commit
dad392cfe5
26
README.md
26
README.md
@ -2,6 +2,32 @@
|
|||||||
|
|
||||||
## 更新
|
## 更新
|
||||||
|
|
||||||
|
|
||||||
|
#### 添加飞书捷径推送
|
||||||
|
> 飞书工作台 - 飞书捷径 -webhook
|
||||||
|
|
||||||
|
|
||||||
|
![image](https://user-images.githubusercontent.com/29257678/136410980-302be028-3817-447c-9bad-e3d63045060d.png)
|
||||||
|
注意参数这里:
|
||||||
|
添加下列json信息
|
||||||
|
```php
|
||||||
|
{"at":{},"msgtype":"text","text":{"content":"有新的CVE送达!\r\nCVE编号:CVE-2021-41773\r\nGithub地址:https://github.com/iilegacyyii/PoC-CVE-2021-41773\r\nCVE描述:\r\n在Apache HTTP Server 2.4.49的路径规范化更改中发现了一个缺陷。攻击者可以使用路径遍历攻击将url映射到预期文档根之外的文件。如果文档根目录之外的文件没有被“require all denied”保护,这些请求就可以成功。此外,这个缺陷可能会泄露解释文件(如CGI脚本)的源代码。众所周知,这个问题是在野外被利用的。此问题仅影响Apache 2.4.49,不影响Apache 2.4.49之前的版本。"}}
|
||||||
|
```
|
||||||
|
|
||||||
|
![image](https://user-images.githubusercontent.com/29257678/136413189-f393dfa2-4874-4fea-b8be-7b5892d65fcf.png)
|
||||||
|
|
||||||
|
![image](https://user-images.githubusercontent.com/29257678/136411286-99c2e4db-0d8a-4b61-8613-96e3ebad8e44.png)
|
||||||
|
|
||||||
|
> 选择json里面的模块
|
||||||
|
|
||||||
|
|
||||||
|
![image](https://user-images.githubusercontent.com/29257678/136413413-48417c13-285d-47ff-9fba-c78bed592430.png)
|
||||||
|
|
||||||
|
> 查看效果
|
||||||
|
|
||||||
|
![image](https://user-images.githubusercontent.com/29257678/136413553-48c2100b-8f2d-4f81-8b8b-74351bde0456.png)
|
||||||
|
|
||||||
|
|
||||||
[修复钉钉通知小bug](https://github.com/yhy0/github-cve-monitor/issues/4),修复cve编号推送错误
|
[修复钉钉通知小bug](https://github.com/yhy0/github-cve-monitor/issues/4),修复cve编号推送错误
|
||||||
|
|
||||||
>钉钉通知的话,有个安全设置,通过添加加签发送消息,双击,右键复制
|
>钉钉通知的话,有个安全设置,通过添加加签发送消息,双击,右键复制
|
||||||
|
@ -1,10 +1,14 @@
|
|||||||
all_config:
|
all_config:
|
||||||
github_token: xxxxxx
|
github_token: xxxxxx
|
||||||
dingding:
|
dingding:
|
||||||
- enable: 1
|
- enable: 0
|
||||||
- webhook: xxxxxxx
|
- webhook: xxxxxxx
|
||||||
- secretKey: xxxxxxx
|
- secretKey: xxxxxxx
|
||||||
- app_name: dingding
|
- app_name: dingding
|
||||||
|
feishu:
|
||||||
|
- enable: 1
|
||||||
|
- webhook: xxx
|
||||||
|
- app_name: feishu
|
||||||
server:
|
server:
|
||||||
- enable: 0
|
- enable: 0
|
||||||
- sckey: 123123
|
- sckey: 123123
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# @Author : yhy&ddm&w4ter
|
# @Author : yhy&ddm&w4ter
|
||||||
|
|
||||||
# 每3分钟检测一次githu
|
# 每3分钟检测一次githu
|
||||||
# 是否有新的cve漏洞提交记录,若有则通过server酱和钉钉机器人推送(二者配置一个即可)
|
# 是否有新的cve漏洞提交记录,若有则通过server酱和钉钉机器人推送,飞书捷径推送(二者配置一个即可)
|
||||||
# 建议使用screen命令运行在自己的linux vps后台上,就可以愉快的接收各种cve了
|
# 建议使用screen命令运行在自己的linux vps后台上,就可以愉快的接收各种cve了
|
||||||
|
|
||||||
# https://my.oschina.net/u/4581868/blog/4380482
|
# https://my.oschina.net/u/4581868/blog/4380482
|
||||||
@ -28,6 +28,10 @@ def load_config():
|
|||||||
dingding_secretKey = config['all_config']['dingding'][2]['secretKey']
