GithubHelp home page GithubHelp logo

cve-monitor's Introduction

CveMonitor

0x01 功能说明

通过搜索功能,在github搜索cve关键字,对最近15分钟内结果进行处理,对比出新增POC,并通过钉钉/飞书进行通知(在lib/Notice.py中修改机器人token)

使用说明:

➜  python3 cveMonitor.py
2022-07-25 15:10:02	Github总数量:968
2022-07-25 15:10:02	SELECT * FROM Monitor WHERE gitname = 'blmvuln' and giturl = 'https://github.com/MathiasReker/blmvuln' and status = '1'
2022-07-25 15:10:02	SELECT * FROM monitor WHERE status = '1' and hash = 'f0e0d9e7ab1087621ced54bacf4276f49ef25762'
2022-07-25 15:10:02	SELECT * FROM black
2022-07-25 15:10:02	INSERT INTO main.monitor('cve','gitname','giturl','description','hash','status') VALUES('cve-2022-31101','blmvuln','https://github.com/MathiasReker/blmvuln','Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101','f0e0d9e7ab1087621ced54bacf4276f49ef25762','1')
2022-07-25 15:10:03	SELECT * FROM monitor WHERE cve = 'cve-2022-31101' and status = '1'
2022-07-25 15:10:03
【CVE新增监控告警通知:】
[0] 项目名称:blmvuln
[0] 项目地址:https://github.com/MathiasReker/blmvuln
[0] 项目描述: Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101
[0] CVE编号:CVE-2022-31101
[0] CVSS等级:8.8 HIGH
[0] CVE说明:prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

服务器设置定时任务,10分钟执行一次py(由于要减少github访问量,因此针对20分钟前新增的数据不会进行处理,只要设置的执行周期<20分钟就可以了,推荐是5-15)

➜ crontab -l
*/5 * * * *  cd /root/tools/CveMonitor/ && python3 cveMonitor.py  2>&1  >> out.txt

0x02 过滤规则

  • 空项目过滤

    项目无文件不通知

  • README过滤

    Readme < 300字节且没有其他文件时不通知

  • Fork过滤

    Fork项目不通知

  • 抄袭项目过滤

    项目Readme在其他项目中也有时、gitname和gitdes同时与他人重复,判定为相似/二开项目,不通知。

  • 黑名单过滤

    内置黑名单,命中不通知(giturl,项目描述,cve编号,readme内容)

  • repo数量过滤

    如果某CVE通知的repo数量超过10个,只记录,不通知

  • 用户上传数量过滤

    如果一个用户短时间内上传超过10个repo,暂时拉黑该用户

0x03 其他功能

  • 记录处理历史
  • 首次出现CVE编号特殊标识

0x04 TODO

  • 过滤器增加
  • 过滤器优化

0x05 其他说明

希望各位大佬能原谅我在代码中的偷懒行为

参考:https://github.com/grayddq/ScanCVE

cve-monitor's People

Contributors

ldrakura avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.