云安全中心应急漏洞扫描
云安全中心是一个实时识别、分析、预警安全威胁的统一安全管理系统,通过防勒索、防病毒、防篡改、合规检查等安全能力,实现威胁检测、告警响应、攻击溯源的自动化安全运营闭环,保护云上资产和本地服务器安全,并满足监管合规要求。
前提条件配置
①子账户生成阿里云的AKSK信息,授权云安全中心权限
②python环境配置
1安装依赖 2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c++ libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel 3 4 5下载python3.10.4 6wget -c https://www.python.org/ftp/python/3.10.4/Python-3.10.4.tgz 7 8解压python3.10.4 9tar -zxvf Python-3.10.4.tgz1011cd Python-3.10.4/12./configure --with-ssl13make && make install1415备份python文件16mv /usr/bin/python /usr/bin/python.bak1718#建立python3的软链接19ln -s /usr/local/bin/python3 /usr/bin/python2021which pip322#yum执行异常解决23vi /usr/libexec/urlgrabber-ext-down24#! /usr/bin/python22526vi /usr/bin/yum27#!/usr/bin/python2282930安装模块31pip3 install --upgrade pip32pip3 install alibabacloud_sas20181203==1.1.1333pip install alibabacloud_tea_console3435如果在import ssl调式报错ImportError: cannot import name 'OPENSSL_VERSION_NUMBER' from '_ssl' (unknown location)解决办法如下3637#下载安装openssl38wget -c https://www.openssl.org/source/openssl-1.1.1n.tar.gz39tar -zxvf openssl-1.1.1n.tar.gz40cd openssl-1.1.1n41./config --prefix=/usr/local/openssl 42make && make instal43mv /usr/bin/openssl /usr/bin/openssl.bak44ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl45echo "/usr/local/openssl/lib" >> /etc/ld.so.conf4647ldconfig -v4849#查询openssl版本50openssl version5152vim /root/Python-3.10.4/Modules/Setup53211 OPENSSL=/usr/local/openssl54212 _ssl _ssl.c \55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \56214 -lssl -lcrypto575859最后在执行下python3.10.4安装60cd Python-3.10.4/61./configure 62make && make install
一、扫描获取特定应急漏洞的名称信息
如扫描fastjson <= 1.2.80 反序列化任意代码执行漏洞
API文档 https://help.aliyun.com/document_detail/421691.html
Lang:zh
RiskStatus:y
ScanType:python
CheckType:fastjson <= 1.2.80 反序列化任意代码执行漏洞
VulName:
1{ 2 "TotalCount": 1, 3 "RequestId": "A79C0E69-CE10-5688-8D01-7322BD3715C8", 4 "PageSize": 5, 5 "CurrentPage": 1, 6 "GroupedVulItems": [ 7 { 8 "Status": 30, 9 "PendingCount": 116,10 "Type": "python",11 "Description": "fastjson已使用黑白名单用于防御反序列化漏洞,经研究该利用在特定条件下可绕过默认autoType关闭限制,攻击远程服务器,风险影响较大。建议fastjson用户尽快采取安全措施保障系统安全。\n\n特定依赖存在下影响 ≤1.2.80。",12 "CheckType": 1,13 "AliasName": "fastjson <= 1.2.80 反序列化任意代码执行漏洞【原理扫描】",14 "GmtLastCheck": 1653471386000,15 "GmtPublish": 1653273837000,16 "Name": "emg:SCA:AVD-2022-1243027"17 }18 ]19}
得到特定应急漏洞名称信息为emg:SCA:AVD-2022-1243027
pip install alibabacloud_sas20181203==1.1.13
pip install alibabacloud_tea_console
1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models10from alibabacloud_sas20181203 import models as sas_20181203_models11from alibabacloud_tea_util import models as util_models12from alibabacloud_tea_console.client import Client as ConsoleClient13from alibabacloud_tea_util.client import Client as UtilClient141516class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Sas20181203Client:25 """26 使用AK&SK初始化账号Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 """32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id='LTAI5t',35 # 您的AccessKey Secret,36 access_key_secret='dSr'37 )38 # 访问的域名39 config.endpoint = f'tds.aliyuncs.com'40 return Sas20181203Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(48 lang='zh',49 risk_status='y',50 scan_type='python',51 vul_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞'52 )53 runtime = util_models.RuntimeOptions()54 resp = client.describe_emg_vul_item_with_options(describe_emg_vul_item_request, runtime)55 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5657 @staticmethod58 async def main_async(59 args: List[str],60 ) -> None:61 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')62 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(63 lang='zh',64 risk_status='y',65 scan_type='python',66 vul_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞'67 )68 runtime = util_models.RuntimeOptions()69 resp = await client.describe_emg_vul_item_with_options_async(describe_emg_vul_item_request, runtime)70 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))717273if __name__ == '__main__':74 Sample.main(sys.argv[1:])
