云安全中心应急漏洞扫描

云安全中心是一个实时识别、分析、预警安全威胁的统一安全管理系统，通过防勒索、防病毒、防篡改、合规检查等安全能力，实现威胁检测、告警响应、攻击溯源的自动化安全运营闭环，保护云上资产和本地服务器安全，并满足监管合规要求。

前提条件配置

①子账户生成阿里云的AKSK信息，授权云安全中心权限

②python环境配置

1安装依赖
2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c++ libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel
3
4
5下载python3.10.4
6wget -c https://www.python.org/ftp/python/3.10.4/Python-3.10.4.tgz
7
8解压python3.10.4
9tar -zxvf Python-3.10.4.tgz
10
11cd Python-3.10.4/
12./configure –with-ssl
13make && make install
14
15备份python文件
16mv /usr/bin/python /usr/bin/python.bak
17
18#建立python3的软链接
19ln -s /usr/local/bin/python3 /usr/bin/python
20
21which pip3
22#yum执行异常解决
23vi /usr/libexec/urlgrabber-ext-down
24#! /usr/bin/python2
25
26vi /usr/bin/yum
27#!/usr/bin/python2
28
29
30安装模块
31pip3 install –upgrade pip
32pip3 install alibabacloud_sas20181203==1.1.13
33pip install alibabacloud_tea_console
34
35如果在import ssl调式报错ImportError: cannot import name ‘OPENSSL_VERSION_NUMBER’ from ‘_ssl’ (unknown location)解决办法如下
36
37#下载安装openssl
38wget -c https://www.openssl.org/source/openssl-1.1.1n.tar.gz
39tar -zxvf openssl-1.1.1n.tar.gz
40cd openssl-1.1.1n
41./config –prefix=/usr/local/openssl
42make && make instal
43mv /usr/bin/openssl /usr/bin/openssl.bak
44ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
45echo “/usr/local/openssl/lib” >> /etc/ld.so.conf
46
47ldconfig -v
48
49#查询openssl版本
50openssl version
51
52vim /root/Python-3.10.4/Modules/Setup
53211 OPENSSL=/usr/local/openssl
54212 _ssl _ssl.c \
55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \
56214 -lssl -lcrypto
57
58
59最后在执行下python3.10.4安装
60cd Python-3.10.4/
61./configure
62make && make install

一、扫描获取特定应急漏洞的名称信息

如扫描fastjson <= 1.2.80 反序列化任意代码执行漏洞 API文档 https://help.aliyun.com/document_detail/421691.html Lang:zh RiskStatus:y ScanType:python CheckType:fastjson <= 1.2.80 反序列化任意代码执行漏洞 VulName: 1{ 2 "TotalCount": 1, 3 "RequestId": "A79C0E69-CE10-5688-8D01-7322BD3715C8", 4 "PageSize": 5, 5 "CurrentPage": 1, 6 "GroupedVulItems": [ 7 { 8 "Status": 30, 9 "PendingCount": 116, 10 "Type": "python", 11 "Description": "fastjson已使用黑白名单用于防御反序列化漏洞，经研究该利用在特定条件下可绕过默认autoType关闭限制，攻击远程服务器，风险影响较大。建议fastjson用户尽快采取安全措施保障系统安全。\n\n特定依赖存在下影响 ≤1.2.80。", 12 "CheckType": 1, 13 "AliasName": "fastjson <= 1.2.80 反序列化任意代码执行漏洞【原理扫描】", 14 "GmtLastCheck": 1653471386000, 15 "GmtPublish": 1653273837000, 16 "Name": "emg:SCA:AVD-2022-1243027" 17 } 18 ] 19} 得到特定应急漏洞名称信息为emg:SCA:AVD-2022-1243027 pip install alibabacloud_sas20181203==1.1.13 pip install alibabacloud_tea_console 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client:
25 “””
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 “””
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id=’LTAI5t’,
35 # 您的AccessKey Secret,
36 access_key_secret=’dSr’
37 )
38 # 访问的域名
39 config.endpoint = f’tds.aliyuncs.com’
40 return Sas20181203Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
47 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
48 lang=’zh’,
49 risk_status=’y’,
50 scan_type=’python’,
51 vul_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞' 52 ) 53 runtime = util_models.RuntimeOptions() 54 resp = client.describe_emg_vul_item_with_options(describe_emg_vul_item_request, runtime) 55 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 56 57 @staticmethod 58 async def main_async( 59 args: List[str], 60 ) -> None:
61 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
62 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
63 lang=’zh’,
64 risk_status=’y’,
65 scan_type=’python’,
66 vul_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞' 67 ) 68 runtime = util_models.RuntimeOptions() 69 resp = await client.describe_emg_vul_item_with_options_async(describe_emg_vul_item_request, runtime) 70 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 71 72 73if __name__ == '__main__': 74 Sample.main(sys.argv[1:]) 二、根据特定的应急漏洞执行扫描任务 Lang:zh Name:emg:SCA:AVD-2022-1243027 UserAgreement:yes 1{ 2 "RequestId": "08744049-2F38-54BF-A7E7-529B5226AC9E" 3} pip install alibabacloud_sas20181203==1.1.13 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client:
25 “””
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 “””
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id=’LTAI5t’,
35 # 您的AccessKey Secret,
36 access_key_secret=’dS’
37 )
38 # 访问的域名
39 config.endpoint = f’tds.aliyuncs.com’
40 return Sas20181203Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
47 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(
48 lang=’zh’,
49 name=’emg:SCA:AVD-2022-1243027′,
50 user_agreement=’yes’
51 )
52 runtime = util_models.RuntimeOptions()
53 resp = client.modify_emg_vul_submit_with_options(modify_emg_vul_submit_request, runtime)
54 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
55
56 @staticmethod
57 async def main_async(
58 args: List[str],
59 ) -> None:
60 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
61 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(
62 lang=’zh’,
63 name=’emg:SCA:AVD-2022-1243027′,
64 user_agreement=’yes’
65 )
66 runtime = util_models.RuntimeOptions()
67 resp = await client.modify_emg_vul_submit_with_options_async(modify_emg_vul_submit_request, runtime)
68 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
69
70
71if __name__ == ‘__main__’:
72 Sample.main(sys.argv[1:])

