云安全中心应急漏洞扫描

网络安全扫描漏洞(云安全中心API应急漏洞扫描实战)(1)

云安全中心是一个实时识别、分析、预警安全威胁的统一安全管理系统,通过防勒索、防病毒、防篡改、合规检查等安全能力,实现威胁检测、告警响应、攻击溯源的自动化安全运营闭环,保护云上资产和本地服务器安全,并满足监管合规要求。

前提条件配置

①子账户生成阿里云的AKSK信息,授权云安全中心权限

②python环境配置

1安装依赖 2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel 3 4 5下载python3.10.4 6wget -c https://www.Python.org/ftp/python/3.10.4/Python-3.10.4.tgz 7 8解压python3.10.4 9tar -zxvf Python-3.10.4.tgz 10 11cd Python-3.10.4/ 12./configure --with-ssl 13make && make install 14 15备份python文件 16mv /usr/bin/python /usr/bin/python.bak 17 18#建立python3的软链接 19ln -s /usr/local/bin/python3 /usr/bin/python 20 21which pip3 22#yum执行异常解决 23vi /usr/libexec/urlgrabber-ext-down 24#! /usr/bin/python2 25 26vi /usr/bin/yum 27#!/usr/bin/python2 28 29 30安装模块 31pip3 install --upgrade pip 32pip3 install alibabacloud_sas20181203==1.1.13 33pip install alibabacloud_tea_console 34 35如果在import ssl调式报错ImportError: cannot import name 'OPENSSL_VERSION_NUMBER' from '_ssl' (unknown location)解决办法如下 36 37#下载安装openssl 38wget -c https://www.openssl.org/source/openssl-1.1.1n.tar.gz 39tar -zxvf openssl-1.1.1n.tar.gz 40cd openssl-1.1.1n 41./config --prefix=/usr/local/openssl 42make && make instal 43mv /usr/bin/openssl /usr/bin/openssl.bak 44ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl 45echo "/usr/local/openssl/lib" >> /etc/ld.so.conf 46 47ldconfig -v 48 49#查询openssl版本 50openssl version 51 52vim /root/Python-3.10.4/Modules/Setup 53211 OPENSSL=/usr/local/openssl 54212 _ssl _ssl.c \ 55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \ 56214 -lssl -lcrypto 57 58 59最后在执行下python3.10.4安装 60cd Python-3.10.4/ 61./configure 62make && make install

一、扫描获取特定应急漏洞的名称信息

如扫描fastjson <= 1.2.80 反序列化任意代码执行漏洞

API文档 https://help.aliyun.com/document_detail/421691.html

网络安全扫描漏洞(云安全中心API应急漏洞扫描实战)(2)

Lang:zh

RiskStatus:y

ScanType:python

CheckType:fastjson <= 1.2.80 反序列化任意代码执行漏洞

VulName:

1{ 2 "TotalCount": 1, 3 "RequestId": "A79C0E69-CE10-5688-8D01-7322BD3715C8", 4 "PageSize": 5, 5 "CurrentPage": 1, 6 "GroupedVulItems": [ 7 { 8 "Status": 30, 9 "PendingCount": 116, 10 "Type": "python", 11 "Description": "fastjson已使用黑白名单用于防御反序列化漏洞,经研究该利用在特定条件下可绕过默认autoType关闭限制,攻击远程服务器,风险影响较大。建议fastjson用户尽快采取安全措施保障系统安全。\n\n特定依赖存在下影响 ≤1.2.80。", 12 "CheckType": 1, 13 "AliasName": "fastjson <= 1.2.80 反序列化任意代码执行漏洞【原理扫描】", 14 "GmtLastCheck": 1653471386000, 15 "GmtPublish": 1653273837000, 16 "Name": "emg:SCA:AVD-2022-1243027" 17 } 18 ] 19}

