feat 增加配置文件
This commit is contained in:
parent
f6d317a73e
commit
b24ef08d64
16
config.yaml
Normal file
16
config.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
all_config:
|
||||
github_token: xxxxxx
|
||||
dingding:
|
||||
- enable:1
|
||||
- webhook:xxxxxxx
|
||||
- secretKey:xxxxxxx
|
||||
- app_name:dingding
|
||||
server:
|
||||
- enable:0
|
||||
- sckey:123123
|
||||
- app_name:server
|
||||
tgbot:
|
||||
- enable:0
|
||||
- token:123
|
||||
- group_id:123
|
||||
- app_name:tgbot
|
@ -16,10 +16,12 @@ import hashlib
|
||||
import yaml
|
||||
from lxml import etree
|
||||
import sqlite3
|
||||
|
||||
import logging
|
||||
|
||||
today_cve_info_tmp = []
|
||||
tools_update_list = []
|
||||
logging.basicConfig(level=logging.DEBUG, filename='run_info.log')
|
||||
|
||||
#读取配置文件
|
||||
def load_config():
|
||||
with open('config.yaml', 'r') as f:
|
||||
@ -41,15 +43,18 @@ def load_config():
|
||||
return app_name,github_token,tgbot_token,tgbot_group_id
|
||||
elif int(config['all_config']['tgbot'][0].split(":")[1]) == 0 and int(config['all_config']['server'][0].split(":")[1]) == 0 and int(config['all_config']['dingding'][0].split(":")[1]) == 0:
|
||||
print("[-] 配置文件有误,三个社交软件的enable不能为0")
|
||||
logging.error("[-] 配置文件有误,三个社交软件的enable不能为0")
|
||||
|
||||
github_headers = {
|
||||
'Authorization': "token {}".format(load_config()[1]) # 替换自己的github token https://github.com/settings/tokens/new
|
||||
}
|
||||
|
||||
|
||||
#初始化创建数据库
|
||||
def create_database():
|
||||
conn = sqlite3.connect('data.db')
|
||||
print("create_database 函数 连接数据库成功!")
|
||||
logging.info("create_database 函数 连接数据库成功!")
|
||||
cur = conn.cursor()
|
||||
try:
|
||||
cur.execute('''CREATE TABLE IF NOT EXISTS cve_monitor
|
||||
@ -57,15 +62,24 @@ def create_database():
|
||||
pushed_at varchar(255),
|
||||
cve_url varchar(255));''')
|
||||
print("成功创建CVE监控表")
|
||||
logging.info('成功创建CVE监控表')
|
||||
cur.execute('''CREATE TABLE IF NOT EXISTS redteam_tools_monitor
|
||||
(tools_name varchar(255),
|
||||
pushed_at varchar(255),
|
||||
tag_name varchar(255));''')
|
||||
print("成功创建红队工具监控表")
|
||||
logging.info('成功创建红队工具监控表')
|
||||
except Exception as e:
|
||||
print("创建cve监控表失败!报错:{}".format(e))
|
||||
logging.error("创建cve监控表失败!报错:{}".format(e))
|
||||
conn.commit() # 数据库存储在硬盘上需要commit 存储在内存中的数据库不需要
|
||||
conn.close()
|
||||
if load_config()[0] == "dingding":
|
||||
dingding("test", "连接成功", load_config()[2], load_config()[3])
|
||||
elif load_config()[0] == "server":
|
||||
server("test", "连接成功", load_config()[2])
|
||||
elif load_config()[0] == "tgbot":
|
||||
tgbot("test", "连接成功", load_config()[2], load_config()[3])
|
||||
# 根据排序获取本年前20条CVE
|
||||
def getNews():
|
||||
try:
|
||||
@ -84,7 +98,9 @@ def getNews():
|
||||
# today_cve_info_tmp.append({"cve_name": cve_name, "cve_url": cve_url, "pushed_at": pushed_at})
|
||||
if pushed_at == str(today_date):
|
||||
today_cve_info_tmp.append({"cve_name":cve_name,"cve_url":cve_url,"pushed_at":pushed_at})
|
||||
# print(today_cve_info)
|
||||
else:
|
||||
print("该{}的更新时间为{},不属于今天的CVE".format(cve_name,pushed_at))
|
||||
logging.info("该{}的更新时间为{},不属于今天的CVE".format(cve_name,pushed_at))
|
||||
today_cve_info = OrderedDict()
|
||||
for item in today_cve_info_tmp:
|
||||
today_cve_info.setdefault(item['cve_name'], {**item, })
|
||||
@ -96,20 +112,23 @@ def getNews():
|
||||
|
||||
except Exception as e:
|
||||
print(e, "github链接不通")
|
||||
logging.error(e, "github链接不通")
|
||||
return '', '', ''
|
||||
#获取到的CVE信息插入到数据库
|
||||
def cve_insert_into_sqlite3(data):
|
||||
conn = sqlite3.connect('data.db')
|
||||
print("cve_insert_into_sqlite3 函数 打开数据库成功!")
