p7e4 / cve-alert Goto Github PK
View Code? Open in Web Editor NEW懒人必备,CVE漏洞预警脚本,支持钉钉/企业微信群机器人消息通知
cve-alert's Introduction
cve-alert's People
Contributors
Stargazers
Watchers
cve-alert's Issues
支持 定制化筛选 描述中涵盖一个或者多个关键词的指定推送
- 只推送关注的关键词的CVE信息
- 支持多个关键词轮询匹配推送
支持校验已经推送的信息,避免重复推送
本地存储.log或者.json文件或者.txt,记录推送时间和CVE的ID,根据当天并和本地文件比对,进行二次校验。
支持多种数据来源
支持可选数据来源,匹配关键词数组,精准推送【CVE源】的最新漏洞
NVD api
[CVE] https://www.cve.org
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mysql [此处匹配关键词]
https://www.cvedetails.com
https://cve.circl.lu/api/
run error by requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/cvealert.py", line 184, in
main()
File "/opt/cvealert.py", line 141, in main
sendMessages(getCve(time.time() - 60 * 60 * 24)[-5:])
File "/opt/cvealert.py", line 105, in getCve
for item in requests.get(url, timeout=30, headers=headers).json()["result"]["CVE_Items"]:
File "/usr/local/python3/lib/python3.7/site-packages/requests/models.py", line 975, in json
raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
btw:
December 2023 | The NVD will retire all 1.0 APIs on December 18th.
https://nvd.nist.gov/general/news/change-timeline
All new users, as well as existing users whose workflows include web scraping tools, the legacy data feeds, or the 1.0 APIs, must transition to the 2.0 APIs to continue to get NVD data without interruption.
https://services.nvd.nist.gov/rest/json/cves/2.0?
1.0接口停用,需要更新到2.0接口
建议可以调用API进行 翻译漏洞描述
from translate import Translator
或者调用有道、百度等翻译API等等实现
支持可选是否开启翻译描述功能开关
提取cve编号,可以获得其他可以展示信息
如果获取不到可以显示 暂无【进行mitre查询】
CVSS等级:暂无
self.score = ""
self.score = cvss[0].text if len(cvss) == 1 else "暂无".decode('utf-8')
美化输出企业微信群组的markdown格式
类似这样:
{
"msgtype": "markdown",
"markdown": {
"content": "漏洞命中关键词:mongodb
漏洞编号:CVE-2021-20330
公开日期:2022-07-18 09:30 (北京时间)
CNA来源: MongoDB, Inc.
CVSS评分: 6.5 MEDIUM
漏洞描述:<font color="info">对复制的集合具有基本CRUD权限的攻击者可以使用格式特别错误的oplog条目运行applyOps命令,从而在二级数据库上造成潜在的拒绝服务。此问题影响4.0.25之前的MongoDB Server v4.0版本;4.2.14之前的MongoDB服务器v4.2版本;4.4.6之前的MongoDB Server v4.4版本"
\n参考文献:
https://nvd.nist.gov/vuln/detail/CVE-2021-20330\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20330
"}}
API链接 偶尔不通
偶尔会出现链接不通(访问API services.nvd.nist.gov)
建议出一个超时判定,走一个循环。
添加谷歌DNS nameserver 8.8.4.4 解决,偶尔还是会出现。
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.