|
dingding_secretKey = config['all_config']['dingding'][2]['secretKey']
|
||||||
app_name = config['all_config']['dingding'][3]['app_name']
|
app_name = config['all_config']['dingding'][3]['app_name']
|
||||||
return app_name,github_token,dingding_webhook,dingding_secretKey
|
return app_name,github_token,dingding_webhook,dingding_secretKey
|
||||||
|
elif int(config['all_config']['feishu'][0]['enable']) == 1:
|
||||||
|
feishu_webhook = config['all_config']['feishu'][1]['webhook']
|
||||||
|
app_name = config['all_config']['feishu'][2]['app_name']
|
||||||
|
return app_name,github_token,feishu_webhook,feishu_webhook
|
||||||
elif int(config['all_config']['server'][0]['enable']) == 1:
|
elif int(config['all_config']['server'][0]['enable']) == 1:
|
||||||
server_sckey = config['all_config']['server'][1]['sckey']
|
server_sckey = config['all_config']['server'][1]['sckey']
|
||||||
app_name = config['all_config']['server'][2]['app_name']
|
app_name = config['all_config']['server'][2]['app_name']
|
||||||
@ -37,8 +41,8 @@ def load_config():
|
|||||||
tgbot_group_id = config['all_config']['tgbot'][2]['group_id']
|
tgbot_group_id = config['all_config']['tgbot'][2]['group_id']
|
||||||
app_name = config['all_config']['tgbot'][3]['app_name']
|
app_name = config['all_config']['tgbot'][3]['app_name']
|
||||||
return app_name,github_token,tgbot_token,tgbot_group_id
|
return app_name,github_token,tgbot_token,tgbot_group_id
|
||||||
elif int(config['all_config']['tgbot'][0]['enable']) == 0 and int(config['all_config']['server'][0]['enable']) == 0 and int(config['all_config']['dingding'][0]['enable']) == 0:
|
elif int(config['all_config']['tgbot'][0]['enable']) == 0 and int(config['all_config']['feishu'][0]['enable']) == 0 and int(config['all_config']['server'][0]['enable']) == 0 and int(config['all_config']['dingding'][0]['enable']) == 0:
|
||||||
print("[-] 配置文件有误,三个社交软件的enable不能为0")
|
print("[-] 配置文件有误,四个社交软件的enable不能为0")
|
||||||
|
|
||||||
github_headers = {
|
github_headers = {
|
||||||
'Authorization': "token {}".format(load_config()[1]) # 替换自己的github token https://github.com/settings/tokens/new
|
'Authorization': "token {}".format(load_config()[1]) # 替换自己的github token https://github.com/settings/tokens/new
|
||||||
@ -277,6 +281,8 @@ def send_body(url,query_pushed_at,query_tag_name):
|
|||||||
body = "工具名称:" + tools_name + "\r\n" + "更新详情地址:" + download_url + "\r\n" + "commit更新日志:" + "\r\n" + update_log
|
body = "工具名称:" + tools_name + "\r\n" + "更新详情地址:" + download_url + "\r\n" + "commit更新日志:" + "\r\n" + update_log
|
||||||
if load_config()[0] == "dingding":
|
if load_config()[0] == "dingding":
|
||||||
dingding(text, body,load_config()[2],load_config()[3])
|
dingding(text, body,load_config()[2],load_config()[3])
|
||||||
|
elif load_config()[0] == "feishu":