|
||||
logging.info("cve_insert_into_sqlite3 函数 打开数据库成功!")
|
||||
cur = conn.cursor()
|
||||
for i in range(len(data)):
|
||||
try:
|
||||
cve_name = re.findall('(cve\-\d+\-\d+)', data[i]['cve_name'])[0].upper()
|
||||
cur.execute("INSERT INTO cve_monitor (cve_name,pushed_at,cve_url) VALUES ('{}', '{}', '{}')".format(cve_name, data[i]['pushed_at'], data[i]['cve_url']))
|
||||
print("cve_insert_into_sqlite3 函数: {}插入数据成功!".format(cve_name))
|
||||
logging.info("cve_insert_into_sqlite3 函数: {}插入数据成功!".format(cve_name))
|
||||
except Exception as e:
|
||||
pass
|
||||
conn.commit()
|
||||
print("cve_insert_into_sqlite3 函数 插入数据成功!")
|
||||
conn.close()
|
||||
#查询数据库里是否存在该CVE的方法
|
||||
def query_cve_info_database(cve_name):
|
||||
@ -127,19 +146,23 @@ def get_today_cve_info(today_cve_info_data):
|
||||
Verify = query_cve_info_database(today_cve_name.upper())
|
||||
if Verify == 0:
|
||||
print("[+] 数据库里不存在{}".format(today_cve_name.upper()))
|
||||
logging.info("[+] 数据库里不存在{}".format(today_cve_name.upper()))
|
||||
today_all_cve_info.append(today_cve_info_data[i])
|
||||
else:
|
||||
print("[-] 数据库里存在{}".format(today_cve_name.upper()))
|
||||
logging.info("[-] 数据库里存在{}".format(today_cve_name.upper()))
|
||||
return today_all_cve_info
|
||||
#获取红队工具信息插入到数据库
|
||||
def tools_insert_into_sqlite3(data):
|
||||
conn = sqlite3.connect('data.db')
|
||||
print("tools_insert_into_sqlite3 函数 打开数据库成功!")
|
||||
logging.info("tools_insert_into_sqlite3 函数 打开数据库成功!")
|
||||
cur = conn.cursor()
|
||||
for i in range(len(data)):
|
||||
cur.execute("INSERT INTO redteam_tools_monitor (tools_name,pushed_at,tag_name) VALUES ('{}', '{}','{}')".format(data[i]['tools_name'], data[i]['pushed_at'],data[i]['tag_name']))
|
||||
print("tools_insert_into_sqlite3 函数: {}插入数据成功!".format(format(data[i]['tools_name'])))
|
||||
logging.info("tools_insert_into_sqlite3 函数: {}插入数据成功!".format(format(data[i]['tools_name'])))
|
||||
conn.commit()
|
||||
print("tools_insert_into_sqlite3 函数 插入数据成功!")
|
||||
conn.close()
|
||||
#读取本地红队工具链接文件转换成list
|
||||
def load_tools_list():
|
||||
@ -179,6 +202,7 @@ def get_tools_update_list(data):
|
||||
today_tools_pushed_at = query_result[0]
|
||||
if dist['pushed_at'] != today_tools_pushed_at:
|
||||
print("今日获取时间: ",dist['pushed_at'],"获取数据库时间: ",today_tools_pushed_at,dist['tools_name'],"update!!!!")
|
||||
logging.info("今日获取时间: ",dist['pushed_at'],"获取数据库时间: ",today_tools_pushed_at,dist['tools_name'],"update!!!!")
