first commit

.gitignore

@@ -1,129 +1,3 @@
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-pip-wheel-metadata/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.nox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-*.py,cover
-.hypothesis/
-.pytest_cache/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# IPython
-profile_default/
-ipython_config.py
-
-# pyenv
-.python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow
-__pypackages__/
-
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
-.env
-.venv
-env/
-venv/
-ENV/
-env.bak/
-venv.bak/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
-
-# Pyre type checker
-.pyre/
+.DS_Store
+*.pyc
+__pycache__/

CVEinfo.py

@@ -0,0 +1,101 @@
+
+import httpx,re,time,datetime
+from translate import Translator
+
+
+cpid = 'wwdXXXXXXXX' #企业微信的企业ID
+cpsecret = 'nQVQ-jXXXXXXXXX' #企业微信自建应用的Secret
+vul_like = ['weblogic','apache'] #关注的组件，可添加
+risk_like = ['CRITICAL','HIGH'] #关注的威胁级别，可添加
+care = 1 # 0表示只接收关注组件的漏洞，1表示所有组件的高危漏洞
+
+# proxies = {'http': "http://127.0.0.1:7890",
+#             'https': "http://127.0.0.1:7890"}
+
+url = 'https://services.nvd.nist.gov/rest/json/cves/1.0'
+headers = {
+    'User-Agent':
+    'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:56.0) Gecko/20100101 Firefox/56.0 Waterfox/56.3',
+    'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+    'Accept-Language': 'zh,en;q=0.5',
+    'Accept-Encoding': 'gzip, deflate',
+    'Connection': 'close',
+    'Upgrade-Insecure-Requests': '1',
+}
+access_token = ''
+content = '' #表示企业微信的文本信息
+
+def get_cve():
+    #时间比我们晚，#取三天前的漏洞才有cvss评分
+    today = datetime.date.today()
+    yesterday = today-datetime.timedelta(days=3)#3
+    pubStartDate = str(yesterday) +'T00:00:00:000 UTC-05:00'
+
+    if care == 1:
+        for risk in risk_like:
+            params = {'pubStartDate': pubStartDate,'cvssV3Severity': risk}
+            with httpx.Client(params=params) as client:
+                res = client.get(url).json()
+            if res['totalResults'] > 0:
+                res_content(res)
+    else:
+        for risk in risk_like:
+            for vul in vul_like:
+                params = {'pubStartDate': pubStartDate,'keyword': vul,'cvssV3Severity': risk}
+                with httpx.Client(params=params) as client:
+                    res = client.get(url).json()
+                if res['totalResults'] > 0:
+                    res_content(res)
+
+        
+def res_content(res):
+    global content
+    message = time.strftime("%Y-%m-%d", time.localtime())+'号共有`'+str(res['totalResults'])+'`个漏洞\n<font color=\"info\">下面是漏洞简介-></font>'
+    send_wx(access_token,message)#每日提示消息
+
+    for i in range(res['totalResults']):
+        id = '漏洞编号：' + res['result']['CVE_Items'][i]['cve']['CVE_data_meta']['ID']+'\n'
+        pubdate = '公开日期：' + res['result']['CVE_Items'][i]['publishedDate']+'\n'
+        try:
+            baseSeverity = '<font color="warning">漏洞等级：</font>' + res['result']['CVE_Items'][i]['impact']['baseMetricV3']['cvssV3']['baseSeverity']
+            score = '<font color="warning">CVSSV3</font>：'+str(res['result']['CVE_Items'][i]['impact']['baseMetricV3']['cvssV3']['baseScore'])+'\n'
+        finally:
+            description = res['result']['CVE_Items'][i]['cve']['description']['description_data'][0]['value']
+            description = translat(description)#翻译
+            description = '漏洞描述：<font color=\"info\">' +description +'</font>\n'
+            content = '**              【新增漏洞告警】**\n'+id +pubdate + baseSeverity+' '+score+description
+            send_wx(access_token,content)#发送到企业微信
+
+def translat(context): #翻译描述信息
+        translator = Translator(to_lang="chinese")
+        translation = translator.translate(context)
+        return translation
+
+def get_token():
+    global cpid,cpsecret,access_token
+    url = "https://qyapi.weixin.qq.com/cgi-bin/gettoken"
+    parms = {'corpid': cpid,'corpsecret': cpsecret}
+    res = httpx.get(url,headers=headers,params=parms).json()
+    errcode = res['errcode']
+    if errcode != 0:
+        print('something wrong:\nyou can see: https://open.work.weixin.qq.com/devtool/query?e='+ str(errcode))
+    else:
+        access_token = res['access_token']
+
+def send_wx(access_token,content):
+    url = "https://qyapi.weixin.qq.com/cgi-bin/appchat/send?access_token="
+    data = {"chatid": "CVE",
+            "msgtype":"markdown",
+            "markdown":{"content" : content},
+            "safe":0
+            }
+    res = httpx.post(url+access_token,headers=headers,json=data).json()
+    errcode = res['errcode']
+    if errcode != 0:
+        print('something wrong:\nyou can see: https://open.work.weixin.qq.com/devtool/query?e='+ str(errcode))
+
+def main():
+    get_token()
+    get_cve()
+if __name__ == "__main__":
+    main()

README.md

@@ -0,0 +1,57 @@
+## NEW_CVEinfo
+------
+
+该脚本用于获取最新的CVE漏洞信息，通过企业微信的接口每日推送
+
+### 实现方法：
+------
+
+```
+1、使用NVD的公开api获取漏洞信息
+2、对结果进行处理，过滤出自己感兴趣的漏洞
+3、调用企业微信的api进行消息推送
+4、放置在服务器上定时运行
+```
+
+### 如何使用
+
+---
+
+1、下载项目文件
+
+`git clone https://github.com/knight-TBO/NEW_CVEinfo.git`
+
+2、`cd NEW_CVEinfo` 目录
+
+3、安装需求库
+
+`pip install -r requirements.txt`
+
+4、填写企业微信信息
+
+<img src="./img/wxcof.png" style="zoom: 50%;" />
+
+5、在服务器建立定时任务，例如每天早上8:50推送
+
+`crontab -e`
+``50 08 * * * /usr/bin/python3 NEW_CVEinfo.py``
+
+### 其它玩法：
+
+---
+
+1、只推送自己感兴趣的组件漏洞，通过更改``vul_like`参数
+
+<img src="./img/vullike.png" style="zoom: 50%;" />
+
+2、只推送自己感兴趣的漏洞级别，通过更改`risk_like`和`care`参数
+
+<img src="./img/risklike.png" style="zoom: 50%;" />
+
+### 运行效果：
+
+---
+
+<img src="./img/p1.jpg" style="zoom: 50%;" />
+
+<img src="./img/p2.jpg" style="zoom:50%;" />

requirements.txt

@@ -0,0 +1,2 @@
+translate==3.5.0
+httpx==0.13.3