• 云安全中心API应急漏洞扫描实战

    云安全中心应急漏洞扫描

    云安全中心是一个实时识别、分析、预警安全威胁的统一安全管理系统,通过防勒索、防病毒、防篡改、合规检查等安全能力,实现威胁检测、告警响应、攻击溯源的自动化安全运营闭环,保护云上资产和本地服务器安全,并满足监管合规要求。

    前提条件配置

    ①子账户生成阿里云的AKSK信息,授权云安全中心权限

    ②python环境配置

    1安装依赖
    2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c++ libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel
    3
    4
    5下载python3.10.4
    6wget -c https://www.python.org/ftp/python/3.10.4/Python-3.10.4.tgz
    7
    8解压python3.10.4
    9tar -zxvf Python-3.10.4.tgz
    10
    11cd Python-3.10.4/
    12./configure –with-ssl
    13make && make install
    14
    15备份python文件
    16mv /usr/bin/python /usr/bin/python.bak
    17
    18#建立python3的软链接
    19ln -s /usr/local/bin/python3 /usr/bin/python
    20
    21which pip3
    22#yum执行异常解决
    23vi /usr/libexec/urlgrabber-ext-down
    24#! /usr/bin/python2
    25
    26vi /usr/bin/yum
    27#!/usr/bin/python2
    28
    29
    30安装模块
    31pip3 install –upgrade pip
    32pip3 install alibabacloud_sas20181203==1.1.13
    33pip install alibabacloud_tea_console
    34
    35如果在import ssl调式报错ImportError: cannot import name ‘OPENSSL_VERSION_NUMBER’ from ‘_ssl’ (unknown location)解决办法如下
    36
    37#下载安装openssl
    38wget -c https://www.openssl.org/source/openssl-1.1.1n.tar.gz
    39tar -zxvf openssl-1.1.1n.tar.gz
    40cd openssl-1.1.1n
    41./config –prefix=/usr/local/openssl
    42make && make instal
    43mv /usr/bin/openssl /usr/bin/openssl.bak
    44ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
    45echo “/usr/local/openssl/lib” >> /etc/ld.so.conf
    46
    47ldconfig -v
    48
    49#查询openssl版本
    50openssl version
    51
    52vim /root/Python-3.10.4/Modules/Setup
    53211 OPENSSL=/usr/local/openssl
    54212 _ssl _ssl.c \
    55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \
    56214 -lssl -lcrypto
    57
    58
    59最后在执行下python3.10.4安装
    60cd Python-3.10.4/
    61./configure
    62make && make install

