云安全中心应急漏洞扫描
云安全中心是一个实时识别、分析、预警安全威胁的统一安全管理系统,通过防勒索、防病毒、防篡改、合规检查等安全能力,实现威胁检测、告警响应、攻击溯源的自动化安全运营闭环,保护云上资产和本地服务器安全,并满足监管合规要求。
前提条件配置
①子账户生成阿里云的AKSK信息,授权云安全中心权限
②python环境配置
1安装依赖
2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel
3
4
5下载python3.10.4
6wget -c https://www.Python.org/ftp/python/3.10.4/Python-3.10.4.tgz
7
8解压python3.10.4
9tar -zxvf Python-3.10.4.tgz
10
11cd Python-3.10.4/
12./configure --with-ssl
13make && make install
14
15备份python文件
16mv /usr/bin/python /usr/bin/python.bak
17
18#建立python3的软链接
19ln -s /usr/local/bin/python3 /usr/bin/python
20
21which pip3
22#yum执行异常解决
23vi /usr/libexec/urlgrabber-ext-down
24#! /usr/bin/python2
25
26vi /usr/bin/yum
27#!/usr/bin/python2
28
29
30安装模块
31pip3 install --upgrade pip
32pip3 install alibabacloud_sas20181203==1.1.13
33pip install alibabacloud_tea_console
34
35如果在import ssl调式报错ImportError: cannot import name 'OPENSSL_VERSION_NUMBER' from '_ssl' (unknown location)解决办法如下
36
37#下载安装openssl
38wget -c https://www.openssl.org/source/openssl-1.1.1n.tar.gz
39tar -zxvf openssl-1.1.1n.tar.gz
40cd openssl-1.1.1n
41./config --prefix=/usr/local/openssl
42make && make instal
43mv /usr/bin/openssl /usr/bin/openssl.bak
44ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
45echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
46
47ldconfig -v
48
49#查询openssl版本
50openssl version
51
52vim /root/Python-3.10.4/Modules/Setup
53211 OPENSSL=/usr/local/openssl
54212 _ssl _ssl.c \
55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \
56214 -lssl -lcrypto
57
58
59最后在执行下python3.10.4安装
60cd Python-3.10.4/
61./configure
62make && make install
一、扫描获取特定应急漏洞的名称信息
如扫描fastjson <= 1.2.80 反序列化任意代码执行漏洞
API文档 https://help.aliyun.com/document_detail/421691.html
Lang:zh
RiskStatus:y
ScanType:python
CheckType:fastjson <= 1.2.80 反序列化任意代码执行漏洞
VulName:
1{
2 "TotalCount": 1,
3 "RequestId": "A79C0E69-CE10-5688-8D01-7322BD3715C8",
4 "PageSize": 5,
5 "CurrentPage": 1,
6 "GroupedVulItems": [
7 {
8 "Status": 30,
9 "PendingCount": 116,
10 "Type": "python",
11 "Description": "fastjson已使用黑白名单用于防御反序列化漏洞,经研究该利用在特定条件下可绕过默认autoType关闭限制,攻击远程服务器,风险影响较大。建议fastjson用户尽快采取安全措施保障系统安全。\n\n特定依赖存在下影响 ≤1.2.80。",
12 "CheckType": 1,
13 "AliasName": "fastjson <= 1.2.80 反序列化任意代码执行漏洞【原理扫描】",
14 "GmtLastCheck": 1653471386000,
15 "GmtPublish": 1653273837000,
16 "Name": "emg:SCA:AVD-2022-1243027"
17 }
18 ]
19}
得到特定应急漏洞名称信息为emg:SCA:AVD-2022-1243027
pip install alibabacloud_sas20181203==1.1.13
pip install alibabacloud_tea_console
1# -*- coding: utf-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_sas20181203.client import Client as Sas20181203Client
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_sas20181203 import models as sas_20181203_models
11from alibabacloud_tea_util import models as util_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> Sas20181203Client:
25 """
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 """
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id='LTAI5t',
35 # 您的AccessKey Secret,
36 access_key_secret='dSr'
37 )
38 # 访问的域名
39 config.endpoint = f'tds.aliyuncs.com'
40 return Sas20181203Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
47 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
48 lang='zh',
49 risk_status='y',
50 scan_type='python',
51 vul_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞'
52 )
53 runtime = util_models.RuntimeOptions()
54 resp = client.describe_emg_vul_item_with_options(describe_emg_vul_item_request, runtime)
55 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
56
57 @staticmethod
58 async def main_async(
59 args: List[str],
60 ) -> None:
61 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
62 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
63 lang='zh',
64 risk_status='y',
65 scan_type='python',
66 vul_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞'
67 )
68 runtime = util_models.RuntimeOptions()
69 resp = await client.describe_emg_vul_item_with_options_async(describe_emg_vul_item_request, runtime)
70 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
71
72
73if __name__ == '__main__':
74 Sample.main(sys.argv[1:])
二、根据特定的应急漏洞执行扫描任务
Lang:zh
Name:emg:SCA:AVD-2022-1243027
UserAgreement:yes
1{
2 "RequestId": "08744049-2F38-54BF-A7E7-529B5226AC9E"
3}
pip install alibabacloud_sas20181203==1.1.13
1# -*- coding: utf-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_sas20181203.client import Client as Sas20181203Client
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_sas20181203 import models as sas_20181203_models
11from alibabacloud_tea_util import models as util_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> Sas20181203Client:
25 """
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 """