二、根据特定的应急漏洞执行扫描任务
Lang:zh
Name:emg:SCA:AVD-2022-1243027
UserAgreement:yes
1{2 "RequestId": "08744049-2F38-54BF-A7E7-529B5226AC9E"3}
pip install alibabacloud_sas20181203==1.1.13
1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models10from alibabacloud_sas20181203 import models as sas_20181203_models11from alibabacloud_tea_util import models as util_models12from alibabacloud_tea_console.client import Client as ConsoleClient13from alibabacloud_tea_util.client import Client as UtilClient141516class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Sas20181203Client:25 """26 使用AK&SK初始化账号Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 """32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id='LTAI5t',35 # 您的AccessKey Secret,36 access_key_secret='dS'37 )38 # 访问的域名39 config.endpoint = f'tds.aliyuncs.com'40 return Sas20181203Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(48 lang='zh',49 name='emg:SCA:AVD-2022-1243027',50 user_agreement='yes'51 )52 runtime = util_models.RuntimeOptions()53 resp = client.modify_emg_vul_submit_with_options(modify_emg_vul_submit_request, runtime)54 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5556 @staticmethod57 async def main_async(58 args: List[str],59 ) -> None:60 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')61 modify_emg_vul_submit_request = sas_20181203_models.ModifyEmgVulSubmitRequest(62 lang='zh',63 name='emg:SCA:AVD-2022-1243027',64 user_agreement='yes'65 )66 runtime = util_models.RuntimeOptions()67 resp = await client.modify_emg_vul_submit_with_options_async(modify_emg_vul_submit_request, runtime)68 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))697071if __name__ == '__main__':72 Sample.main(sys.argv[1:])
执行脚本发现阿里云的云安全中心应急漏洞fastjson <= 1.2.80 反序列化任意代码执行漏洞开始执行扫描任务计划
三、应急漏洞全部扫描
Types:"emg"
Uuids:
1cve:Linux软件漏洞2sys:Windows系统漏洞3cms:Web-CMS漏洞4app:应用漏洞5emg:应急漏洞6image:容器镜像漏洞
pip install alibabacloud_sas20181203==1.1.13
1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as Sas20181203Client 9from alibabacloud_tea_openapi import models as open_api_models10from alibabacloud_sas20181203 import models as sas_20181203_models11from alibabacloud_tea_util import models as util_models12from alibabacloud_tea_console.client import Client as ConsoleClient13from alibabacloud_tea_util.client import Client as UtilClient141516class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Sas20181203Client:25 """26 使用AK&SK初始化账号Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 """32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id='LTAI5t',35 # 您的AccessKey Secret,36 access_key_secret='dSr'37 )38 # 访问的域名39 config.endpoint = f'tds.aliyuncs.com'40 return Sas20181203Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(48 types='"emg"'49 )50 runtime = util_models.RuntimeOptions()51 resp = client.modify_start_vul_scan_with_options(modify_start_vul_scan_request, runtime)52 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5354 @staticmethod55 async def main_async(56 args: List[str],57 ) -> None:58 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')59 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(60 types='"emg"'61 )62 runtime = util_models.RuntimeOptions()63 resp = await client.modify_start_vul_scan_with_options_async(modify_start_vul_scan_request, runtime)64 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))656667if __name__ == '__main__':68 Sample.main(sys.argv[1:])
