yhy0 / github-cve-monitor Goto Github PK
View Code? Open in Web Editor NEW实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控,并多渠道推送通知
License: MIT License
实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控,并多渠道推送通知
License: MIT License
[root@ddddd-1 github-cve-monitor]# python3 github_cve_monitor.py
cve 和 github 发布工具 监控中 ...
成功创建CVE监控表
成功创建红队工具监控表
Traceback (most recent call last):
File "/root/github-cve-monitor/github_cve_monitor.py", line 440, in
create_database()
File "/root/github-cve-monitor/github_cve_monitor.py", line 75, in create_database
if load_config()[0] == "dingding":
File "/root/github-cve-monitor/github_cve_monitor.py", line 26, in load_config
if int(config['all_config']['dingding'][0]['enable']) == 1:
KeyError: 0
打扰了,有空请告知
1.监控作者的git存储库的内容更新
2.监控git作者首页的新增存储库
出现如下错误,且telegram无法推送更新消息:
tools_insert_into_sqlite3 函数: Keka插入数据成功!
用户仓库监控
^[[A^[[A^[[ATraceback (most recent call last):
File "/root/github-cve-monitor/github-cve-monitor/github_cve_monitor.py", line 689, in <module>
for user in user_list:
TypeError: 'NoneType' object is not iterable
^[[A^[[A^
下面是详细信息, 麻烦看一下是什么原因 (这里我使用的美国VPS)
`root@linux:/home/github-cve-monitor# python3 github_cve_monitor.py
cve 和 github 发布工具 监控中 ...
成功创建CVE监控表
成功创建红队工具监控表
tools_insert_into_sqlite3 函数 打开数据库成功!
[-] 红队工具表数据库里存在Godzilla
[-] 红队工具表数据库里存在Behinder
[-] 红队工具表数据库里存在antSword
[-] 红队工具表数据库里存在shiro_attack
[-] 红队工具表数据库里存在ExpDemo-JavaFX
[-] 红队工具表数据库里存在github-cve-monitor
[-] 红队工具表数据库里存在mimikatz
[-] 红队工具表数据库里存在nps
[-] 红队工具表数据库里存在xray
[-] 红队工具表数据库里存在pystinger
[-] 红队工具表数据库里存在Neo-reGeorg
[-] 红队工具表数据库里存在fscan
[-] 红队工具表数据库里存在MDUT
[-] 红队工具表数据库里存在Vulnerability
local variable 'cve_name' referenced before assignment github链接不通
--- Logging error ---
Traceback (most recent call last):
File "github_cve_monitor.py", line 112, in getNews
today_cve_info_tmp.append({"cve_name":cve_name,"cve_url":cve_url,"pushed_at":pushed_at})
UnboundLocalError: local variable 'cve_name' referenced before assignment
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/logging/init.py", line 994, in emit
msg = self.format(record)
File "/usr/lib/python3.6/logging/init.py", line 840, in format
return fmt.format(record)
File "/usr/lib/python3.6/logging/init.py", line 577, in format
record.message = record.getMessage()
File "/usr/lib/python3.6/logging/init.py", line 338, in getMessage
msg = msg % self.args
TypeError: not all arguments converted during string formatting
Call stack:
File "github_cve_monitor.py", line 486, in
cve_data = getNews()
File "github_cve_monitor.py", line 130, in getNews
logging.error(e, "github链接不通")
Message: UnboundLocalError("local variable 'cve_name' referenced before assignment",)
Arguments: ('github链接不通',)
Traceback (most recent call last):
File "github_cve_monitor.py", line 487, in
today_cve_data = get_today_cve_info(cve_data)
File "github_cve_monitor.py", line 179, in get_today_cve_info
print("[-] 数据库里存在{}".format(today_cve_name.upper()))
UnboundLocalError: local variable 'today_cve_name' referenced before assignment
`
按照教程更新的,不知道为啥钉钉不会推送,已经设置了github_token和钉钉机器人hook
UnicodeDecodeError: 'gbk' codec can't decode byte 0xaa in position 807: illegal multibyte sequence
CVE的监控可以关闭吗?我只想监控工具和自定义
git clone https://github.com/yhy0/github-cve-monitor.git /opt/cve
保存为 start.sh
#!/bin/env sh
set -ex
if ! [ "$(cat /etc/timezone)" = "$TZ" ];then
apt update -y
ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime
echo ${TZ} > /etc/timezone
apt install -y tzdata
dpkg-reconfigure --frontend noninteractive tzdata
apt install -y python3.9 python3-pip
pip install -r /opt/cve/requirements.txt
rm -rf /var/lib/apt/lists/*
fi
cd /opt/cve/
python3 /opt/cve/github_cve_monitor.py
路径需要稍微修改下
docker run -it --name cve \
-v /docker/cve:/opt/cve \
--restart=always \
-e TZ=Asia/Shanghai \
ubuntu /opt/cve/start.sh
建议配合 github action 使用,不需要单独找 vps 进行部署。
不能只设置企业微信或者钉钉来进行推送吗
import telegram
def tgbot(text,msg):
# Your Telegram Bot Token
bot = telegram.Bot(token='123456:aaa-sdasdsa')
group_id='Your Group ID'
bot.send_message(chat_id=group_id,text='{}\r\n{}'.format(text,msg))
pip install python-telegram-bot
创建bot详情谷歌
将bot加入群组后,发送几条消息。访问https://api.telegram.org/bot{TOKEN}/getUpdates
用户ID同理,
nu l l
能否添加监控关键词,能否关闭翻译,麻烦了
1.飞书的webhook机器人,其域名feishu.com
2.GitHub监控传递到飞书的webhook
RuntimeWarning: coroutine 'Bot.send_message' was never awaited
新版本python-telegram-bot调用Bot.send_message时使用了异步方式进行调用
为了避免这个问题大家安装python-telegram-bot时指定老版本安装就行了
pip install python-telegram-bot==13.15
{'errcode': 310000, 'errmsg': 'sign not match, more: [https://ding-doc.dingtalk.com/doc#/serverapi2/qf2nxq]'}
部署了接近24小时,收到了十多条推送,全是test
'items' github链接不通
项目代码判定是否翻译使用 if load_config()[4]
(536行), load_config()
函数返回的列表如 41 行会不足,会导致索引超出,可以修改索引为 -1
建议关键字部分加上仓库描述
为什么我的脚本只推送工具更新,不推送cve和关键字
有些cnvd编号的poc也会更新在GitHub,希望大佬能整合一下
运行几天了,飞书这边一点动静都没有?
File "github_cve_monitor.py", line 455, in
create_database()
File "github_cve_monitor.py", line 76, in create_database
print("\u521b\u5efacve\u76d1\u63a7\u8868\u5931\u8d25\uff01\u62a5\u9519\uff1a{}".format(e))
UnicodeEncodeError: 'latin-1' codec can't encode characters in position 0-1: ordinal not in range(256)
北京时间会漏掉美国东部时间的内容,纽约时间会漏掉北京时间内容(美国7/2022/21&**7/2022/22)建议后一天内容也进行推送,就不会漏掉内容了
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.