    一、扫描获取特定应急漏洞的名称信息

    如扫描fastjson <= 1.2.80 反序列化任意代码执行漏洞 API文档 https://help.aliyun.com/document_detail/421691.html Lang:zh RiskStatus:y ScanType:python CheckType:fastjson <= 1.2.80 反序列化任意代码执行漏洞 VulName: 1{ 2 "TotalCount": 1, 3 "RequestId": "A79C0E69-CE10-5688-8D01-7322BD3715C8", 4 "PageSize": 5, 5 "CurrentPage": 1, 6 "GroupedVulItems": [ 7 { 8 "Status": 30, 9 "PendingCount": 116, 10 "Type": "python", 11 "Description": "fastjson已使用黑白名单用于防御反序列化漏洞,经研究该利用在特定条件下可绕过默认autoType关闭限制,攻击远程服务器,风险影响较大。建议fastjson用户尽快采取安全措施保障系统安全。\n\n特定依赖存在下影响 ≤1.2.80。", 12 "CheckType": 1, 13 "AliasName": "fastjson <= 1.2.80 反序列化任意代码执行漏洞【原理扫描】", 14 "GmtLastCheck": 1653471386000, 15 "GmtPublish": 1653273837000, 16 "Name": "emg:SCA:AVD-2022-1243027" 17 } 18 ] 19} 得到特定应急漏洞名称信息为emg:SCA:AVD-2022-1243027 pip install alibabacloud_sas20181203==1.1.13 pip install alibabacloud_tea_console 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client:
    25 “””
    26 使用AK&SK初始化账号Client
    27 @param access_key_id:
    28 @param access_key_secret:
    29 @return: Client
    30 @throws Exception
    31 “””
    32 config = open_api_models.Config(
    33 # 您的AccessKey ID,
    34 access_key_id=’LTAI5t’,
    35 # 您的AccessKey Secret,
    36 access_key_secret=’dSr’
    37 )
    38 # 访问的域名
    39 config.endpoint = f’tds.aliyuncs.com’
    40 return Sas20181203Client(config)
    41
    42 @staticmethod
    43 def main(
    44 args: List[str],
    45 ) -> None:
    46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    47 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
    48 lang=’zh’,
    49 risk_status=’y’,
    50 scan_type=’python’,
    51 vul_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞' 52 ) 53 runtime = util_models.RuntimeOptions() 54 resp = client.describe_emg_vul_item_with_options(describe_emg_vul_item_request, runtime) 55 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 56 57 @staticmethod 58 async def main_async( 59 args: List[str], 60 ) -> None:
    61 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    62 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(
    63 lang=’zh’,
    64 risk_status=’y’,
    65 scan_type=’python’,
    66 vul_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞' 67 ) 68 runtime = util_models.RuntimeOptions() 69 resp = await client.describe_emg_vul_item_with_options_async(describe_emg_vul_item_request, runtime) 70 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp))) 71 72 73if __name__ == '__main__': 74 Sample.main(sys.argv[1:]) 二、根据特定的应急漏洞执行扫描任务 Lang:zh Name:emg:SCA:AVD-2022-1243027 UserAgreement:yes 1{ 2 "RequestId": "08744049-2F38-54BF-A7E7-529B5226AC9E" 3} pip install alibabacloud_sas20181203==1.1.13 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client:
    25 “””
    26 使用AK&SK初始化账号Client
    27 @param access_key_id:
    28 @param access_key_secret:
    29 @return: Client
    30 @throws Exception
    31 “””
    32 config = open_api_models.Config(
    33 # 您的AccessKey ID,
    34 access_key_id=’LTAI5t’,
    35 # 您的AccessKey Secret,
    36 access_key_secret=’dS’
    37 )
    38 # 访问的域名
    39 config.endpoint = f’tds.aliyuncs.com’
    40 return Sas20181203Client(config)
    41
    42 @staticmethod
    43 def main(
    44 args: List[str],
    45 ) -> None:
    46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    47 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(
    48 lang=’zh’,
    49 name=’emg:SCA:AVD-2022-1243027′,
    50 user_agreement=’yes’
    51 )
    52 runtime = util_models.RuntimeOptions()
    53 resp = client.modify_emg_vul_submit_with_options(modify_emg_vul_submit_request, runtime)
    54 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
    55
    56 @staticmethod
    57 async def main_async(
    58 args: List[str],
    59 ) -> None:
    60 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    61 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(
    62 lang=’zh’,
    63 name=’emg:SCA:AVD-2022-1243027′,
    64 user_agreement=’yes’
    65 )
    66 runtime = util_models.RuntimeOptions()
    67 resp = await client.modify_emg_vul_submit_with_options_async(modify_emg_vul_submit_request, runtime)
    68 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
    69
    70
    71if __name__ == ‘__main__’:
    72 Sample.main(sys.argv[1:])

    执行脚本发现阿里云的云安全中心应急漏洞fastjson <= 1.2.80 反序列化任意代码执行漏洞开始执行扫描任务计划 三、应急漏洞全部扫描 Types:"emg" Uuids: 1cve:Linux软件漏洞 2sys:Windows系统漏洞 3cms:Web-CMS漏洞 4app:应用漏洞 5emg:应急漏洞 6image:容器镜像漏洞 pip install alibabacloud_sas20181203==1.1.13 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_sas20181203 import models as sas_20181203_models 11from alibabacloud_tea_util import models as util_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> Sas20181203Client:
    25 “””
    26 使用AK&SK初始化账号Client
    27 @param access_key_id:
    28 @param access_key_secret:
    29 @return: Client
    30 @throws Exception
    31 “””
    32 config = open_api_models.Config(
    33 # 您的AccessKey ID,
    34 access_key_id=’LTAI5t’,
    35 # 您的AccessKey Secret,
    36 access_key_secret=’dSr’
    37 )
    38 # 访问的域名
    39 config.endpoint = f’tds.aliyuncs.com’
    40 return Sas20181203Client(config)
    41
    42 @staticmethod
    43 def main(
    44 args: List[str],
    45 ) -> None:
    46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    47 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
    48 types='”emg”‘
    49 )
    50 runtime = util_models.RuntimeOptions()
    51 resp = client.modify_start_vul_scan_with_options(modify_start_vul_scan_request, runtime)
    52 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
    53
    54 @staticmethod
    55 async def main_async(
    56 args: List[str],
    57 ) -> None:
    58 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    59 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(
    60 types='”emg”‘
    61 )
    62 runtime = util_models.RuntimeOptions()
    63 resp = await client.modify_start_vul_scan_with_options_async(modify_start_vul_scan_request, runtime)
    64 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
    65
    66
    67if __name__ == ‘__main__’:
    68 Sample.main(sys.argv[1:])

