Edusrc漏洞审核通过通知监控脚本
2023-6-5 15:19:46 Author: Mo60(查看原文) 阅读量:14 收藏

0x01前言

通过监控漏洞通过审核个数+rank来判断漏洞是否通过,并不单单判断rank因为众测的漏洞是没有rank的,可通过定时任务来执行通知

效果图

邮箱配置可以参考 https://cloud.tencent.com/developer/article/2177098

0x02 代码

# -*- coding: utf-8 -*-
# @Author : Juneha
# @link : https://blog.mo60.cn/index.php/archives/monitor_edusrc.html
import requests
import re
import os
import smtplib
from email.mime.text import MIMEText

userId=7365 # edusrc的用户id,在个人主页的url里有
receivers = ['[email protected]'] # 接收邮件,可设置为你的QQ邮箱或者其他邮箱

mail_host = "smtp.qq.com" # SMTP服务器
mail_user = "[email protected]" # 用户名
mail_pass = "XX" # 授权密码,非登录密码
sender = 'XXXX' # 发件人邮箱(最好写全, 不然会失败)
mail_port = 465 # 端口一般是465

def sendEmail(data):
message = MIMEText(str(data), 'plain', 'utf-8') # 内容, 格式, 编码
message['From'] = "{}".format(sender)
message['To'] = ",".join(receivers)
message['Subject'] = 'EduSrc监控小助手'
try:
smtpObj = smtplib.SMTP_SSL(mail_host, mail_port) # 启用SSL发信
smtpObj.login(mail_user, mail_pass) # 登录验证
smtpObj.sendmail(sender, receivers, message.as_string()) # 发送
print("邮件发送成功")
except smtplib.SMTPException as e:
print(e)

def getRankBug():
url = f"https://src.sjtu.edu.cn/profile/{userId}"
try:
r = requests.get(url, timeout=3)
r.raise_for_status()
rank = re.findall(r'Rank:(\d+)?', r.text)[0]
bugs = re.findall(r'已审核通过漏洞数量:(\d+)?', r.text)[0]
return rank, bugs
except requests.exceptions.RequestException as e:
print(f"网络请求出错: {e}")
return None, None
except IndexError as e:
print(f"正则表达式匹配出错: {e}")
return None, None

def writeRank(data):
with open("edusrcdata.txt", mode='w+', encoding='utf-8') as f:
f.write(",".join(data))

def checkRankBug(rankbugdata):
# 检查文件是否存在
if os.path.isfile('edusrcdata.txt'):
# 检查文件是否可读写
if os.access('edusrcdata.txt', os.R_OK | os.W_OK):
# 打开文件并读取第一行
with open("edusrcdata.txt") as f:
current_rank, current_bug_count = f.read().splitlines()[0].split(",")
# 获取新的rank和bug数
new_rank, new_bug_count = rankbugdata
# 检查rankbugdata和当前rank和bug数是否都不为空
if rankbugdata and current_rank and current_bug_count:
# 比较新旧rank和bug数是否有变化
if new_bug_count != current_bug_count and new_rank == current_rank:
# print(f"有漏洞通过审核了当前漏洞个数{new_bug_count},rank并没有增加。")
sendEmail(f"有漏洞通过审核了当前漏洞个数{new_bug_count},rank并没有增加。")
writeRank(rankbugdata) # 调用writeRank函数更新文件中的数据
elif new_rank != current_rank:
# print(f"Rank增加啦,当前rank为{new_rank}")
sendEmail(f"Rank增加啦,当前rank为{new_rank}")
writeRank(rankbugdata) # 调用writeRank函数更新文件中的数据
else:
print("无动静")
else:
print("rankbugdata或current_rank或current_bug_count为空")
else:
print("文件不可读写")
else:
writeRank(rankbugdata) # 调用writeRank函数创建文件并写入数据
print('First Run Create File')

# 调用checkRankBug函数,传入getRankBug()的返回值作为参数

checkRankBug(getRankBug())


文章来源: http://mp.weixin.qq.com/s?__biz=Mzg5NTIxNDE3NQ==&mid=2247484467&idx=1&sn=a54731f1cf0fdc2b260b0a56dcd38725&chksm=c012f303f7657a156bb991874020e20065a15eaa476ddf4b0e8cd438aa43104f93adfcfe573a#rd
如有侵权请联系:admin#unsafe.sh