爬取CNVD 漏洞

1.背景

挖CNVD漏洞的时候，首先看看产品有没有漏洞已经被提交了，不然白忙活一场。在官网搜索每次展示20个，不方便查看，该代码可实现根据关键字搜索漏洞，将结果保存在excel中。excel展示漏洞标题及时间。

2.使用手册

替换cookie，poc函数传入查询关键字 即可

运行环境 python3

3.相关代码

#!/usr/bin/python
# -*- coding: UTF-8 -*-
"""
@author:leonis072
@file:获取cnvd漏洞详情.py
@time:2021/05/19
"""

import requests
from lxml import etree
import urllib3
import re
import xlwt
import time
from urllib import parse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


def POC(keyword):
    keyword = parse.quote(keyword)
    vul_title_total = []
    vul_time_total = []
    for index in range(0, 1000, 100):
        vuln_url = "https://www.cnvd.org.cn/flaw/list.htm?flag=true"
        headers = {
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0",
            "Content-Type": "application/x-www-form-urlencoded",
            "cookie": "__jsluid_s=cbd2b82593d6c36d3307f21c18f735ec; JSESSIONID=9331ADE7B31A4D67B13D6973BC7F4C30; __jsl_clearance_s=1621405558.371|0|dYoSQ9WlVBr7YK4%2Fjk9t%2F8sleRs%3D",
            "Upgrade-Insecure-Requests": "1",
            "Referer": "https://www.cnvd.org.cn/flaw/list.htm?flag=true"
        }

        data = 'keyword='+keyword+'&condition=1&keywordFlag=0&cnvdId=&cnvdIdFlag=0&baseinfoBeanbeginTime=&baseinfoBeanendTime=&baseinfoBeanFlag=0&refenceInfo=&referenceScope=-1&manufacturerId=-1&categoryId=-1&editionId=-1&causeIdStr=&threadIdStr=&serverityIdStr=&positionIdStr=&max=100&offset=' + str(
            index)
        try:
            response = requests.post(url=vuln_url, data=data, headers=headers, verify=False, timeout=10)
            # print(response)
            tree = etree.HTML(response.text)
            vul_title = tree.xpath('//tbody//tr//td[contains(@width, "45%")]//a/@title')
            vul_time = tree.xpath('(//tbody//tr//td[6]/text())')
            if len(vul_title):
                vul_title_total += vul_title
                for time in range(len(vul_time)):
                    result = re.findall(r'(\d{4}-\d{1,2}-\d{1,2})', str(vul_time[time]))
                    vul_time_total.append(result[0])

            else:
                break
        except Exception as e:
            print(e)

    return vul_title_total, vul_time_total


# 生成表格文件
def create_file(vul_title_total, vul_time_total):
    # 初始化样式
    style_head = xlwt.XFStyle()
    # 初始化字体相关
    font = xlwt.Font()
    font.name = "微软雅黑"
    font.bold = True
    # 必须是数字索引
    font.colour_index = 1
    # 初始背景图案
    bg = xlwt.Pattern()
    # May be: NO_PATTERN, SOLID_PATTERN, or 0x00 through 0x12
    bg.pattern = xlwt.Pattern.SOLID_PATTERN
    # May be: 8 through 63. 0 = Black, 1 = White, 2 = Red, 3 = Green, 4 = Blue, 5 = Yellow, 6 = Magenta, 7 = Cyan, 16 = Maroon, 17 = Dark Green, 18 = Dark Blue, 19 = Dark Yellow , almost brown), 20 = Dark Magenta, 21 = Teal, 22 = Light Gray, 23 = Dark Gray
    bg.pattern_fore_colour = 5

    # 设置字体
    style_head.font = font
    # 设置背景
    style_head.pattern = bg

    # 创建一个excel
    excel = xlwt.Workbook(encoding='utf-8')
    # 添加工作区
    sheet = excel.add_sheet("CNVD漏洞")
    # xlwt中是行和列都是从0开始计算的
    first_col_1 = sheet.col(1)
    first_col_0 = sheet.col(0)
    first_col_1.width = 256 * 20
    first_col_0.width = 256 * 80
    # 标题信息
    head = ["漏洞标题", "时间"]
    for index, value in enumerate(head):
        sheet.write(0, index, value, style_head)

    # 循环写入
    for index in range(1,len(vul_title_total)+1):
        sheet.write(index, 0, vul_title_total[index-1])
    for index in range(1,len(vul_time_total)):
        sheet.write(index, 1, vul_time_total[index-1])

    # 保存excel
    file_name = time.time()
    excel.save("./%s.xls" % file_name)
    print('excel文件生成成功')
    return file_name


if __name__ == '__main__':
    vul_title_total, vul_time_total = POC('弱口令')
    create_file(vul_title_total, vul_time_total)