    执行完脚本后应急漏洞服务全部开始扫描计划任务

    四、导出应急漏洞列表信息

    API文档信息 ExportVul – 导出漏洞列表 (aliyun.com)

    Lang:zh

    Type:emg

    Uuids:

    AliasName:fastjson <= 1.2.80 反序列化任意代码执行漏洞 Necessity:asap Dealed:n 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_darabonba_env.client import Client as EnvClient 11from alibabacloud_sas20181203 import models as sas_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> SasClient:
    25 “””
    26 使用AK&SK初始化账号Client
    27 “””
    28 config = open_api_models.Config()
    29 # 您的AccessKey ID
    30 config.access_key_id = ‘LTAI5t’
    31 # 您的AccessKey Secret
    32 config.access_key_secret = ‘dSrH3z’
    33 config.endpoint = ‘tds.aliyuncs.com’
    34 return SasClient(config)
    35
    36 @staticmethod
    37 def main(
    38 args: List[str],
    39 ) -> None:
    40 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
    41 export_request = sas_models.ExportVulRequest(
    42 lang=’zh’,
    43 type=’emg’,
    44 alias_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞', 45 necessity='asap', 46 dealed='n' 47 ) 48 export_response = client.export_vul(export_request) 49 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}') 50 51 @staticmethod 52 async def main_async( 53 args: List[str], 54 ) -> None:
    55 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
    56 export_request = sas_models.ExportVulRequest(
    57 lang=’zh’,
    58 type=’emg’,
    59 alias_name=’fastjson <= 1.2.80 反序列化任意代码执行漏洞', 60 necessity='asap', 61 dealed='n' 62 ) 63 export_response = await client.export_vul_async(export_request) 64 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}') 65 66 67if __name__ == '__main__': 68 Sample.main(sys.argv[1:]) 得到值为 1[LOG] response is {"FileName": "emg_20220526", "Id": 102889, "RequestId": "A15E37DA-10C8-542D-8D59-CCCB5E6837E4"} 1在执行脚本的时候可以通过过滤id号得到漏洞导出任务的ID信息,最后得到值为102889 2 3python3 exportall.py | grep \"Id\" | awk -F\: '{print $3}' | awk -F\, '{print $1}' 4 通过ExportId的102889获取文件下载 1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models 10from alibabacloud_darabonba_env.client import Client as EnvClient 11from alibabacloud_sas20181203 import models as sas_models 12from alibabacloud_tea_console.client import Client as ConsoleClient 13from alibabacloud_tea_util.client import Client as UtilClient 14 15 16class Sample: 17 def __init__(self): 18 pass 19 20 @staticmethod 21 def create_client( 22 access_key_id: str, 23 access_key_secret: str, 24 ) -> SasClient:
    25 “””
    26 使用AK&SK初始化账号Client
    27 “””
    28 config = open_api_models.Config()
    29 # 您的AccessKey ID
    30 config.access_key_id = ‘LTAI’
    31 # 您的AccessKey Secret
    32 config.access_key_secret = ‘dSrH’
    33 config.endpoint = ‘tds.aliyuncs.com’
    34 return SasClient(config)
    35
    36 @staticmethod
    37 def main(
    38 args: List[str],
    39 ) -> None:
    40 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
    41 export_request = sas_models.ExportVulRequest(
    42 type=’cve’
    43 )
    44 export_response = client.export_vul(export_request)
    45 body = export_response.body
    46 export_info_id = body.id
    47 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
    48 export_id=102889
    49 )
    50 info_detail_response = client.describe_vul_export_info(vul_export_info_request)
    51 ConsoleClient.log(f’response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}’)
    52
    53 @staticmethod
    54 async def main_async(
    55 args: List[str],
    56 ) -> None:
    57 client = Sample.create_client(EnvClient.get_env(‘ACCESS_KEY_ID’), EnvClient.get_env(‘ACCESS_KEY_SECRET’))
    58 export_request = sas_models.ExportVulRequest(
    59 type=’cve’
    60 )
    61 export_response = await client.export_vul_async(export_request)
    62 body = export_response.body
    63 export_info_id = body.id
    64 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(
    65 export_id=102889
    66 )
    67 info_detail_response = await client.describe_vul_export_info_async(vul_export_info_request)
    68 ConsoleClient.log(f’response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}’)
    69
    70
    71if __name__ == ‘__main__’:
    72 Sample.main(sys.argv[1:])

    1执行脚本得到附件的下载链接
    2python exportfile.py | awk -F\”Link\”: ‘{print $2}’ | awk -F\, ‘{print $1}’ | xargs wget -O “emg_$(date +%Y%m%d).zip”
    3

