云安全中心API应急漏洞扫描实战
新钛云服已累计为您分享643篇技术干货
云安全中心应急漏洞扫描
云安全中心是一个实时识别、分析、预警安全威胁的统一安全管理系统,通过防勒索、防病毒、防篡改、合规检查等安全能力,实现威胁检测、告警响应、攻击溯源的自动化安全运营闭环,保护云上资产和本地服务器安全,并满足监管合规要求。
前提条件配置
①子账户生成阿里云的AKSK信息,授权云安全中心权限
②python环境配置
安装依赖
2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c++ libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel
3 4 5下载python3.10.4
6wget -c https://www.python.org/ftp/python/3.10.4/Python-3.10.4.tgz
7 8解压python3.10.4
9tar -zxvf Python-3.10.4.tgz
1011cd Python-3.10.4/
12./configure --with-ssl
13make && make install
1415备份python文件
16mv /usr/bin/python /usr/bin/python.bak
1718#建立python3的软链接19ln -s /usr/
local/bin/python3 /usr/bin/python
2021which pip3
22#yum执行异常解决23vi /usr/libexec/urlgrabber-ext-down
24#! /usr/bin/python22526vi /usr/bin/yum
27#!/usr/bin/python2282930安装模块
31pip3 install --upgrade pip
32pip3 install alibabacloud_sas20181203==1.1.13
33pip install alibabacloud_tea_console
3435如果在import ssl调式报错ImportError: cannot import name
'OPENSSL_VERSION_NUMBER' from
'_ssl' (unknown location)解决办法如下
3637#下载安装openssl38wget -c https://www.openssl.org/
source/openssl-1.1.1n.tar.gz
39tar -zxvf openssl-1.1.1n.tar.gz
40cd openssl-1.1.1n
41./config --prefix=/usr/
local/openssl
42make && make instal
43mv /usr/bin/openssl /usr/bin/openssl.bak
44ln -sf /usr/
local/openssl/bin/openssl /usr/bin/openssl
45echo"/usr/local/openssl/lib" >> /etc/ld.so.conf
4647ldconfig -v
4849#查询openssl版本50openssl version
5152vim /root/Python-3.10.4/Modules/Setup
53211 OPENSSL=/usr/
local/openssl
54212 _ssl _ssl.c \
55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \
56214 -lssl -lcrypto
575859最后在执行下python3.10.4安装
60cd Python-3.10.4/
61./configure
62make && make install
一、扫描获取特定应急漏洞的名称信息
如扫描fastjson <= 1.2.80 反序列化任意代码执行漏洞
API文档 https://help.aliyun.com/document_detail/421691.html
Lang:zh
RiskStatus:y
ScanType:python
CheckType:fastjson <= 1.2.80 反序列化任意代码执行漏洞
VulName:
{
2"TotalCount":
1,
3"RequestId":
"A79C0E69-CE10-5688-8D01-7322BD3715C8",
4"PageSize":
5,
5"CurrentPage":
1,
6"GroupedVulItems": [
7 {
8"Status":
30,
9"PendingCount":
116,
10"Type":
"python",
11"Description":
"fastjson已使用黑白名单用于防御反序列化漏洞,经研究该利用在特定条件下可绕过默认autoType关闭限制,攻击远程服务器,风险影响较大。建议fastjson用户尽快采取安全措施保障系统安全。\n\n特定依赖存在下影响 ≤1.2.80。",
12"CheckType":
1,
13"AliasName":
"fastjson <= 1.2.80 反序列化任意代码执行漏洞【原理扫描】",
14"GmtLastCheck":
1653471386000,
15"GmtPublish":
1653273837000,
16"Name":
"emg:SCA:AVD-2022-1243027"17 }
18 ]
19}
得到特定应急漏洞名称信息为emg:SCA:AVD-2022-1243027
pip install alibabacloud_sas20181203==1.1.13
pip install alibabacloud_tea_console
sys
4 5from typing
import List
6from Tea.core
import TeaCore
7 8from alibabacloud_sas20181203.client
import Client
as Sas20181203Client
9from alibabacloud_tea_openapi
import models
as open_api_models
10from alibabacloud_sas20181203
import models
as sas_20181203_models
11from alibabacloud_tea_util
import models
as util_models
12from alibabacloud_tea_console.client
import Client
as ConsoleClient
13from alibabacloud_tea_util.client
import Client
as UtilClient
141516classSample:17def__init__(self):18pass1920 @staticmethod
21defcreate_client(
22
access_key_id: str,
23
access_key_secret: str,
24
)
-> Sas20181203Client:25"""
26
使用AK&SK初始化账号Client
27
@param access_key_id:
28
@param access_key_secret:
29
@return: Client
30
@throws Exception
31
"""
32 config = open_api_models.Config(
33# 您的AccessKey ID,34 access_key_id=
'LTAI5t',
35# 您的AccessKey Secret,36 access_key_secret=
'dSr'37 )
38# 访问的域名39 config.endpoint =
