0x01前言
通过监控漏洞通过审核个数+rank来判断漏洞是否通过,并不单单判断rank因为众测的漏洞是没有rank的,可通过定时任务来执行通知
效果图
邮箱配置可以参考 https://cloud.tencent.com/developer/article/2177098
0x02 代码
# -*- coding: utf-8 -*-
# @Author : Juneha
# @link : https://blog.mo60.cn/index.php/archives/monitor_edusrc.html
import requests
import re
import os
import smtplib
from email.mime.text import MIMEText
userId=7365 # edusrc的用户id,在个人主页的url里有
receivers = ['xxxx@qq.com'] # 接收邮件,可设置为你的QQ邮箱或者其他邮箱
mail_host = "smtp.qq.com" # SMTP服务器
mail_user = "xxx@qq.com" # 用户名
mail_pass = "XX" # 授权密码,非登录密码
sender = 'XXXX' # 发件人邮箱(最好写全, 不然会失败)
mail_port = 465 # 端口一般是465
def sendEmail(data):
message = MIMEText(str(data), 'plain', 'utf-8') # 内容, 格式, 编码
message['From'] = "{}".format(sender)
message['To'] = ",".join(receivers)
message['Subject'] = 'EduSrc监控小助手'
try:
smtpObj = smtplib.SMTP_SSL(mail_host, mail_port) # 启用SSL发信
smtpObj.login(mail_user, mail_pass) # 登录验证
smtpObj.sendmail(sender, receivers, message.as_string()) # 发送
print("邮件发送成功")
except smtplib.SMTPException as e:
print(e)
def getRankBug():
url = f"https://src.sjtu.edu.cn/profile/{userId}"
try:
r = requests.get(url, timeout=3)
r.raise_for_status()
rank = re.findall(r'Rank: (\d+)?', r.text)[0]
bugs = re.findall(r'已审核通过漏洞数量: (\d+)?', r.text)[0]
return rank, bugs
except requests.exceptions.RequestException as e:
print(f"网络请求出错: {e}")
return None, None
except IndexError as e:
print(f"正则表达式匹配出错: {e}")
return None, None
def writeRank(data):
with open("edusrcdata.txt", mode='w+', encoding='utf-8') as f:
f.write(",".join(data))
def checkRankBug(rankbugdata):
# 检查文件是否存在
if os.path.isfile('edusrcdata.txt'):
# 检查文件是否可读写
if os.access('edusrcdata.txt', os.R_OK | os.W_OK):
# 打开文件并读取第一行
with open("edusrcdata.txt") as f:
current_rank, current_bug_count = f.read().splitlines()[0].split(",")
# 获取新的rank和bug数
new_rank, new_bug_count = rankbugdata
# 检查rankbugdata和当前rank和bug数是否都不为空
if rankbugdata and current_rank and current_bug_count:
# 比较新旧rank和bug数是否有变化
if new_bug_count != current_bug_count and new_rank == current_rank:
# print(f"有漏洞通过审核了当前漏洞个数{new_bug_count},rank并没有增加。")
sendEmail(f"有漏洞通过审核了当前漏洞个数{new_bug_count},rank并没有增加。")
writeRank(rankbugdata) # 调用writeRank函数更新文件中的数据
elif new_rank != current_rank:
# print(f"Rank增加啦,当前rank为{new_rank}")
sendEmail(f"Rank增加啦,当前rank为{new_rank}")
writeRank(rankbugdata) # 调用writeRank函数更新文件中的数据
else:
print("无动静")
else:
print("rankbugdata或current_rank或current_bug_count为空")
else:
print("文件不可读写")
else:
writeRank(rankbugdata) # 调用writeRank函数创建文件并写入数据
print('First Run Create File')
# 调用checkRankBug函数,传入getRankBug()的返回值作为参数
checkRankBug(getRankBug())