper()))
except Exception as e:
pass
return today_all_cve_info
#获取红队工具信息插入到数据库
def tools_insert_into_sqlite3(data):
conn = sqlite3.connect('data.db')
@ -301,11 +307,13 @@ def tools_insert_into_sqlite3(data):
print("[-] 红队工具表数据库里存在{}".format(data[i]['tools_name']))
conn.commit()
conn.close()
#读取本地红队工具链接文件转换成list
def load_tools_list():
with open('tools_list.yaml', 'r', encoding='utf-8') as f:
list = yaml.load(f,Loader=yaml.FullLoader)
return list['tools_list'], list['keyword_list'], list['user_list']
#获取红队工具的名称,更新时间,版本名称信息
def get_pushed_at_time(tools_list):
tools_info_list = []
@ -339,6 +347,7 @@ def tools_query_sqlite3(tools_name):
conn.close()
print("[###########] tools_query_sqlite3 函数内 result_list 的值 为 - > {}".format(result_list))
return result_list
#获取更新了的红队工具在数据库里面的时间和版本
def get_tools_update_list(data):
tools_update_list = []
@ -531,7 +540,7 @@ def translate(word):
'keyfrom': 'fanyi.web',
'action': 'FY_BY_CLICKBUTTION',
}
url = 'http://fanyi.youdao.com/translate_o?smartresult=dict&smartresult=rule'
url = 'http://fanyi.youdao.com/translate?smartresult=dict&smartresult=rule'
header = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36',
'Referer': 'http://fanyi.youdao.com/',
@ -609,10 +618,38 @@ def get_cve_des_zh(cve):
return des, cve_time
except Exception as e:
pass
# 获取github 描述
def get_des(url):
try:
# 发送HTTP请求获取网页内容
response = requests.get(url, headers=github_headers, timeout=10)
response.raise_for_status() # 检查请求是否成功
# 解析HTML内容
soup = BeautifulSoup(response.text, 'html.parser')
# 查找class为'f4 my-3'的p标签
p_tag = soup.find('p', class_='f4 my-3')
if p_tag:
# 获取文本并去除首尾空白
content = p_tag.get_text(strip=True)
if content.startswith('"') and content.endswith('"'):
content = content[1:-1] # 去掉首尾的双引号
return content
else:
print("标签未找到")
return None
except requests.RequestException as e:
print(f"Error fetching the URL: {e}")
return None
#发送CVE信息到社交工具
def sendNews(data):
try:
text = '有新的CVE送达! \r\n** 请自行分辨是否为红队钓鱼!!! **'
text = '程序发现新CVE上传!请注意辨别是否为恶意钓鱼行为! \r\n'
# 获取 cve 名字 根据cve 名字,获取描述,并翻译
for i in range(len(data)):
try:
@ -642,12 +679,13 @@ def sendNews(data):
#发送信息到社交工具
def sendKeywordNews(keyword, data):
try:
text = '有新的关键字监控 - {} - 送达! \r\n** 请自行分辨是否为红队钓鱼!!! **'.format(keyword)
text = '发现新文件,请注意辨别钓鱼行为。关键词:{} \r\n'.format(keyword)
# 获取 cve 名字 根据cve 名字,获取描述,并翻译
for i in range(len(data)):
try:
des = get_des(data[i]['keyword_url'])
keyword_name = data[i]['keyword_name']
body = "项目名称: " + keyword_name + "\r\n" + "Github地址: " + str(data[i]['keyword_url']) + "\r\n"
body = "项目名称: " + keyword_name + "\r\n" + "Github地址: " + str(data[i]['keyword_url']) + "\r\n" + "描述: " + "\r\n" + des
if load_config()[0] == "dingding":
dingding(text, body, load_config()[2], load_config()[3])
print("钉钉 发送 CVE 成功")
@ -699,7 +737,7 @@ if __name__ == '__main__':
print("\r\n\t\t 关键字监控 \t\t\r\n")
# 关键字监控 , 最好不要太多关键字,防止 github 次要速率限制 https://docs.github.com/en/rest/overview/resources-in-the-rest-api#secondary-rate-limits=
for keyword in keyword_list:
time.sleep(1) # 每个关键字停 1s ,防止关键字过多导致速率限制
time.sleep(10) # 每个关键字停 10 s ,防止关键字过多导致速率限制
keyword_data = getKeywordNews(keyword)
if len(keyword_data) > 0:
@ -709,10 +747,10 @@ if __name__ == '__main__':
keyword_insert_into_sqlite3(today_keyword_data)
print("\r\n\t\t 红队工具监控 \t\t\r\n")
time.sleep(5*60)
time.sleep(30*60)
tools_list_new, keyword_list, user_list = load_tools_list()
data2 = get_pushed_at_time(tools_list_new) # 再次从文件中获取工具列表,并从 github 获取相关信息,
data3 = get_tools_update_list(data2) # 与 3 分钟前数据进行对比,如果在三分钟内有新增工具清单或者工具有更新则通知一下用户
data3 = get_tools_update_list(data2) # 与 30 分钟前数据进行对比如果在30分钟内有新增工具清单或者工具有更新则通知一下用户
for i in range(len(data3)):
try:
send_body(data3[i]['api_url'],data3[i]['pushed_at'],data3[i]['tag_name'])

17
tools_list.yaml
View File

@ -12,12 +12,25 @@ tools_list:
- https://api.github.com/repos/shadow1ng/fscan
- https://api.github.com/repos/SafeGroceryStore/MDUT
- https://api.github.com/repos/EdgeSecurityTeam/Vulnerability
- https://api.github.com/repos/wy876/POC
- https://api.github.com/Vme18000yuan/FreePOC
keyword_list:
- Sql注入
- sql注入
- cnvd
- 未授权
- 漏洞POC
- RCE
- 渗透测试
- 反序列化
- 攻防
- webshell
- 红队
- redteam
- 信息收集
- 绕过
- bypass av
user_list:
- yhy0
- su18