1.背景
挖CNVD漏洞的时候,首先看看产品有没有漏洞已经被提交了,不然白忙活一场。在官网搜索每次展示20个,不方便查看,该代码可实现根据关键字搜索漏洞,将结果保存在excel中。excel展示漏洞标题及时间。
2.使用手册
替换cookie,poc函数传入查询关键字 即可
运行环境 python3
3.相关代码
#!/usr/bin/python
# -*- coding: UTF-8 -*-
"""
@author:leonis072
@file:获取cnvd漏洞详情.py
@time:2021/05/19
"""
import requests
from lxml import etree
import urllib3
import re
import xlwt
import time
from urllib import parse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def POC(keyword):
keyword = parse.quote(keyword)
vul_title_total = []
vul_time_total = []
for index in range(0, 1000, 100):
vuln_url = "https://www.cnvd.org.cn/flaw/list.htm?flag=true"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0",
"Content-Type": "application/x-www-form-urlencoded",
"cookie": "__jsluid_s=cbd2b82593d6c36d3307f21c18f735ec; JSESSIONID=9331ADE7B31A4D67B13D6973BC7F4C30; __jsl_clearance_s=1621405558.371|0|dYoSQ9WlVBr7YK4%2Fjk9t%2F8sleRs%3D",
"Upgrade-Insecure-Requests": "1",
"Referer": "https://www.cnvd.org.cn/flaw/list.htm?flag=true"
}
data = 'keyword='+keyword+'&condition=1&keywordFlag=0&cnvdId=&cnvdIdFlag=0&baseinfoBeanbeginTime=&baseinfoBeanendTime=&baseinfoBeanFlag=0&refenceInfo=&referenceScope=-1&manufacturerId=-1&categoryId=-1&editionId=-1&causeIdStr=&threadIdStr=&serverityIdStr=&positionIdStr=&max=100&offset=' + str(
index)
try:
response = requests.post(url=vuln_url, data=data, headers=headers, verify=False, timeout=10)
# print(response)
tree = etree.HTML(response.text)
vul_title = tree.xpath('//tbody//tr//td[contains(@width, "45%")]//a/@title')
vul_time = tree.xpath('(//tbody//tr//td[6]/text())')
if len(vul_title):
vul_title_total += vul_title
for time in range(len(vul_time)):
result = re.findall(r'(d{4}-d{1,2}-d{1,2})', str(vul_time[time]))
vul_time_total.append(result[0])
else:
break
except Exception as e:
print(e)
return vul_title_total, vul_time_total
# 生成表格文件
def create_file(vul_title_total, vul_time_total):
# 初始化样式
style_head = xlwt.XFStyle()
# 初始化字体相关
font = xlwt.Font()
font.name = "微软雅黑"
font.bold = True
# 必须是数字索引
font.colour_index = 1
# 初始背景图案
bg = xlwt.Pattern()
# May be: NO_PATTERN, SOLID_PATTERN, or 0x00 through 0x12
bg.pattern = xlwt.Pattern.SOLID_PATTERN
# May be: 8 through 63. 0 = Black, 1 = White, 2 = Red, 3 = Green, 4 = Blue, 5 = Yellow, 6 = Magenta, 7 = Cyan, 16 = Maroon, 17 = Dark Green, 18 = Dark Blue, 19 = Dark Yellow , almost brown), 20 = Dark Magenta, 21 = Teal, 22 = Light Gray, 23 = Dark Gray
bg.pattern_fore_colour = 5
# 设置字体
style_head.font = font
# 设置背景
style_head.pattern = bg
# 创建一个excel
excel = xlwt.Workbook(encoding='utf-8')
# 添加工作区
sheet = excel.add_sheet("CNVD漏洞")
# xlwt中是行和列都是从0开始计算的
first_col_1 = sheet.col(1)
first_col_0 = sheet.col(0)
first_col_1.width = 256 * 20
first_col_0.width = 256 * 80
# 标题信息
head = ["漏洞标题", "时间"]
for index, value in enumerate(head):
sheet.write(0, index, value, style_head)
# 循环写入
for index in range(1,len(vul_title_total)+1):
sheet.write(index, 0, vul_title_total[index-1])
for index in range(1,len(vul_time_total)):
sheet.write(index, 1, vul_time_total[index-1])
# 保存excel
file_name = time.time()
excel.save("./%s.xls" % file_name)
print('excel文件生成成功')
return file_name
if __name__ == '__main__':
vul_title_total, vul_time_total = POC('弱口令')
create_file(vul_title_total, vul_time_total)