雲安全中心API應急漏洞掃描實戰

新鈦雲服已累計爲您分享643篇技術乾貨

雲安全中心應急漏洞掃描

雲安全中心是一個實時識別、分析、預警安全威脅的統一安全管理系統,通過防勒索、防病毒、防篡改、合規檢查等安全能力,實現威脅檢測、告警響應、攻擊溯源的自動化安全運營閉環,保護雲上資產和本地服務器安全,並滿足監管合規要求。

前提條件配置

①子賬戶生成阿里雲的AKSK信息,授權雲安全中心權限

②python環境配置

1安裝依賴2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c++ libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel345下載python3.10.46wget -c https://www.python.org/ftp/python/3.10.4/Python-3.10.4.tgz78解壓python3.10.49tar -zxvf Python-3.10.4.tgz1011 cd Python-3.10.4/12./configure --with-ssl13make && make install1415備份python文件16mv /usr/bin/python /usr/bin/python.bak1718 #建立python3的軟鏈接19ln -s /usr/ local/bin/python3 /usr/bin/python2021 which pip322 #yum執行異常解決23vi /usr/libexec/urlgrabber-ext-down24 #! /usr/bin/python22526vi /usr/bin/yum27 #!/usr/bin/python2282930安裝模塊31pip3 install --upgrade pip32pip3 install alibabacloud_sas20181203==1.1.1333pip install alibabacloud_tea_console3435如果在import ssl調式報錯ImportError: cannot import name 'OPENSSL_VERSION_NUMBER' from '_ssl' (unknown location)解決辦法如下3637 #下載安裝openssl38wget -c https://www.openssl.org/ source/openssl-1.1.1n.tar.gz39tar -zxvf openssl-1.1.1n.tar.gz40 cd openssl-1.1.1n41./config --prefix=/usr/ local/openssl42make && make instal43mv /usr/bin/openssl /usr/bin/openssl.bak44ln -sf /usr/ local/openssl/bin/openssl /usr/bin/openssl45 echo "/usr/local/openssl/lib" >> /etc/ld.so.conf4647ldconfig -v4849 #查詢openssl版本50openssl version5152vim /root/Python-3.10.4/Modules/Setup53211 OPENSSL=/usr/ local/openssl54212 _ssl _ssl.c \55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \56214 -lssl -lcrypto575859最後在執行下python3.10.4安裝60 cd Python-3.10.4/61./configure62make && make install

一、掃描獲取特定應急漏洞的名稱信息

如掃描fastjson <= 1.2.80 反序列化任意代碼執行漏洞

API文檔 https://help.aliyun.com/document_detail/421691.html

Lang:zh

RiskStatus:y

ScanType:python

CheckType:fastjson <= 1.2.80 反序列化任意代碼執行漏洞

VulName:

1{2 "TotalCount": 1,3 "RequestId": "A79C0E69-CE10-5688-8D01-7322BD3715C8",4 "PageSize": 5,5 "CurrentPage": 1,6 "GroupedVulItems": [7 {8 "Status": 30,9 "PendingCount": 116,10 "Type": "python",11 "Description": "fastjson已使用黑白名單用於防禦反序列化漏洞,經研究該利用在特定條件下可繞過默認autoType關閉限制,攻擊遠程服務器,風險影響較大。建議fastjson用戶儘快採取安全措施保障系統安全。\n\n特定依賴存在下影響 ≤1.2.80。",12 "CheckType": 1,13 "AliasName": "fastjson <= 1.2.80 反序列化任意代碼執行漏洞【原理掃描】",14 "GmtLastCheck": 1653471386000,15 "GmtPublish": 1653273837000,16 "Name": "emg:SCA:AVD-2022-1243027"17 }18 ]19}