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id='LTAI5t',
35 # 您的AccessKey Secret,
36 access_key_secret='dS'
37 )
38 # 访问的域名
39 config.endpoint = f'tds.aliyuncs.com'
40 return Sas20181203Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
47 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(
48 lang='zh',
49 name='emg:SCA:AVD-2022-1243027',
50 user_agreement='yes'
51 )
52 runtime = util_models.RuntimeOptions()
53 resp = client.modify_emg_vul_submit_with_options(modify_emg_vul_submit_request, runtime)
54 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
55
56 @staticmethod
57 async def main_async(
58 args: List[str],
59 ) -> None:
60 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
61 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(
62 lang='zh',
63 name='emg:SCA:AVD-2022-1243027',
64 user_agreement='yes'
65 )
66 runtime = util_models.RuntimeOptions()
67 resp = await client.modify_emg_vul_submit_with_options_async(modify_emg_vul_submit_request, runtime)
68 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
69
70
71if __name__ == '__main__':
72 Sample.main(sys.argv[1:])
执行脚本发现阿里云的云安全中心应急漏洞fastjson <= 1.2.80 反序列化任意代码执行漏洞开始执行扫描任务计划
三、应急漏洞全部扫描
Types:"emg"
Uuids:
1cve:Linux软件漏洞
2sys:Windows系统漏洞
3cms:Web-CMS漏洞
4app:应用漏洞
5emg:应急漏洞
6image:容器镜像漏洞
pip install alibabacloud_sas20181203==1.1.13
1# -*- coding: utf-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_sas20181203.client import Client as Sas20181203Client
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_sas20181203 import models as sas_20181203_models
11from alibabacloud_tea_util import models as util_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> Sas20181203Client:
25 """
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 """
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id='LTAI5t',
35 # 您的AccessKey Secret,
36 access_key_secret='dSr'
37 )
38 # 访问的域名
39 config.endpoint = f'tds.aliyuncs.com'
40 return Sas20181203Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
47 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
48 types='"emg"'
49 )
50 runtime = util_models.RuntimeOptions()
51 resp = client.modify_start_vul_scan_with_options(modify_start_vul_scan_request, runtime)
52 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
53
54 @staticmethod
55 async def main_async(
56 args: List[str],
57 ) -> None:
58 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
59 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
60 types='"emg"'
61 )
62 runtime = util_models.RuntimeOptions()
63 resp = await client.modify_start_vul_scan_with_options_async(modify_start_vul_scan_request, runtime)
64 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
65
66
67if __name__ == '__main__':
68 Sample.main(sys.argv[1:])
执行完脚本后应急漏洞服务全部开始扫描计划任务
四、导出应急漏洞列表信息
API文档信息 ExportVul - 导出漏洞列表 (aliyun.com)
Lang:zh
Type:emg
Uuids:
AliasName:fastjson <= 1.2.80 反序列化任意代码执行漏洞
Necessity:asap
Dealed:n
1# -*- coding: utf-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_sas20181203.client import Client as SasClient
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_darabonba_env.client import Client as EnvClient
11from alibabacloud_sas20181203 import models as sas_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> SasClient:
25 """
26 使用AK&SK初始化账号Client
27 """
28 config = open_api_models.Config()
29 # 您的AccessKey ID
30 config.access_key_id = 'LTAI5t'
31 # 您的AccessKey Secret
32 config.access_key_secret = 'dSrH3z'
33 config.endpoint = 'tds.aliyuncs.com'
34 return SasClient(config)
35
36 @staticmethod
37 def main(
38 args: List[str],
39 ) -> None:
40 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))
41 export_request = sas_models.ExportVulRequest(
42 lang='zh',
43 type='emg',
44 alias_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞',
45 necessity='asap',
46 dealed='n'
47 )
48 export_response = client.export_vul(export_request)
49 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')
50
51 @staticmethod
52 async def main_async(
53 args: List[str],
54 ) -> None:
55 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))
56 export_request = sas_models.ExportVulRequest(
57 lang='zh',
58 type='emg',
59 alias_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞',
60 necessity='asap',
61 dealed='n'
62 )
63 export_response = await client.export_vul_async(export_request)
64 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')
65
66
67if __name__ == '__main__':
68 Sample.main(sys.argv[1:])
得到值为
1[LOG] response is {"FileName": "emg_20220526", "Id": 102889, "RequestId": "A15E37DA-10C8-542D-8D59-CCCB5E6837E4"}
1在执行脚本的时候可以通过过滤id号得到漏洞导出任务的ID信息,最后得到值为102889
2
3python3 exportall.py | grep \"Id\" | awk -F\: '{print $3}' | awk -F\, '{print $1}'
4