|
||||||
|
feishu(text,body,load_config()[2])
|
||||||
elif load_config()[0] == "server":
|
elif load_config()[0] == "server":
|
||||||
server(text, body,load_config()[2])
|
server(text, body,load_config()[2])
|
||||||
elif load_config()[0] == "tgbot":
|
elif load_config()[0] == "tgbot":
|
||||||
@ -301,6 +307,8 @@ def send_body(url,query_pushed_at,query_tag_name):
|
|||||||
body = "工具名称:" + tools_name + "\r\n" + "工具地址:" + download_url + "\r\n" + "commit更新日志:" + "\r\n" + update_log
|
body = "工具名称:" + tools_name + "\r\n" + "工具地址:" + download_url + "\r\n" + "commit更新日志:" + "\r\n" + update_log
|
||||||
if load_config()[0] == "dingding":
|
if load_config()[0] == "dingding":
|
||||||
dingding(text, body, load_config()[2], load_config()[3])
|
dingding(text, body, load_config()[2], load_config()[3])
|
||||||
|
elif load_config()[0] == "feishu":
|
||||||
|
feishu(text,body,load_config[2])
|
||||||
elif load_config()[0] == "server":
|
elif load_config()[0] == "server":
|
||||||
server(text, body, load_config()[2])
|
server(text, body, load_config()[2])
|
||||||
elif load_config()[0] == "tgbot":
|
elif load_config()[0] == "tgbot":
|
||||||
@ -371,6 +379,10 @@ def translate(word):
|
|||||||
def dingding(text, msg,webhook,secretKey):
|
def dingding(text, msg,webhook,secretKey):
|
||||||
ding = cb.DingtalkChatbot(webhook, secret=secretKey)
|
ding = cb.DingtalkChatbot(webhook, secret=secretKey)
|
||||||
ding.send_text(msg='{}\r\n{}'.format(text, msg), is_at_all=False)
|
ding.send_text(msg='{}\r\n{}'.format(text, msg), is_at_all=False)
|
||||||
|
## 飞书
|
||||||
|
def feishu(text,msg,webhook):
|
||||||
|
ding = cb.DingtalkChatbot(webhook)
|
||||||
|
ding.send_text(msg='{}\r\n{}'.format(text, msg), is_at_all=False)
|
||||||
# server酱 http://sc.ftqq.com/?c=code
|
# server酱 http://sc.ftqq.com/?c=code
|
||||||
def server(text, msg,sckey):
|
def server(text, msg,sckey):
|
||||||
try:
|
try:
|
||||||
@ -422,6 +434,9 @@ def sendNews(data):
|
|||||||
if load_config()[0] == "dingding":
|
if load_config()[0] == "dingding":
|
||||||
dingding(text, body, load_config()[2], load_config()[3])
|
dingding(text, body, load_config()[2], load_config()[3])
|
||||||
print("钉钉 发送 CVE 成功")
|
print("钉钉 发送 CVE 成功")
|
||||||
|
elif load_config()[0] == "feishu":
|
||||||
|
feishu(text, body, load_config()[2])
|
||||||
|
print("飞书 发送 CVE 成功")
|
||||||
elif load_config()[0] == "server":
|
elif load_config()[0] == "server":
|
||||||
server(text, body, load_config()[2])
|
server(text, body, load_config()[2])
|
||||||
print("server酱 发送 CVE 成功")
|
print("server酱 发送 CVE 成功")
|
||||||
|
4
requirements.txt
Normal file
4
requirements.txt
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
requests
|
||||||
|
dingtalkchatbot
|
||||||
|
pyyaml
|
||||||
|
lxml
|
Loading…
Reference in New Issue
Block a user