f'tds.aliyuncs.com'40return Sas20181203Client(config)
4142 @staticmethod
43defmain(
44
args: List[str],
45
)
-> None:46 client = Sample.create_client(
'ACCESS_KEY_ID',
'ACCESS_KEY_SECRET')
47 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
48 lang=
'zh',
49 risk_status=
'y',
50 scan_type=
'python',
51 vul_name=
'fastjson <= 1.2.80 反序列化任意代码执行漏洞'52 )
53 runtime = util_models.RuntimeOptions()
54 resp = client.describe_emg_vul_item_with_options(describe_emg_vul_item_request, runtime)
55 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
5657 @staticmethod
58asyncdefmain_async(
59
args: List[str],
60
)
-> None:61 client = Sample.create_client(
'ACCESS_KEY_ID',
'ACCESS_KEY_SECRET')
62 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
63 lang=
'zh',
64 risk_status=
'y',
65 scan_type=
'python',
66 vul_name=
'fastjson <= 1.2.80 反序列化任意代码执行漏洞'67 )
68 runtime = util_models.RuntimeOptions()
69 resp =
await client.describe_emg_vul_item_with_options_async(describe_emg_vul_item_request, runtime)
70 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
717273if __name__ ==
'__main__':
74 Sample.main(sys.argv[
1:])
二、根据特定的应急漏洞执行扫描任务
Lang:zh
Name:emg:SCA:AVD-2022-1243027
UserAgreement:yes
{
2"RequestId":
"08744049-2F38-54BF-A7E7-529B5226AC9E"3}
pip install alibabacloud_sas20181203==1.1.13
# -*- coding: utf
-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4 5from typing import List
6from Tea.core import TeaCore
7 8from alibabacloud_sas
20181203.client import Client as Sas
20181203Client
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_sas
20181203 import models as sas_
20181203_models
11from alibabacloud_tea_util import models as util_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
141516class Sample:
17 def __init__(self):
18 pass
1920 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> Sas
20181203Client:
25"""
26
使用AK&SK初始化账号Client
27
@param access_key_id:
28
@param access_key_secret:
29
@return: Client
30
@throws Exception
31
"
""32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id='LTAI
5t',
35 # 您的AccessKey Secret,
36 access_key_secret='dS'
37 )
38 # 访问的域名
39 config.endpoint = f'tds.aliyuncs.com'
40 return Sas
20181203Client(config)
4142 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
47 modify_emg_vul_submit_request = sas_
20181203_models.ModifyEmgVulSubmitRequest(
48 lang='zh',
49 name='emg:SCA:AVD
-2022-1243027',
50 user_agreement='yes'
51 )
52 runtime = util_models.RuntimeOptions()
53 resp = client.modify_emg_vul_submit_with_options(modify_emg_vul_submit_request, runtime)
54 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
5556 @staticmethod
57 async def main_async(
58 args: List[str],
59 ) -> None:
60 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
61 modify_emg_vul_submit_request = sas_
20181203_models.ModifyEmgVulSubmitRequest(
62 lang='zh',
63 name='emg:SCA:AVD
-2022-1243027',
64 user_agreement='yes'
65 )
66 runtime = util_models.RuntimeOptions()
67 resp = await client.modify_emg_vul_submit_with_options_async(modify_emg_vul_submit_request, runtime)
68 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
697071if __name__ == '__main__':
72 Sample.main(sys.argv[
1:])
执行脚本发现阿里云的云安全中心应急漏洞fastjson <= 1.2.80 反序列化任意代码执行漏洞开始执行扫描任务计划
三、应急漏洞全部扫描
Types:"emg"
Uuids:
cve:Linux软件漏洞
2sys:Windows系统漏洞
3cms:Web-CMS漏洞
4app:应用漏洞
5emg:应急漏洞
6image:容器镜像漏洞
pip install alibabacloud_sas20181203==1.1.13
sys
4 5from typing
