1.背景
挖CNVD漏洞的時候,首先看看產品有沒有漏洞已經被提交了,不然白忙活一場。在官網搜索每次展示20個,不方便查看,該代碼可實現根據關鍵字搜索漏洞,將結果保存在excel中。excel展示漏洞標題及時間。
2.使用手冊
替換cookie,poc函數傳入查詢關鍵字 即可
運行環境 python3
3.相關代碼
#!/usr/bin/python
# -*- coding: UTF-8 -*-
"""
@author:leonis072
@file:獲取cnvd漏洞詳情.py
@time:2021/05/19
"""
import requests
from lxml import etree
import urllib3
import re
import xlwt
import time
from urllib import parse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def POC(keyword):
keyword = parse.quote(keyword)
vul_title_total = []
vul_time_total = []
for index in range(0, 1000, 100):
vuln_url = "https://www.cnvd.org.cn/flaw/list.htm?flag=true"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0",
"Content-Type": "application/x-www-form-urlencoded",
"cookie": "__jsluid_s=cbd2b82593d6c36d3307f21c18f735ec; JSESSIONID=9331ADE7B31A4D67B13D6973BC7F4C30; __jsl_clearance_s=1621405558.371|0|dYoSQ9WlVBr7YK4%2Fjk9t%2F8sleRs%3D",
"Upgrade-Insecure-Requests": "1",
"Referer": "https://www.cnvd.org.cn/flaw/list.htm?flag=true"
}
data = 'keyword='+keyword+'&condition=1&keywordFlag=0&cnvdId=&cnvdIdFlag=0&baseinfoBeanbeginTime=&baseinfoBeanendTime=&baseinfoBeanFlag=0&refenceInfo=&referenceScope=-1&manufacturerId=-1&categoryId=-1&editionId=-1&causeIdStr=&threadIdStr=&serverityIdStr=&positionIdStr=&max=100&offset=' + str(
index)
try:
response = requests.post(url=vuln_url, data=data, headers=headers, verify=False, timeout=10)
# print(response)
tree = etree.HTML(response.text)
vul_title = tree.xpath('//tbody//tr//td[contains(@width, "45%")]//a/@title')
vul_time = tree.xpath('(//tbody//tr//td[6]/text())')
if len(vul_title):
vul_title_total += vul_title
for time in range(len(vul_time)):
result = re.findall(r'(\d{4}-\d{1,2}-\d{1,2})', str(vul_time[time]))
vul_time_total.append(result[0])
else:
break
except Exception as e:
print(e)
return vul_title_total, vul_time_total
# 生成表格文件
def create_file(vul_title_total, vul_time_total):
# 初始化樣式
style_head = xlwt.XFStyle()
# 初始化字體相關
font = xlwt.Font()
font.name = "微軟雅黑"
font.bold = True
# 必須是數字索引
font.colour_index = 1
# 初始背景圖案
bg = xlwt.Pattern()
# May be: NO_PATTERN, SOLID_PATTERN, or 0x00 through 0x12
bg.pattern = xlwt.Pattern.SOLID_PATTERN
# May be: 8 through 63. 0 = Black, 1 = White, 2 = Red, 3 = Green, 4 = Blue, 5 = Yellow, 6 = Magenta, 7 = Cyan, 16 = Maroon, 17 = Dark Green, 18 = Dark Blue, 19 = Dark Yellow , almost brown), 20 = Dark Magenta, 21 = Teal, 22 = Light Gray, 23 = Dark Gray
bg.pattern_fore_colour = 5
# 設置字體
style_head.font = font
# 設置背景
style_head.pattern = bg
# 創建一個excel
excel = xlwt.Workbook(encoding='utf-8')
# 添加工作區
sheet = excel.add_sheet("CNVD漏洞")
# xlwt中是行和列都是從0開始計算的
first_col_1 = sheet.col(1)
first_col_0 = sheet.col(0)
first_col_1.width = 256 * 20
first_col_0.width = 256 * 80
# 標題信息
head = ["漏洞標題", "時間"]
for index, value in enumerate(head):
sheet.write(0, index, value, style_head)
# 循環寫入
for index in range(1,len(vul_title_total)+1):
sheet.write(index, 0, vul_title_total[index-1])
for index in range(1,len(vul_time_total)):
sheet.write(index, 1, vul_time_total[index-1])
# 保存excel
file_name = time.time()
excel.save("./%s.xls" % file_name)
print('excel文件生成成功')
return file_name
if __name__ == '__main__':
vul_title_total, vul_time_total = POC('弱口令')
create_file(vul_title_total, vul_time_total)