执行脚本发现阿里云的云安全中心应急漏洞fastjson <= 1.2.80 反序列化任意代码执行漏洞开始执行扫描任务计划 三、应急漏洞全部扫描 Types:"emg" Uuids: 1cve：Linux软件漏洞 2sys：Windows系统漏洞 3cms：Web-CMS漏洞 4app：应用漏洞 5emg：应急漏洞 6image：容器镜像漏洞 pip install alibabacloud_sas20181203==1.1.13 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client:
25 “””
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 “””
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id=’LTAI5t’,
35 # 您的AccessKey Secret,
36 access_key_secret=’dSr’
37 )
38 # 访问的域名
39 config.endpoint = f’tds.aliyuncs.com’
40 return Sas20181203Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
47 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
48 types='”emg”‘
49 )
50 runtime = util_models.RuntimeOptions()
51 resp = client.modify_start_vul_scan_with_options(modify_start_vul_scan_request, runtime)
52 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
53
54 @staticmethod
55 async def main_async(
56 args: List[str],
57 ) -> None:
58 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
59 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
60 types='”emg”‘
61 )
62 runtime = util_models.RuntimeOptions()
63 resp = await client.modify_start_vul_scan_with_options_async(modify_start_vul_scan_request, runtime)
64 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
65
66
67if __name__ == ‘__main__’:
68 Sample.main(sys.argv[1:])

执行完脚本后应急漏洞服务全部开始扫描计划任务

四、导出应急漏洞列表信息

API文档信息 ExportVul – 导出漏洞列表 (aliyun.com)

Lang:zh

Type:emg

Uuids:

AliasName:fastjson <= 1.2.80 反序列化任意代码执行漏洞 Necessity:asap Dealed:n 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_darabonba_env.client import Client as EnvClient 11from alibabacloud_sas20181203 import models as sas_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> SasClient:
25 “””
26 使用AK&SK初始化账号Client
27 “””
28 config = open_api_models.Config()
29 # 您的AccessKey ID
30 config.access_key_id = ‘LTAI5t’
31 # 您的AccessKey Secret
32 config.access_key_secret = ‘dSrH3z’
33 config.endpoint = ‘tds.aliyuncs.com’
34 return SasClient(config)
35
36 @staticmethod
37 def main(
38 args: List[str],
39 ) -> None:
40 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
41 export_request = sas_models.ExportVulRequest(
42 lang=’zh’,
43 type=’emg’,
44 alias_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞', 45 necessity='asap', 46 dealed='n' 47 ) 48 export_response = client.export_vul(export_request) 49 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}') 50 51 @staticmethod 52 async def main_async( 53 args: List[str], 54 ) -> None:
55 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
56 export_request = sas_models.ExportVulRequest(
57 lang=’zh’,
58 type=’emg’,
59 alias_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞', 60 necessity='asap', 61 dealed='n' 62 ) 63 export_response = await client.export_vul_async(export_request) 64 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}') 65 66 67if __name__ == '__main__': 68 Sample.main(sys.argv[1:]) 得到值为 1[LOG] response is {"FileName": "emg_20220526", "Id": 102889, "RequestId": "A15E37DA-10C8-542D-8D59-CCCB5E6837E4"} 1在执行脚本的时候可以通过过滤id号得到漏洞导出任务的ID信息，最后得到值为102889 2 3python3 exportall.py | grep \"Id\" | awk -F\: '{print $3}' | awk -F\, '{print $1}' 4 通过ExportId的102889获取文件下载 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_darabonba_env.client import Client as EnvClient 11from alibabacloud_sas20181203 import models as sas_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> SasClient:
25 “””
26 使用AK&SK初始化账号Client
27 “””
28 config = open_api_models.Config()
29 # 您的AccessKey ID
30 config.access_key_id = ‘LTAI’
31 # 您的AccessKey Secret
32 config.access_key_secret = ‘dSrH’
33 config.endpoint = ‘tds.aliyuncs.com’
34 return SasClient(config)
35
36 @staticmethod
37 def main(
38 args: List[str],
39 ) -> None:
40 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
41 export_request = sas_models.ExportVulRequest(
42 type=’cve’
43 )
44 export_response = client.export_vul(export_request)
45 body = export_response.body
46 export_info_id = body.id
47 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
48 export_id=102889
49 )
50 info_detail_response = client.describe_vul_export_info(vul_export_info_request)
51 ConsoleClient.log(f’response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}’)
52
53 @staticmethod
54 async def main_async(
55 args: List[str],
56 ) -> None:
57 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
58 export_request = sas_models.ExportVulRequest(
59 type=’cve’
60 )
61 export_response = await client.export_vul_async(export_request)
62 body = export_response.body
63 export_info_id = body.id
64 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
65 export_id=102889
66 )
67 info_detail_response = await client.describe_vul_export_info_async(vul_export_info_request)
68 ConsoleClient.log(f’response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}’)
69
70
71if __name__ == ‘__main__’:
72 Sample.main(sys.argv[1:])