import List
6from Tea.core
import TeaCore
7 8from alibabacloud_sas20181203.client
import Client
as Sas20181203Client
9from alibabacloud_tea_openapi
import models
as open_api_models
10from alibabacloud_sas20181203
import models
as sas_20181203_models
11from alibabacloud_tea_util
import models
as util_models
12from alibabacloud_tea_console.client
import Client
as ConsoleClient
13from alibabacloud_tea_util.client
import Client
as UtilClient
141516classSample:17def__init__(self):18pass1920 @staticmethod
21defcreate_client(
22
access_key_id: str,
23
access_key_secret: str,
24
)
-> Sas20181203Client:25"""
26
使用AK&SK初始化账号Client
27
@param access_key_id:
28
@param access_key_secret:
29
@return: Client
30
@throws Exception
31
"""
32 config = open_api_models.Config(
33# 您的AccessKey ID,34 access_key_id=
'LTAI5t',
35# 您的AccessKey Secret,36 access_key_secret=
'dSr'37 )
38# 访问的域名39 config.endpoint =
f'tds.aliyuncs.com'40return Sas20181203Client(config)
4142 @staticmethod
43defmain(
44
args: List[str],
45
)
-> None:46 client = Sample.create_client(
'ACCESS_KEY_ID',
'ACCESS_KEY_SECRET')
47 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
48 types=
'"emg"'49 )
50 runtime = util_models.RuntimeOptions()
51 resp = client.modify_start_vul_scan_with_options(modify_start_vul_scan_request, runtime)
52 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
5354 @staticmethod
55asyncdefmain_async(
56
args: List[str],
57
)
-> None:58 client = Sample.create_client(
'ACCESS_KEY_ID',
'ACCESS_KEY_SECRET')
59 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
60 types=
'"emg"'61 )
62 runtime = util_models.RuntimeOptions()
63 resp =
await client.modify_start_vul_scan_with_options_async(modify_start_vul_scan_request, runtime)
64 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
656667if __name__ ==
'__main__':
68 Sample.main(sys.argv[
1:])
执行完脚本后应急漏洞服务全部开始扫描计划任务
四、导出应急漏洞列表信息
API文档信息 ExportVul - 导出漏洞列表 (aliyun.com)
Lang:zh
Type:emg
Uuids:
AliasName:fastjson <= 1.2.80 反序列化任意代码执行漏洞
Necessity:asap
Dealed:n
sys
4 5from typing
import List
6from Tea.core
import TeaCore
7 8from alibabacloud_sas20181203.client
import Client
as SasClient
9from alibabacloud_tea_openapi
import models
as open_api_models
10from alibabacloud_darabonba_env.client
import Client
as EnvClient
11from alibabacloud_sas20181203
import models
as sas_models
12from alibabacloud_tea_console.client
import Client
as ConsoleClient
13from alibabacloud_tea_util.client
import Client
as UtilClient
141516classSample:17def__init__(self):18pass1920 @staticmethod
21defcreate_client(
22
access_key_id: str,
23
access_key_secret: str,
24
)
-> SasClient:25"""
26
使用AK&SK初始化账号Client
27
"""
28 config = open_api_models.Config()
29# 您的AccessKey ID30 config.access_key_id =
'LTAI5t'31# 您的AccessKey Secret32 config.access_key_secret =
'dSrH3z'33 config.endpoint =
'tds.aliyuncs.com'34return SasClient(config)
3536 @staticmethod
37defmain(
38
args: List[str],
39
)
-> None:40 client = Sample.create_client(EnvClient.get_env(
'ACCESS_KEY_ID'), EnvClient.get_env(
'ACCESS_KEY_SECRET'))
41 export_request = sas_models.ExportVulRequest(
42 lang=
'zh',
43 type=
'emg',
44 alias_name=
'fastjson <= 1.2.80 反序列化任意代码执行漏洞',
45 necessity=
'asap',
46 dealed=
'n'47 )
48 export_response = client.export_vul(export_request)
49 ConsoleClient.log(
f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')
5051 @staticmethod
52asyncdefmain_async(
53
args: List[str],
54
)