执行完脚本后应急漏洞服务全部开始扫描计划任务
四、导出应急漏洞列表信息
API文档信息 ExportVul - 导出漏洞列表 (aliyun.com)
Lang:zh
Type:emg
Uuids:
AliasName:fastjson <= 1.2.80 反序列化任意代码执行漏洞
Necessity:asap
Dealed:n
1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models10from alibabacloud_darabonba_env.client import Client as EnvClient11from alibabacloud_sas20181203 import models as sas_models12from alibabacloud_tea_console.client import Client as ConsoleClient13from alibabacloud_tea_util.client import Client as UtilClient141516class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> SasClient:25 """26 使用AK&SK初始化账号Client27 """28 config = open_api_models.Config()29 # 您的AccessKey ID30 config.access_key_id = 'LTAI5t'31 # 您的AccessKey Secret32 config.access_key_secret = 'dSrH3z'33 config.endpoint = 'tds.aliyuncs.com'34 return SasClient(config)3536 @staticmethod37 def main(38 args: List[str],39 ) -> None:40 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))41 export_request = sas_models.ExportVulRequest(42 lang='zh',43 type='emg',44 alias_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞',45 necessity='asap',46 dealed='n'47 )48 export_response = client.export_vul(export_request)49 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')5051 @staticmethod52 async def main_async(53 args: List[str],54 ) -> None:55 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))56 export_request = sas_models.ExportVulRequest(57 lang='zh',58 type='emg',59 alias_name='fastjson <= 1.2.80 反序列化任意代码执行漏洞',60 necessity='asap',61 dealed='n'62 )63 export_response = await client.export_vul_async(export_request)64 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')656667if __name__ == '__main__':68 Sample.main(sys.argv[1:])
得到值为
1[LOG] response is {"FileName": "emg_20220526", "Id": 102889, "RequestId": "A15E37DA-10C8-542D-8D59-CCCB5E6837E4"}
1在执行脚本的时候可以通过过滤id号得到漏洞导出任务的ID信息,最后得到值为10288923python3 exportall.py | grep \"Id\" | awk -F\: '{print $3}' | awk -F\, '{print $1}'4
通过ExportId的102889获取文件下载
1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_sas20181203.client import Client as SasClient 9from alibabacloud_tea_openapi import models as open_api_models10from alibabacloud_darabonba_env.client import Client as EnvClient11from alibabacloud_sas20181203 import models as sas_models12from alibabacloud_tea_console.client import Client as ConsoleClient13from alibabacloud_tea_util.client import Client as UtilClient141516class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> SasClient:25 """26 使用AK&SK初始化账号Client27 """28 config = open_api_models.Config()29 # 您的AccessKey ID30 config.access_key_id = 'LTAI'31 # 您的AccessKey Secret32 config.access_key_secret = 'dSrH'33 config.endpoint = 'tds.aliyuncs.com'34 return SasClient(config)3536 @staticmethod37 def main(38 args: List[str],39 ) -> None:40 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))41 export_request = sas_models.ExportVulRequest(42 type='cve'43 )44 export_response = client.export_vul(export_request)45 body = export_response.body46 export_info_id = body.id47 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(48 export_id=10288949 )50 info_detail_response = client.describe_vul_export_info(vul_export_info_request)51 