师傅考虑集成微步在线的漏洞公告吗？

Question

师傅考虑集成微步在线的漏洞公告吗？

ZFYy1x opened this issue 9 months ago · comments

ZFYy1 commented 9 months ago

koalr · Answer 1 · Wed Oct 18 2023 16:05:02 GMT+0800 (China Standard Time)

感觉它微信公众号可以考虑集成，但微信公众号的爬取有点费劲..

jweny · Answer 2 · Wed Nov 01 2023 16:46:40 GMT+0800 (China Standard Time)

感觉它微信公众号可以考虑集成，但微信公众号的爬取有点费劲..

那咋整

koalr · Answer 3 · Wed Nov 08 2023 10:00:26 GMT+0800 (China Standard Time)

爬不了，主要是你们公众号结构还不统一，没法写爬虫规则。放弃了，等你给我接口

hi-unc1e · Answer 4 · Wed Nov 08 2023 17:31:49 GMT+0800 (China Standard Time)

我还在熟悉咱们添加网站的写法，分享一个姿势先

微步在线研究响应中心
http://wechat.doonsec.com/wechat_echarts/?biz=Mzg5MTc3ODY4Mw==

Http请求

POST /api/v1/es/ HTTP/1.1
Host: wechat.doonsec.com
Content-Length: 65
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://wechat.doonsec.com
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

keyword=&account__biz=Mzg5MTc3ODY4Mw%3D%3D&date_data=30&sort=desc

响应格式

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Nov 2023 09:38:48 GMT
Content-Type: application/json
Access-Control-Allow-Origin: http://wechat.doonsec.com
Vary: Origin
X-Cache-Lookup: Cache Miss
X-Cache-Lookup: Hit From Upstream Cluster
Content-Length: 3086
X-NWS-LOG-UUID: 6436141373009617296
Connection: close
X-Cache-Lookup: Cache Miss

{"code":0,"count":26,"data":{"_shards":{"failed":0,"skipped":0,"successful":1,"total":1},"hits":{"hits":[{"_id":"6c75439959eb74c2cce4370e5e39ae4f","_index":"wechat_all_gml_sec","_score":null,"_source":{"account":"\u5fae\u6b65\u5728\u7ebf\u7814\u7a76\u54cd\u5e94\u4e2d\u5fc3","author":"\u5fae\u6b65\u60c5\u62a5\u5c40","biz":"Mzg5MTc3ODY4Mw==","copyright_stat":1,"countryName":"\u4e2d\u56fd","cover":"https://mmbiz.qpic.cn/mmbiz_jpg/fFyp1gWjicMLcENMpRwh1TGY3JuGIfX9aeaq0QWx526WRiaiay13KXSgfFK0ialLMQVbgFPs9aZFiaCjCroLxtr1IsA/0?wx_fmt=jpeg","cves":[{"cve_name":"CVE-2023-22518","cve_year":"2023"}],"digest":"\u6233\u6211\u901f\u89c8\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff01","id":3337337,"idx":1,"is_ad":4,"is_del":0,"is_luck_gift":2,"item_show_type":0,"like_num":0,"old_like_num":0,"provinceName":"\u5317\u4eac","publish_time":"2023-11-02T17:28:38","read_num":283,"sn":"6c75439959eb74c2cce4370e5e39ae4f","source_url":null,"tags":[{"tag_account":"\u5fae\u6b65\u5728\u7ebf\u7814\u7a76\u54cd\u5e94\u4e2d\u5fc3","tag_album_id":"2442739002652098560","tag_biz":"Mzg5MTc3ODY4Mw==","tag_title":"\u5a01\u80c1\u901a\u544a"},{"tag_account":"\u5fae\u6b65\u5728\u7ebf\u7814\u7a76\u54cd\u5e94\u4e2d\u5fc3","tag_album_id":"2442752757452636161","tag_biz":"Mzg5MTc3ODY4Mw==","tag_title":"\u6f0f\u6d1e"}],"title":"\u6f0f\u6d1e\u901a\u544a | Atlassian Confluence \u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e","url":"https://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247503554&idx=1&sn=6c75439959eb74c2cce4370e5e39ae4f"},"_type":"_doc","sort":[1698946118000]},{"_id":"71ee45d71edb9d307537c7b33153a0de","_index":"wechat_all_gml_sec","_score":null,"_source":{"account":"\u5fae\u6b65\u5728\u7ebf\u7814\u7a76\u54cd\u5e94\u4e2d\u5fc3","author":"\u5fae\u6b65\u60c5\u62a5\u5c40","biz":"Mzg5MTc3ODY4Mw==","copyright_stat":1,"countryName":"\u4e2d\u56fd","cover":"https://mmbiz.qpic.cn/mmbiz_jpg/fFyp1gWjicMJ0pcMWWH2JLxVl2T83YnL5bbxdJ0Gfw9hicnxiaM6ddRgSSIaCIMZPNg9wVTU6xxeYVmq6QkuUZvPg/0?wx_fmt=jpeg","cves":[],"digest":"\u6233\u6211\u901f\u89c8\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff01","id":3329661,"idx":1,"is_ad":5,"is_del":0,"is_luck_gift":2,"item_show_type":0,"like_num":1,"old_like_num":3,"provinceName":"\u5317\u4eac","publish_time":"2023-11-01T15:18:33","read_num":516,"sn":"71ee45d71edb9d307537c7b33153a0de","source_url":null,"tags":[{"tag_account":"\u5fae\u6b65\u5728\u7ebf\u7814\u7a76\u54cd\u5e94\u4e2d\u5fc3","tag_album_id":"2442739002652098560","tag_biz":"Mzg5MTc3ODY4Mw==","tag_title":"\u5a01\u80c1\u901a\u544a"},{"tag_account":"\u5fae\u6b65\u5728\u7ebf\u7814\u7a76\u54cd\u5e94\u4e2d\u5fc3","tag_album_id":"2442752757452636161","tag_biz":"Mzg5MTc3ODY4Mw==","tag_title":"\u6f0f\u6d1e"}],"title":"\u98ce\u9669\u63d0\u793a | XXL-JOB \u9ed8\u8ba4 accessToken \u8eab\u4efd\u7ed5\u8fc7\uff0c\u53ef\u5bfc\u81f4 RCE","url":"https://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247503545&idx=1&sn=71ee45d71edb9d307537c7b33153a0de"},"_type":"_doc","sort":[1698851913000]}],"max_score":null,"total":{"relation":"eq","value":2}},"timed_out":false,"took":11},"message":"\u67e5\u8be2\u6210\u529f\uff01"}

hi-unc1e · Answer 5 · Wed Nov 08 2023 17:42:45 GMT+0800 (China Standard Time)

公众号结构还不统一

确实，需要用xpath之类的办法解析出漏洞优先级，否则用正则匹配效果很差

koalr · Answer 6 · Wed Nov 08 2023 17:45:14 GMT+0800 (China Standard Time)

公众号文章的获取可以用这个 https://wechat2rss.xlab.app/feed/ac64c385ebcdb17fee8df733eb620a22b979928c.xml

我差点就加上了，但是公众号文章格式太不统一了，xpath 都没法写统一的规则去解析，所以放弃了。欢迎你继续尝试。

koalr · Answer 7 · Mon Nov 20 2023 20:37:01 GMT+0800 (China Standard Time)

https://github.com/zema1/watchvuln/releases/tag/v1.3.0