-> None:55 client = Sample.create_client(EnvClient.get_env(
'ACCESS_KEY_ID'), EnvClient.get_env(
'ACCESS_KEY_SECRET'))
56 export_request = sas_models.ExportVulRequest(
57 lang=
'zh',
58 type=
'emg',
59 alias_name=
'fastjson <= 1.2.80 反序列化任意代码执行漏洞',
60 necessity=
'asap',
61 dealed=
'n'62 )
63 export_response =
await client.export_vul_async(export_request)
64 ConsoleClient.log(
f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')
656667if __name__ ==
'__main__':
68 Sample.main(sys.argv[
1:])
得到值为
[LOG] response is {
"FileName":
"emg_20220526",
"Id":
102889,
"RequestId":
"A15E37DA-10C8-542D-8D59-CCCB5E6837E4"}
在执行脚本的时候可以通过过滤id号得到漏洞导出任务的ID信息,最后得到值为102889
23python3 exportall.py | grep \
"Id\" | awk -F\: '{print
$3}' | awk -F\, '{print
$1}'
4
通过ExportId的102889获取文件下载
sys
4 5from typing
import List
6from Tea.core
import TeaCore
7 8from alibabacloud_sas20181203.client
import Client
as SasClient
9from alibabacloud_tea_openapi
import models
as open_api_models
10from alibabacloud_darabonba_env.client
import Client
as EnvClient
11from alibabacloud_sas20181203
import models
as sas_models
12from alibabacloud_tea_console.client
import Client
as ConsoleClient
13from alibabacloud_tea_util.client
import Client
as UtilClient
141516classSample:17def__init__(self):18pass1920 @staticmethod
21defcreate_client(
22
access_key_id: str,
23
access_key_secret: str,
24
)
-> SasClient:25"""
26
使用AK&SK初始化账号Client
27
"""
28 config = open_api_models.Config()
29# 您的AccessKey ID30 config.access_key_id =
'LTAI'31# 您的AccessKey Secret32 config.access_key_secret =
'dSrH'33 config.endpoint =
'tds.aliyuncs.com'34return SasClient(config)
3536 @staticmethod
37defmain(
38
args: List[str],
39
)
-> None:40 client = Sample.create_client(EnvClient.get_env(
'ACCESS_KEY_ID'), EnvClient.get_env(
'ACCESS_KEY_SECRET'))
41 export_request = sas_models.ExportVulRequest(
42 type=
'cve'43 )
44 export_response = client.export_vul(export_request)
45 body = export_response.body
46 export_info_id = body.id
47 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
48 export_id=
10288949 )
50 info_detail_response = client.describe_vul_export_info(vul_export_info_request)
51 ConsoleClient.log(
f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')
5253 @staticmethod
54asyncdefmain_async(
55
args: List[str],
56
)
-> None:57 client = Sample.create_client(EnvClient.get_env(
'ACCESS_KEY_ID'), EnvClient.get_env(
'ACCESS_KEY_SECRET'))
58 export_request = sas_models.ExportVulRequest(
59 type=
'cve'60 )
61 export_response =
await client.export_vul_async(export_request)
62 body = export_response.body
63 export_info_id = body.id
64 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
65 export_id=
10288966 )
67 info_detail_response =
await client.describe_vul_export_info_async(vul_export_info_request)
68 ConsoleClient.log(
f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')
697071if __name__ ==
'__main__':
72 Sample.main(sys.argv[
1:])
执行脚本得到附件的下载链接
2python exportfile.py | awk -F\
"Link\": '{print $2}' | awk -F\, '{print $1}' | xargs wget -O "emg_$(date +%Y%m%d).zip
"
3
可以把zip文件解压后上传到oss存储中,通过脚本钉钉推送到指定群通知或者邮件推送指定的人
钉钉推送如下
2wget https://gosspublic.alicdn.com/ossutil/1.7.9/ossutil64
3chmod 755 ossutil64
4 5 6./ossutil64 config
7./ossutil64 ls oss://examplebucket -c /home/config
8 910vim vulnerabilityDingtack.sh
11#!/bin/bash
1213UPLOAD_TIME=$(date "+%Y%m%d")
14curl 'https://oapi.dingtalk.com/robot/send?access_token=88c98f36028d0564c' \