得到特定应急漏洞名称信息为emg:SCA:AVD-2022-1243027

pip install alibabacloud_sas20181203==1.1.13

pip install alibabacloud_tea_console

1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client: 25 """ 26 使用AK&SK初始化账号Client 27 @param access_key_id: 28 @param access_key_secret: 29 @return: Client 30 @throws Exception 31 """ 32 config = open_api_models.Config( 33 # 您的AccessKey ID, 34 access_key_id='LTAI5t', 35 # 您的AccessKey Secret, 36 access_key_secret='dSr' 37 ) 38 # 访问的域名 39 config.endpoint = f'tds.aliyuncs.com' 40 return Sas20181203Client(config) 41 42 @staticmethod 43 def main( 44 args: List[str], 45 ) -> None: 46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 47 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest( 48 lang='zh', 49 risk_status='y', 50 scan_type='python', 51 vul_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞' 52 ) 53 runtime = util_models.RuntimeOptions() 54 resp = client.describe_emg_vul_item_with_options(describe_emg_vul_item_request, runtime) 55 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 56 57 @staticmethod 58 async def main_async( 59 args: List[str], 60 ) -> None: 61 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 62 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest( 63 lang='zh', 64 risk_status='y', 65 scan_type='python', 66 vul_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞' 67 ) 68 runtime = util_models.RuntimeOptions() 69 resp = await client.describe_emg_vul_item_with_options_async(describe_emg_vul_item_request, runtime) 70 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 71 72 73if __name__ == '__main__': 74 Sample.main(sys.argv[1:])

二、根据特定的应急漏洞执行扫描任务

Lang:zh

Name:emg:SCA:AVD-2022-1243027

UserAgreement:yes

1{ 2 "RequestId": "08744049-2F38-54BF-A7E7-529B5226AC9E" 3}

网络安全扫描漏洞(云安全中心API应急漏洞扫描实战)(3)

pip install alibabacloud_sas20181203==1.1.13

1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client: 25 """ 26 使用AK&SK初始化账号Client 27 @param access_key_id: 28 @param access_key_secret: 29 @return: Client 30 @throws Exception 31 """ 32 config = open_api_models.Config( 33 # 您的AccessKey ID, 34 access_key_id='LTAI5t', 35 # 您的AccessKey Secret, 36 access_key_secret='dS' 37 ) 38 # 访问的域名 39 config.endpoint = f'tds.aliyuncs.com' 40 return Sas20181203Client(config) 41 42 @staticmethod 43 def main( 44 args: List[str], 45 ) -> None: 46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 47 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest( 48 lang='zh', 49 name='emg:SCA:AVD-2022-1243027', 50 user_agreement='yes' 51 ) 52 runtime = util_models.RuntimeOptions() 53 resp = client.modify_emg_vul_submit_with_options(modify_emg_vul_submit_request, runtime) 54 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 55 56 @staticmethod 57 async def main_async( 58 args: List[str], 59 ) -> None: 60 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 61 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest( 62 lang='zh', 63 name='emg:SCA:AVD-2022-1243027', 64 user_agreement='yes' 65 ) 66 runtime = util_models.RuntimeOptions() 67 resp = await client.modify_emg_vul_submit_with_options_async(modify_emg_vul_submit_request, runtime) 68 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 69 70 71if __name__ == '__main__': 72 Sample.main(sys.argv[1:])

执行脚本发现阿里云的云安全中心应急漏洞fastjson <= 1.2.80 反序列化任意代码执行漏洞开始执行扫描任务计划

三、应急漏洞全部扫描

Types:"emg"

Uuids:

1cve:Linux软件漏洞 2sys:Windows系统漏洞 3cms:Web-CMS漏洞 4app:应用漏洞 5emg:应急漏洞 6image:容器镜像漏洞

网络安全扫描漏洞(云安全中心API应急漏洞扫描实战)(4)