    可以把zip文件解压后上传到oss存储中,通过脚本钉钉推送到指定群通知或者邮件推送指定的人

    1钉钉推送如下
    2wget https://gosspublic.alicdn.com/ossutil/1.7.9/ossutil64
    3chmod 755 ossutil64
    4
    5
    6./ossutil64 config
    7./ossutil64 ls oss://examplebucket -c /home/config
    8
    9
    10vim vulnerabilityDingtack.sh
    11#!/bin/bash
    12
    13UPLOAD_TIME=$(date “+%Y%m%d”)
    14curl ‘https://oapi.dingtalk.com/robot/send?access_token=88c98f36028d0564c’ \
    15-H ‘Content-Type: application/json’ \
    16-d ‘{
    17″msgtype”: “link”,
    18″link”: {
    19″text”:”应急安全漏洞 \n”,
    20″title”: “应急安全漏洞报告”,
    21″picUrl”: “https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/vulnerability.png”,
    22″messageUrl”: “https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/emg_’${UPLOAD_TIME}’.xlsx”
    23}
    24}’
    25
    26echo “———上传到OSS——————–”
    27ALI_OSS_ENDPOINT=”oss-cn-shanghai.aliyuncs.com”
    28ALI_OSS_AK=”LTAI5″
    29ALI_OSS_SK=”dSrH3z”
    30WORKSPACE=/opt/kingen
    31
    32#打开oss命令文件夹
    33cd ${WORKSPACE}/
    34#配置oss
    35./ossutil64 config -e ${ALI_OSS_ENDPOINT} -i ${ALI_OSS_AK} -k ${ALI_OSS_SK}
    36unzip emg_${UPLOAD_TIME}.zip
    37#上传xlsx到oss
    38./ossutil64 cp “./emg_${UPLOAD_TIME}.xlsx” “oss://backups/vulnerability/”

    来个开胃小菜

    阿里云CDN刷新目录脚本(刷新之前更换AKSK秘钥,替换object_path刷新的网站URL地址)

    pip install alibabacloud_cdn20180510==1.0.11

    1# -*- coding: utf-8 -*-
    2# This file is auto-generated, don’t edit it. Thanks.
    3import sys
    4
    5from typing import List
    6from Tea.core import TeaCore
    7
    8from alibabacloud_cdn20180510.client import Client as Cdn20180510Client
    9from alibabacloud_tea_openapi import models as open_api_models
    10from alibabacloud_cdn20180510 import models as cdn_20180510_models
    11from alibabacloud_tea_util import models as util_models
    12from alibabacloud_tea_console.client import Client as ConsoleClient
    13from alibabacloud_tea_util.client import Client as UtilClient
    14
    15
    16class Sample:
    17 def __init__(self):
    18 pass
    19
    20 @staticmethod
    21 def create_client(
    22 access_key_id: str,
    23 access_key_secret: str,
    24 ) -> Cdn20180510Client:
    25 “””
    26 使用AK&SK初始化账号Client
    27 @param access_key_id:
    28 @param access_key_secret:
    29 @return: Client
    30 @throws Exception
    31 “””
    32 config = open_api_models.Config(
    33 # 您的AccessKey ID,
    34 access_key_id=access_key_id,
    35 # 您的AccessKey Secret,
    36 access_key_secret=access_key_secret
    37 )
    38 # 访问的域名
    39 config.endpoint = f’cdn.aliyuncs.com’
    40 return Cdn20180510Client(config)
    41
    42 @staticmethod
    43 def main(
    44 args: List[str],
    45 ) -> None:
    46 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    47 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
    48 object_path=’https://uat.abc.com/’,
    49 object_type=’Directory’
    50 )
    51 runtime = util_models.RuntimeOptions()
    52 resp = client.refresh_object_caches_with_options(refresh_object_caches_request, runtime)
    53 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
    54
    55 @staticmethod
    56 async def main_async(
    57 args: List[str],
    58 ) -> None:
    59 client = Sample.create_client(‘ACCESS_KEY_ID’, ‘ACCESS_KEY_SECRET’)
    60 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(
    61 object_path=’https://club-admin-7788-uat.apta.com.hk/’,
    62 object_type=’Directory’
    63 )
    64 runtime = util_models.RuntimeOptions()
    65 resp = await client.refresh_object_caches_with_options_async(refresh_object_caches_request, runtime)
    66 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))
    67
    68
    69if __name__ == ‘__main__’:
    70 Sample.main(sys.argv[1:])

    成功给https://uat.abc.com网站目录刷新。

    «
    »
以专业成就每一位客户,让企业IT只为效果和安全买单

以专业成就每一位客户,让企业IT只为效果和安全买单