15-H 'Content-Type: application/json' \
16-d '{
17"msgtype": "link",
18"link": {
19"text":"应急安全漏洞 \n",
20"title": "应急安全漏洞报告",
21"picUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/vulnerability.png",
22"messageUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/emg_'${UPLOAD_TIME}'.xlsx"
23}
24}'
2526echo "---------上传到OSS--------------------"
27ALI_OSS_ENDPOINT="oss-cn-shanghai.aliyuncs.com"
28ALI_OSS_AK="LTAI5"
29ALI_OSS_SK="dSrH3z"
30WORKSPACE=/opt/kingen
3132#打开oss命令文件夹
33cd ${WORKSPACE}/
34#配置oss
35./ossutil64 config -e ${ALI_OSS_ENDPOINT} -i ${ALI_OSS_AK} -k ${ALI_OSS_SK}
36unzip emg_${UPLOAD_TIME}.zip
37#上传apk到oss
38./ossutil64 cp "./emg_${UPLOAD_TIME}.xlsx" "oss://backups/vulnerability/"
来个开胃小菜
阿里云CDN刷新目录脚本(刷新之前更换AKSK秘钥,替换object_path刷新的网站URL地址)
pip install alibabacloud_cdn20180510==1.0.11
sys
4 5from typing
import List
6from Tea.core
import TeaCore
7 8from alibabacloud_cdn20180510.client
import Client
as Cdn20180510Client
9from alibabacloud_tea_openapi
import models
as open_api_models
10from alibabacloud_cdn20180510
import models
as cdn_20180510_models
11from alibabacloud_tea_util
import models
as util_models
12from alibabacloud_tea_console.client
import Client
as ConsoleClient
13from alibabacloud_tea_util.client
import Client
as UtilClient
141516classSample:17def__init__(self):18pass1920 @staticmethod
21defcreate_client(
22
access_key_id: str,
23
access_key_secret: str,
24
)
-> Cdn20180510Client:25"""
26
使用AK&SK初始化账号Client
27
@param access_key_id:
28
@param access_key_secret:
29
@return: Client
30
@throws Exception
31
"""
32 config = open_api_models.Config(
33# 您的AccessKey ID,34 access_key_id=access_key_id,
35# 您的AccessKey Secret,36 access_key_secret=access_key_secret
37 )
38# 访问的域名39 config.endpoint =
f'cdn.aliyuncs.com'40return Cdn20180510Client(config)
4142 @staticmethod
43defmain(
44
args: List[str],
45
)
-> None:46 client = Sample.create_client(
'ACCESS_KEY_ID',
'ACCESS_KEY_SECRET')
47 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
48 object_path=
'https://uat.abc.com/',
49 object_type=
'Directory'50 )
51 runtime = util_models.RuntimeOptions()
52 resp = client.refresh_object_caches_with_options(refresh_object_caches_request, runtime)
53 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
5455 @staticmethod
56asyncdefmain_async(
57
args: List[str],
58
)
-> None:59 client = Sample.create_client(
'ACCESS_KEY_ID',
'ACCESS_KEY_SECRET')
60 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
61 object_path=
'https://club-admin-7788-uat.apta.com.hk/',
62 object_type=
'Directory'63 )
64 runtime = util_models.RuntimeOptions()
65 resp =
await client.refresh_object_caches_with_options_async(refresh_object_caches_request, runtime)
66 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
676869if __name__ ==
'__main__':
70 Sample.main(sys.argv[
1:])
成功给https://uat.abc.com网站目录刷新。
了解新钛云服
往期技术干货
点👇分享
戳👇在看
关键词
系统
代码
脚本
实战
域名
最新评论
推荐文章
作者最新文章
你可能感兴趣的文章
Copyright Disclaimer: The copyright of contents (including texts, images, videos and audios) posted above belong to the User who shared or the third-party website which the User shared from. If you found your copyright have been infringed, please send a DMCA takedown notice to [email protected]. For more detail of the source, please click on the button "Read Original Post" below. For other communications, please send to [email protected].
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。