pip install alibabacloud_sas20181203==1.1.13

1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client: 25 """ 26 使用AK&SK初始化账号Client 27 @param access_key_id: 28 @param access_key_secret: 29 @return: Client 30 @throws Exception 31 """ 32 config = open_api_models.Config( 33 # 您的AccessKey ID, 34 access_key_id='LTAI5t', 35 # 您的AccessKey Secret, 36 access_key_secret='dSr' 37 ) 38 # 访问的域名 39 config.endpoint = f'tds.aliyuncs.com' 40 return Sas20181203Client(config) 41 42 @staticmethod 43 def main( 44 args: List[str], 45 ) -> None: 46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 47 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest( 48 types='"emg"' 49 ) 50 runtime = util_models.RuntimeOptions() 51 resp = client.modify_start_vul_scan_with_options(modify_start_vul_scan_request, runtime) 52 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 53 54 @staticmethod 55 async def main_async( 56 args: List[str], 57 ) -> None: 58 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 59 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest( 60 types='"emg"' 61 ) 62 runtime = util_models.RuntimeOptions() 63 resp = await client.modify_start_vul_scan_with_options_async(modify_start_vul_scan_request, runtime) 64 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 65 66 67if __name__ == '__main__': 68 Sample.main(sys.argv[1:])

执行完脚本后应急漏洞服务全部开始扫描计划任务

四、导出应急漏洞列表信息

API文档信息 ExportVul - 导出漏洞列表 (aliyun.com)

Lang:zh

Type:emg

Uuids:

AliasName:fastjson <= 1.2.80 反序列化任意代码执行漏洞

Necessity:asap

Dealed:n

网络安全扫描漏洞(云安全中心API应急漏洞扫描实战)(5)

1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_darabonba_env.client import Client as EnvClient 11from alibabacloud_sas20181203 import models as sas_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> SasClient: 25 """ 26 使用AK&SK初始化账号Client 27 """ 28 config = open_api_models.Config() 29 # 您的AccessKey ID 30 config.access_key_id = 'LTAI5t' 31 # 您的AccessKey Secret 32 config.access_key_secret = 'dSrH3z' 33 config.endpoint = 'tds.aliyuncs.com' 34 return SasClient(config) 35 36 @staticmethod 37 def main( 38 args: List[str], 39 ) -> None: 40 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET')) 41 export_request = sas_models.ExportVulRequest( 42 lang='zh', 43 type='emg', 44 alias_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞', 45 necessity='asap', 46 dealed='n' 47 ) 48 export_response = client.export_vul(export_request) 49 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}') 50 51 @staticmethod 52 async def main_async( 53 args: List[str], 54 ) -> None: 55 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET')) 56 export_request = sas_models.ExportVulRequest( 57 lang='zh', 58 type='emg', 59 alias_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞', 60 necessity='asap', 61 dealed='n' 62 ) 63 export_response = await client.export_vul_async(export_request) 64 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}') 65 66 67if __name__ == '__main__': 68 Sample.main(sys.argv[1:])

得到值为

1[LOG] response is {"FileName": "emg_20220526", "Id": 102889, "RequestId": "A15E37DA-10C8-542D-8D59-CCCB5E6837E4"}

1在执行脚本的时候可以通过过滤id号得到漏洞导出任务的ID信息,最后得到值为102889 2 3python3 exportall.py | grep \"Id\" | awk -F\: '{print $3}' | awk -F\, '{print $1}' 4

通过ExportId的102889获取文件下载

1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_darabonba_env.client import Client as EnvClient 11from alibabacloud_sas20181203 import models as sas_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> SasClient: 25 """ 26 使用AK&SK初始化账号Client 27 """ 28 config = open_api_models.Config() 29 # 您的AccessKey ID 30 config.access_key_id = 'LTAI' 31 # 您的AccessKey Secret 32 config.access_key_secret = 'dSrH' 33 config.endpoint = 'tds.aliyuncs.com' 34 return SasClient(config) 35 36 @staticmethod 37 def main( 38 args: List[str], 39 ) -> None: 40 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET')) 41 export_request = sas_models.ExportVulRequest( 42 type='cve' 43 ) 44 export_response = client.export_vul(export_request) 45 body = export_response.body 46 export_info_id = body.id 47 vul_export_info_request = sas_models.DescribeVulExportInfoRequest( 48 export_id=102889 49 ) 50 info_detail_response = client.describe_vul_export_info(vul_export_info_request) 51 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}') 52 53 @staticmethod 54 async def main_async( 55 args: List[str], 56 ) -> None: 57 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET')) 58 export_request = sas_models.ExportVulRequest( 59 type='cve' 60 ) 61 export_response = await client.export_vul_async(export_request) 62 body = export_response.body 63 export_info_id = body.id 64 vul_export_info_request = sas_models.DescribeVulExportInfoRequest( 65 export_id=102889 66 ) 67 info_detail_response = await client.describe_vul_export_info_async(vul_export_info_request) 68 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}') 69 70 71if __name__ == '__main__': 72 Sample.main(sys.argv[1:])