通过ExportId的102889获取文件下载
1# -*- coding: utf-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_sas20181203.client import Client as SasClient
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_darabonba_env.client import Client as EnvClient
11from alibabacloud_sas20181203 import models as sas_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> SasClient:
25 """
26 使用AK&SK初始化账号Client
27 """
28 config = open_api_models.Config()
29 # 您的AccessKey ID
30 config.access_key_id = 'LTAI'
31 # 您的AccessKey Secret
32 config.access_key_secret = 'dSrH'
33 config.endpoint = 'tds.aliyuncs.com'
34 return SasClient(config)
35
36 @staticmethod
37 def main(
38 args: List[str],
39 ) -> None:
40 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))
41 export_request = sas_models.ExportVulRequest(
42 type='cve'
43 )
44 export_response = client.export_vul(export_request)
45 body = export_response.body
46 export_info_id = body.id
47 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
48 export_id=102889
49 )
50 info_detail_response = client.describe_vul_export_info(vul_export_info_request)
51 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')
52
53 @staticmethod
54 async def main_async(
55 args: List[str],
56 ) -> None:
57 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))
58 export_request = sas_models.ExportVulRequest(
59 type='cve'
60 )
61 export_response = await client.export_vul_async(export_request)
62 body = export_response.body
63 export_info_id = body.id
64 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
65 export_id=102889
66 )
67 info_detail_response = await client.describe_vul_export_info_async(vul_export_info_request)
68 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')
69
70
71if __name__ == '__main__':
72 Sample.main(sys.argv[1:])
1执行脚本得到附件的下载链接
2python exportfile.py | awk -F\"Link\": '{print $2}' | awk -F\, '{print $1}' | xargs wget -O "emg_$(date %Y%m%d).zip"
3
可以把zip文件解压后上传到oss存储中,通过脚本钉钉推送到指定群通知或者邮件推送指定的人
1钉钉推送如下
2wget https://gosspublic.alicdn.com/ossutil/1.7.9/ossutil64
3chmod 755 ossutil64
4
5
6./ossutil64 config
7./ossutil64 ls oss://examplebucket -c /home/config
8
9
10vim vulnerabilityDingtack.sh
11#!/bin/bash
12
13UPLOAD_TIME=$(date " %Y%m%d")
14curl 'https://oapi.dingtalk.com/robot/send?access_token=88c98f36028d0564c' \
15-H 'Content-Type: application/json' \
16-d '{
17"msgtype": "link",
18"link": {
19"text":"应急安全漏洞 \n",
20"title": "应急安全漏洞报告",
21"picUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/vulnerability.png",
22"messageUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/emg_'${UPLOAD_TIME}'.xlsx"
23}
24}'
25
26echo "---------上传到OSS--------------------"
27ALI_OSS_ENDPOINT="oss-cn-shanghai.aliyuncs.com"
28ALI_OSS_AK="LTAI5"
29ALI_OSS_SK="dSrH3z"
30WORKSPACE=/opt/kingen
31
32#打开oss命令文件夹
33cd ${WORKSPACE}/
34#配置oss
35./ossutil64 config -e ${ALI_OSS_ENDPOINT} -i ${ALI_OSS_AK} -k ${ALI_OSS_SK}
36unzip emg_${UPLOAD_TIME}.zip
37#上传xlsx到oss
38./ossutil64 cp "./emg_${UPLOAD_TIME}.xlsx" "oss://backups/vulnerability/"
来个开胃小菜
阿里云CDN刷新目录脚本(刷新之前更换AKSK秘钥,替换object_path刷新的网站URL地址)
pip install alibabacloud_cdn20180510==1.0.11
1# -*- coding: utf-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_cdn20180510.client import Client as Cdn20180510Client
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_cdn20180510 import models as cdn_20180510_models
11from alibabacloud_tea_util import models as util_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> Cdn20180510Client:
25 """
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 """
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id=access_key_id,
35 # 您的AccessKey Secret,
36 access_key_secret=access_key_secret
37 )
38 # 访问的域名
39 config.endpoint = f'cdn.aliyuncs.com'
40 return Cdn20180510Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
47 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
48 object_path='https://uat.abc.com/',
49 object_type='Directory'
50 )
51 runtime = util_models.RuntimeOptions()
52 resp = client.refresh_object_caches_with_options(refresh_object_caches_request, runtime)
53 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
54
55 @staticmethod
56 async def main_async(
57 args: List[str],
58 ) -> None:
59 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')
60 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
61 object_path='https://club-admin-7788-uat.apta.com.hk/',
62 object_type='Directory'
63 )
64 runtime = util_models.RuntimeOptions()
65 resp = await client.refresh_object_caches_with_options_async(refresh_object_caches_request, runtime)
66 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
67
68
69if __name__ == '__main__':
70 Sample.main(sys.argv[1:])
成功给https://uat.abc.com网站目录刷新。
,