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')5253 @staticmethod54 async def main_async(55 args: List[str],56 ) -> None:57 client = Sample.create_client(EnvClient.get_env('ACCESS_KEY_ID'), EnvClient.get_env('ACCESS_KEY_SECRET'))58 export_request = sas_models.ExportVulRequest(59 type='cve'60 )61 export_response = await client.export_vul_async(export_request)62 body = export_response.body63 export_info_id = body.id64 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(65 export_id=10288966 )67 info_detail_response = await client.describe_vul_export_info_async(vul_export_info_request)68 ConsoleClient.log(f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')697071if __name__ == '__main__':72 Sample.main(sys.argv[1:])
1执行脚本得到附件的下载链接2python exportfile.py | awk -F\"Link\": '{print $2}' | awk -F\, '{print $1}' | xargs wget -O "emg_$(date +%Y%m%d).zip" 3
可以把zip文件解压后上传到oss存储中,通过脚本钉钉推送到指定群通知或者邮件推送指定的人
来个开胃小菜
阿里云CDN刷新目录脚本(刷新之前更换AKSK秘钥,替换object_path刷新的网站URL地址)
pip install alibabacloud_cdn20180510==1.0.11
1# -*- coding: utf-8 -*- 2# This file is auto-generated, don't edit it. Thanks. 3import sys 4 5from typing import List 6from Tea.core import TeaCore 7 8from alibabacloud_cdn20180510.client import Client as Cdn20180510Client 9from alibabacloud_tea_openapi import models as open_api_models10from alibabacloud_cdn20180510 import models as cdn_20180510_models11from alibabacloud_tea_util import models as util_models12from alibabacloud_tea_console.client import Client as ConsoleClient13from alibabacloud_tea_util.client import Client as UtilClient141516class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Cdn20180510Client:25 """26 使用AK&SK初始化账号Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 """32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id=access_key_id,35 # 您的AccessKey Secret,36 access_key_secret=access_key_secret37 )38 # 访问的域名39 config.endpoint = f'cdn.aliyuncs.com'40 return Cdn20180510Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(48 object_path='https://uat.abc.com/',49 object_type='Directory'50 )51 runtime = util_models.RuntimeOptions()52 resp = client.refresh_object_caches_with_options(refresh_object_caches_request, runtime)53 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5455 @staticmethod56 async def main_async(57 args: List[str],58 ) -> None:59 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')60 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(61 object_path='https://club-admin-7788-uat.apta.com.hk/',62 object_type='Directory'63 )64 runtime = util_models.RuntimeOptions()65 resp = await client.refresh_object_caches_with_options_async(refresh_object_caches_request, runtime)66 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))676869if __name__ == '__main__':70 Sample.main(sys.argv[1:])
成功给https://uat.abc.com网站目录刷新。
用户评论
这游戏题材真独特!没想到可以用API和漏洞扫描来玩游戏!
有14位网友表示赞同!
一直想了解云安全的知识,不知道这款游戏的玩法会不会很有趣?
有12位网友表示赞同!
终于有人把云安全这种枯燥的知识点做成游戏了,可以开拓视野!
有17位网友表示赞同!
这游戏的难度系数应该蛮高的吧,对程序和安全都有要求。
有18位网友表示赞同!
作为一名IT从业人员,强烈推荐这款游戏!实战经验很重要!
有7位网友表示赞同!
这种结合实际场景的游戏最能锻炼实际操作能力了!
有16位网友表示赞同!
期待这款游戏的上线,一定要试试看!
有6位网友表示赞同!
是不是可以加入一些线上排行榜和多人对战元素?
有7位网友表示赞同!
希望游戏的内容丰富多样,覆盖不同类型的漏洞以及应对策略。
有19位网友表示赞同!
这种类型的游戏的受众群体一定很精准的!
有15位网友表示赞同!
云安全中心API漏洞扫描听起来很专业,让人期待!
有14位网友表示赞同!
这款游戏会不会很难入门呢?有没有新手教程?
有10位网友表示赞同!
能用各种方法解决漏洞吗?期待看看游戏的玩法!
有19位网友表示赞同!
是不是可以用不同的角色扮演来体验不同的场景?
有9位网友表示赞同!
希望游戏中的操作界面简洁易懂,不会太难上手!
有16位网友表示赞同!
玩完这款游戏之后感觉自己的安全意识是不是会提升?
有16位网友表示赞同!
期待这款游戏的剧情和故事模式!
有19位网友表示赞同!
如果游戏加入了一些有趣的元素,我相信它的受众群体会非常广泛!
有12位网友表示赞同!
这种类型的游戏还能不能开发出VR版本呢?
有18位网友表示赞同!