1执行脚本得到附件的下载链接 2python exportfile.py | awk -F\"Link\": '{print $2}' | awk -F\, '{print $1}' | xargs wget -O "emg_$(date %Y%m%d).zip" 3

可以把zip文件解压后上传到oss存储中,通过脚本钉钉推送到指定群通知或者邮件推送指定的人

1钉钉推送如下 2wget https://gosspublic.alicdn.com/ossutil/1.7.9/ossutil64 3chmod 755 ossutil64 4 5 6./ossutil64 config 7./ossutil64 ls oss://examplebucket -c /home/config 8 9 10vim vulnerabilityDingtack.sh 11#!/bin/bash 12 13UPLOAD_TIME=$(date " %Y%m%d") 14curl 'https://oapi.dingtalk.com/robot/send?access_token=88c98f36028d0564c' \ 15-H 'Content-Type: application/json' \ 16-d '{ 17"msgtype": "link", 18"link": { 19"text":"应急安全漏洞 \n", 20"title": "应急安全漏洞报告", 21"picUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/vulnerability.png", 22"messageUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/emg_'${UPLOAD_TIME}'.xlsx" 23} 24}' 25 26echo "---------上传到OSS--------------------" 27ALI_OSS_ENDPOINT="oss-cn-shanghai.aliyuncs.com" 28ALI_OSS_AK="LTAI5" 29ALI_OSS_SK="dSrH3z" 30WORKSPACE=/opt/kingen 31 32#打开oss命令文件夹 33cd ${WORKSPACE}/ 34#配置oss 35./ossutil64 config -e ${ALI_OSS_ENDPOINT} -i ${ALI_OSS_AK} -k ${ALI_OSS_SK} 36unzip emg_${UPLOAD_TIME}.zip 37#上传xlsx到oss 38./ossutil64 cp "./emg_${UPLOAD_TIME}.xlsx" "oss://backups/vulnerability/"

来个开胃小菜

阿里云CDN刷新目录脚本(刷新之前更换AKSK秘钥,替换object_path刷新的网站URL地址)

pip install alibabacloud_cdn20180510==1.0.11

1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_cdn20180510.client import Client as Cdn20180510Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_cdn20180510 import models as cdn_20180510_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Cdn20180510Client: 25 """ 26 使用AK&SK初始化账号Client 27 @param access_key_id: 28 @param access_key_secret: 29 @return: Client 30 @throws Exception 31 """ 32 config = open_api_models.Config( 33 # 您的AccessKey ID, 34 access_key_id=access_key_id, 35 # 您的AccessKey Secret, 36 access_key_secret=access_key_secret 37 ) 38 # 访问的域名 39 config.endpoint = f'cdn.aliyuncs.com' 40 return Cdn20180510Client(config) 41 42 @staticmethod 43 def main( 44 args: List[str], 45 ) -> None: 46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 47 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest( 48 object_path='https://uat.abc.com/', 49 object_type='Directory' 50 ) 51 runtime = util_models.RuntimeOptions() 52 resp = client.refresh_object_caches_with_options(refresh_object_caches_request, runtime) 53 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 54 55 @staticmethod 56 async def main_async( 57 args: List[str], 58 ) -> None: 59 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET') 60 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest( 61 object_path='https://club-admin-7788-uat.apta.com.hk/', 62 object_type='Directory' 63 ) 64 runtime = util_models.RuntimeOptions() 65 resp = await client.refresh_object_caches_with_options_async(refresh_object_caches_request, runtime) 66 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 67 68 69if __name__ == '__main__': 70 Sample.main(sys.argv[1:])

成功给https://uat.abc.com网站目录刷新。

,