1执行脚本得到附件的下载链接
2python exportfile.py | awk -F\”Link\”: ‘{print $2}’ | awk -F\, ‘{print $1}’ | xargs wget -O “emg_$(date +%Y%m%d).zip”
3

可以把zip文件解压后上传到oss存储中，通过脚本钉钉推送到指定群通知或者邮件推送指定的人

1钉钉推送如下
2wget https://gosspublic.alicdn.com/ossutil/1.7.9/ossutil64
3chmod 755 ossutil64
4
5
6./ossutil64 config
7./ossutil64 ls oss://examplebucket -c /home/config
8
9
10vim vulnerabilityDingtack.sh
11#!/bin/bash
12
13UPLOAD_TIME=$(date “+%Y%m%d”)
14curl ‘https://oapi.dingtalk.com/robot/send?access_token=88c98f36028d0564c’ \
15-H ‘Content-Type: application/json’ \
16-d ‘{
17″msgtype”: “link”,
18″link”: {
19″text”:”应急安全漏洞 \n”,
20″title”: “应急安全漏洞报告”,
21″picUrl”: “https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/vulnerability.png”,
22″messageUrl”: “https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/emg_’${UPLOAD_TIME}’.xlsx”
23}
24}’
25
26echo “———上传到OSS——————–”
27ALI_OSS_ENDPOINT=”oss-cn-shanghai.aliyuncs.com”
28ALI_OSS_AK=”LTAI5″
29ALI_OSS_SK=”dSrH3z”
30WORKSPACE=/opt/kingen
31
32#打开oss命令文件夹
33cd ${WORKSPACE}/
34#配置oss
35./ossutil64 config -e ${ALI_OSS_ENDPOINT} -i ${ALI_OSS_AK} -k ${ALI_OSS_SK}
36unzip emg_${UPLOAD_TIME}.zip
37#上传xlsx到oss
38./ossutil64 cp “./emg_${UPLOAD_TIME}.xlsx” “oss://backups/vulnerability/”

来个开胃小菜

阿里云CDN刷新目录脚本(刷新之前更换AKSK秘钥,替换object_path刷新的网站URL地址)

pip install alibabacloud_cdn20180510==1.0.11

1# -*- coding: utf-8 -*-
2# This file is auto-generated, don’t edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_cdn20180510.client import Client as Cdn20180510Client
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_cdn20180510 import models as cdn_20180510_models
11from alibabacloud_tea_util import models as util_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> Cdn20180510Client:
25 “””
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 “””
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id=access_key_id,
35 # 您的AccessKey Secret,
36 access_key_secret=access_key_secret
37 )
38 # 访问的域名
39 config.endpoint = f’cdn.aliyuncs.com’
40 return Cdn20180510Client(config)
41
42 @staticmethod
43 def main(
44 args: List[str],
45 ) -> None:
46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
47 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
48 object_path=’https://uat.abc.com/’,
49 object_type=’Directory’
50 )
51 runtime = util_models.RuntimeOptions()
52 resp = client.refresh_object_caches_with_options(refresh_object_caches_request, runtime)
53 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
54
55 @staticmethod
56 async def main_async(
57 args: List[str],
58 ) -> None:
59 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
60 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
61 object_path=’https://club-admin-7788-uat.apta.com.hk/’,
62 object_type=’Directory’
63 )
64 runtime = util_models.RuntimeOptions()
65 resp = await client.refresh_object_caches_with_options_async(refresh_object_caches_request, runtime)
66 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
67
68
69if __name__ == ‘__main__’:
70 Sample.main(sys.argv[1:])

成功给https://uat.abc.com网站目录刷新。