|
||||
#返回数据库里面的时间和版本
|
||||
tools_update_list.append({"api_url":dist['api_url'],"pushed_at":today_tools_pushed_at,"tag_name":query_result[1]})
|
||||
return tools_update_list
|
||||
@ -194,6 +218,7 @@ def send_dingding(url,query_pushed_at,query_tag_name):
|
||||
tag_name = json_str[0]['tag_name']
|
||||
|
||||
print("[*] 数据库里的pushed_at -->",query_pushed_at,";;;; api的pushed_at -->",new_pushed_at)
|
||||
logging.info("[*] 数据库里的pushed_at -->",query_pushed_at,";;;; api的pushed_at -->",new_pushed_at)
|
||||
if query_pushed_at != new_pushed_at and tag_name != query_tag_name:
|
||||
try:
|
||||
update_log = json_str[0]['body']
|
||||
@ -218,6 +243,7 @@ def send_dingding(url,query_pushed_at,query_tag_name):
|
||||
conn.commit()
|
||||
conn.close()
|
||||
print("[+] tools_name -->", tools_name, "pushed_at 已更新,现在pushed_at 为 -->", new_pushed_at,"tag_name 已更新,现在tag_name为 -->",tag_name)
|
||||
logging.info("[+] tools_name -->", tools_name, "pushed_at 已更新,现在pushed_at 为 -->", new_pushed_at,"tag_name 已更新,现在tag_name为 -->",tag_name)
|
||||
else:
|
||||
commits_url = url + "/commits"
|
||||
commits_url_response_json = requests.get(commits_url).text
|
||||
@ -243,6 +269,7 @@ def send_dingding(url,query_pushed_at,query_tag_name):
|
||||
conn.commit()
|
||||
conn.close()
|
||||
print("[+] tools_name -->",tools_name,"pushed_at 已更新,现在pushed_at 为 -->",new_pushed_at)
|
||||
logging.info("[+] tools_name -->",tools_name,"pushed_at 已更新,现在pushed_at 为 -->",new_pushed_at)
|
||||
|
||||
# return update_log, download_url, tools_version
|
||||
else:
|
||||
@ -265,7 +292,7 @@ def send_dingding(url,query_pushed_at,query_tag_name):
|
||||
conn.commit()
|
||||
conn.close()
|
||||
print("[+] tools_name -->", tools_name, "pushed_at 已更新,现在pushed_at 为 -->", new_pushed_at)
|
||||
|
||||
logging.info("[+] tools_name -->", tools_name, "pushed_at 已更新,现在pushed_at 为 -->", new_pushed_at)
|
||||
# return update_log, download_url
|
||||
# 创建md5对象
|
||||
def nmd5(str):
|
||||
@ -354,19 +381,26 @@ def sendNews(data):
|
||||
body = "CVE编号:" + cve_name + "\r\n" + "Github地址:" + str(data[i]['cve_url']) + "\r\n" + "CVE描述:" + "\r\n" + cve_zh
|
||||
if load_config()[0] == "dingding":
|
||||
dingding(text, body, load_config()[2], load_config()[3])
|
||||
print("钉钉 发送 CVE 成功")
|
||||
logging.info("钉钉 发送 CVE 成功")
|
||||
elif load_config()[0] == "server":
|
||||
server(text, body, load_config()[2])
|
||||
print("server酱 发送 CVE 成功")
|
||||
logging.info("server酱 发送 CVE 成功")
|
||||
elif load_config()[0] == "tgbot":
|
||||
tgbot(text, body, load_config()[2], load_config()[3])
|
||||
print("钉钉 发送 CVE 成功")
|
||||
print("tgbot 发送 CVE 成功")
|
||||
logging.info("tgbot 发送 CVE 成功")
|
||||
except IndexError:
|
||||
pass
|
||||
except Exception as e:
|
||||
print("Program runing error:{}".format(e))
|
||||
print("sendNews 函数 error:{}".format(e))
|
||||
logging.error("sendNews 函数 error:{}".format(e))
|
||||
#main函数
|
||||
if __name__ == '__main__':
|
||||
print("cve 和 github 发布工具 监控中 ...")
|
||||
try:
|
||||
logging.info("cve 和 github 发布工具 监控中 ...")
|
||||
|
||||
#初始化部分
|
||||
create_database()
|
||||
tools_list = load_tools_list()
|
||||
@ -374,6 +408,7 @@ if __name__ == '__main__':
|
||||
tools_insert_into_sqlite3(tools_data)
|
||||
|
||||
while True:
|
||||
try:
|
||||
#CVE部分
|
||||
cve_data = getNews()
|
||||
today_cve_data = get_today_cve_info(cve_data)
|
||||
@ -388,3 +423,4 @@ if __name__ == '__main__':
|
||||
send_dingding(data3[i]['api_url'],data3[i]['pushed_at'],data3[i]['tag_name'])
|
||||
except Exception as e:
|
||||
print("main 函数 遇到错误-->{}".format(e))
|
||||
logging.error("main 函数 遇到错误-->{}".format(e))
|
15
tools_list.yaml
Normal file
15
tools_list.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
tools_list:
|
||||
- https://api.github.com/repos/BeichenDream/Godzilla
|
||||
- https://api.github.com/repos/rebeyond/Behinder
|
||||
- https://api.github.com/repos/AntSwordProject/antSword
|
||||
- https://api.github.com/repos/j1anFen/shiro_attack
|
||||
- https://api.github.com/repos/yhy0/ExpDemo-JavaFX
|
||||
- https://api.github.com/repos/yhy0/github-cve-monitor
|
||||
- https://api.github.com/repos/gentilkiwi/mimikatz
|
||||
- https://api.github.com/repos/ehang-io/nps
|
||||
- https://api.github.com/repos/chaitin/xray
|
||||
- https://api.github.com/repos/FunnyWolf/pystinger
|
||||
- https://api.github.com/repos/L-codes/Neo-reGeorg
|
||||
- https://api.github.com/repos/shadow1ng/fscan
|
||||
- https://api.github.com/repos/SafeGroceryStore/MDUT
|
||||
- https://api.github.com/repos/EdgeSecurityTeam/Vulnerability
|
Loading…
Reference in New Issue
Block a user