p7e4 / cve-alert Goto Github PK
View Code? Open in Web Editor NEW懒人必备,CVE漏洞预警脚本,支持钉钉/企业微信群机器人消息通知
懒人必备,CVE漏洞预警脚本,支持钉钉/企业微信群机器人消息通知
本地存储.log或者.json文件或者.txt,记录推送时间和CVE的ID,根据当天并和本地文件比对,进行二次校验。
支持可选数据来源,匹配关键词数组,精准推送【CVE源】的最新漏洞
NVD api
[CVE] https://www.cve.org
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mysql [此处匹配关键词]
https://www.cvedetails.com
https://cve.circl.lu/api/
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/cvealert.py", line 184, in
main()
File "/opt/cvealert.py", line 141, in main
sendMessages(getCve(time.time() - 60 * 60 * 24)[-5:])
File "/opt/cvealert.py", line 105, in getCve
for item in requests.get(url, timeout=30, headers=headers).json()["result"]["CVE_Items"]:
File "/usr/local/python3/lib/python3.7/site-packages/requests/models.py", line 975, in json
raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
btw:
December 2023 | The NVD will retire all 1.0 APIs on December 18th.
https://nvd.nist.gov/general/news/change-timeline
All new users, as well as existing users whose workflows include web scraping tools, the legacy data feeds, or the 1.0 APIs, must transition to the 2.0 APIs to continue to get NVD data without interruption.
https://services.nvd.nist.gov/rest/json/cves/2.0?
1.0接口停用,需要更新到2.0接口
from translate import Translator
或者调用有道、百度等翻译API等等实现
支持可选是否开启翻译描述功能开关
如果获取不到可以显示 暂无【进行mitre查询】
CVSS等级:暂无
self.score = ""
self.score = cvss[0].text if len(cvss) == 1 else "暂无".decode('utf-8')
{
"msgtype": "markdown",
"markdown": {
"content": "漏洞命中关键词:mongodb
漏洞编号:CVE-2021-20330
公开日期:2022-07-18 09:30 (北京时间)
CNA来源: MongoDB, Inc.
CVSS评分: 6.5 MEDIUM
漏洞描述:<font color="info">对复制的集合具有基本CRUD权限的攻击者可以使用格式特别错误的oplog条目运行applyOps命令,从而在二级数据库上造成潜在的拒绝服务。此问题影响4.0.25之前的MongoDB Server v4.0版本;4.2.14之前的MongoDB服务器v4.2版本;4.4.6之前的MongoDB Server v4.4版本"
\n参考文献:
https://nvd.nist.gov/vuln/detail/CVE-2021-20330\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20330
"}}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.