得到特定應急漏洞名稱信息爲emg:SCA:AVD-2022-1243027

pip install alibabacloud_sas20181203==1.1.13

pip install alibabacloud_tea_console

1 # -*- coding: utf-8 -*-2 # This file is auto-generated, don't edit it. Thanks.3 import sys45 from typing import List6 from Tea.core import TeaCore78 from alibabacloud_sas20181203.client import Client as Sas20181203Client9 from alibabacloud_tea_openapi import models as open_api_models10 from alibabacloud_sas20181203 import models as sas_20181203_models11 from alibabacloud_tea_util import models as util_models12 from alibabacloud_tea_console.client import Client as ConsoleClient13 from alibabacloud_tea_util.client import Client as UtilClient141516 class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Sas20181203Client:25 """26 使用AK&SK初始化賬號Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 """32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id= 'LTAI5t',35 # 您的AccessKey Secret,36 access_key_secret= 'dSr'37 )38 # 訪問的域名39 config.endpoint = f'tds.aliyuncs.com'40 return Sas20181203Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client( 'ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(48 lang= 'zh',49 risk_status= 'y',50 scan_type= 'python',51 vul_name= 'fastjson <= 1.2.80 反序列化任意代碼執行漏洞'52 )53 runtime = util_models.RuntimeOptions()54 resp = client.describe_emg_vul_item_with_options(describe_emg_vul_item_request, runtime)55 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5657 @staticmethod58 async def main_async(59 args: List[str],60 ) -> None:61 client = Sample.create_client( 'ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')62 describe_emg_vul_item_request = sas_20181203_models.DescribeEmgVulItemRequest(63 lang= 'zh',64 risk_status= 'y',65 scan_type= 'python',66 vul_name= 'fastjson <= 1.2.80 反序列化任意代碼執行漏洞'67 )68 runtime = util_models.RuntimeOptions()69 resp = await client.describe_emg_vul_item_with_options_async(describe_emg_vul_item_request, runtime)70 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))717273 if __name__ == '__main__':74 Sample.main(sys.argv[ 1:])

二、根據特定的應急漏洞執行掃描任務

Lang:zh

Name:emg:SCA:AVD-2022-1243027

UserAgreement:yes

1{2 "RequestId": "08744049-2F38-54BF-A7E7-529B5226AC9E"3}

pip install alibabacloud_sas20181203==1.1.13

1# -*- coding: utf -8 -*-2# This file is auto-generated, don't edit it. Thanks.3import sys45from typing import List6from Tea.core import TeaCore78from alibabacloud_sas 2 0 1 8 1 2 0 3.client import Client as Sas 2 0 1 8 1 2 0 3Client9from alibabacloud_tea_openapi import models as open_api_models10from alibabacloud_sas 2 0 1 8 1 2 0 3 import models as sas_ 2 0 1 8 1 2 0 3_models11from alibabacloud_tea_util import models as util_models12from alibabacloud_tea_console.client import Client as ConsoleClient13from alibabacloud_tea_util.client import Client as UtilClient141516class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Sas 2 0 1 8 1 2 0 3Client:25 "" "26 使用AK&SK初始化賬號Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 " ""32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id='LTAI 5t',35 # 您的AccessKey Secret,36 access_key_secret='dS'37 )38 # 訪問的域名39 config.endpoint = f'tds.aliyuncs.com'40 return Sas 2 0 1 8 1 2 0 3Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 modify_emg_vul_submit_request = sas_ 2 0 1 8 1 2 0 3_models.ModifyEmgVulSubmitRequest(48 lang='zh',49 name='emg:SCA:AVD -2022 -1243027',50 user_agreement='yes'51 )52 runtime = util_models.RuntimeOptions()53 resp = client.modify_emg_vul_submit_with_options(modify_emg_vul_submit_request, runtime)54 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5556 @staticmethod57 async def main_async(58 args: List[str],59 ) -> None:60 client = Sample.create_client('ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')61 modify_emg_vul_submit_request = sas_ 2 0 1 8 1 2 0 3_models.ModifyEmgVulSubmitRequest(62 lang='zh',63 name='emg:SCA:AVD -2022 -1243027',64 user_agreement='yes'65 )66 runtime = util_models.RuntimeOptions()67 resp = await client.modify_emg_vul_submit_with_options_async(modify_emg_vul_submit_request, runtime)68 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))697071if __name__ == '__main__':72 Sample.main(sys.argv[ 1:])

執行腳本發現阿里雲的雲安全中心應急漏洞fastjson <= 1.2.80 反序列化任意代碼執行漏洞開始執行掃描任務計劃

三、應急漏洞全部掃描

Types:"emg"

Uuids:

1cve:Linux軟件漏洞2sys:Windows系統漏洞3cms:Web-CMS漏洞4app:應用漏洞5emg:應急漏洞6image:容器鏡像漏洞

pip install alibabacloud_sas20181203==1.1.13

1 # -*- coding: utf-8 -*-2 # This file is auto-generated, don't edit it. Thanks.3 import sys45 from typing import List6 from Tea.core import TeaCore78 from alibabacloud_sas20181203.client import Client as Sas20181203Client9 from alibabacloud_tea_openapi import models as open_api_models10 from alibabacloud_sas20181203 import models as sas_20181203_models11 from alibabacloud_tea_util import models as util_models12 from alibabacloud_tea_console.client import Client as ConsoleClient13 from alibabacloud_tea_util.client import Client as UtilClient141516 class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Sas20181203Client:25 """26 使用AK&SK初始化賬號Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 """32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id= 'LTAI5t',35 # 您的AccessKey Secret,36 access_key_secret= 'dSr'37 )38 # 訪問的域名39 config.endpoint = f'tds.aliyuncs.com'40 return Sas20181203Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client( 'ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(48 types= '"emg"'49 )50 runtime = util_models.RuntimeOptions()51 resp = client.modify_start_vul_scan_with_options(modify_start_vul_scan_request, runtime)52 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5354 @staticmethod55 async def main_async(56 args: List[str],57 ) -> None:58 client = Sample.create_client( 'ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')59 modify_start_vul_scan_request = sas_20181203_models.ModifyStartVulScanRequest(60 types= '"emg"'61 )62 runtime = util_models.RuntimeOptions()63 resp = await client.modify_start_vul_scan_with_options_async(modify_start_vul_scan_request, runtime)64 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))656667 if __name__ == '__main__':68 Sample.main(sys.argv[ 1:])

執行完腳本後應急漏洞服務全部開始掃描計劃任務

四、導出應急漏洞列表信息

API文檔信息 ExportVul - 導出漏洞列表 (aliyun.com)

Lang:zh

Type:emg

Uuids:

AliasName:fastjson <= 1.2.80 反序列化任意代碼執行漏洞

Necessity:asap

Dealed:n

1 # -*- coding: utf-8 -*-2 # This file is auto-generated, don't edit it. Thanks.3 import sys45 from typing import List6 from Tea.core import TeaCore78 from alibabacloud_sas20181203.client import Client as SasClient9 from alibabacloud_tea_openapi import models as open_api_models10 from alibabacloud_darabonba_env.client import Client as EnvClient11 from alibabacloud_sas20181203 import models as sas_models12 from alibabacloud_tea_console.client import Client as ConsoleClient13 from alibabacloud_tea_util.client import Client as UtilClient141516 class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> SasClient:25 """26 使用AK&SK初始化賬號Client27 """28 config = open_api_models.Config()29 # 您的AccessKey ID30 config.access_key_id = 'LTAI5t'31 # 您的AccessKey Secret32 config.access_key_secret = 'dSrH3z'33 config.endpoint = 'tds.aliyuncs.com'34 return SasClient(config)3536 @staticmethod37 def main(38 args: List[str],39 ) -> None:40 client = Sample.create_client(EnvClient.get_env( 'ACCESS_KEY_ID'), EnvClient.get_env( 'ACCESS_KEY_SECRET'))41 export_request = sas_models.ExportVulRequest(42 lang= 'zh',43 type= 'emg',44 alias_name= 'fastjson <= 1.2.80 反序列化任意代碼執行漏洞',45 necessity= 'asap',46 dealed= 'n'47 )48 export_response = client.export_vul(export_request)49 ConsoleClient.log( f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')5051 @staticmethod52 async def main_async(53 args: List[str],54 ) -> None:55 client = Sample.create_client(EnvClient.get_env( 'ACCESS_KEY_ID'), EnvClient.get_env( 'ACCESS_KEY_SECRET'))56 export_request = sas_models.ExportVulRequest(57 lang= 'zh',58 type= 'emg',59 alias_name= 'fastjson <= 1.2.80 反序列化任意代碼執行漏洞',60 necessity= 'asap',61 dealed= 'n'62 )63 export_response = await client.export_vul_async(export_request)64 ConsoleClient.log( f'response is {UtilClient.to_jsonstring(TeaCore.to_map(export_response.body))}')656667 if __name__ == '__main__':68 Sample.main(sys.argv[ 1:])

得到值爲

1[LOG] response is { "FileName": "emg_20220526", "Id": 102889, "RequestId": "A15E37DA-10C8-542D-8D59-CCCB5E6837E4"}

1在執行腳本的時候可以通過過濾id號得到漏洞導出任務的ID信息,最後得到值爲10288923python3 exportall.py | grep \ "Id\" | awk -F\: '{print $3}' | awk -F\, '{print $1}'4

通過ExportId的102889獲取文件下載

1 # -*- coding: utf-8 -*-2 # This file is auto-generated, don't edit it. Thanks.3 import sys45 from typing import List6 from Tea.core import TeaCore78 from alibabacloud_sas20181203.client import Client as SasClient9 from alibabacloud_tea_openapi import models as open_api_models10 from alibabacloud_darabonba_env.client import Client as EnvClient11 from alibabacloud_sas20181203 import models as sas_models12 from alibabacloud_tea_console.client import Client as ConsoleClient13 from alibabacloud_tea_util.client import Client as UtilClient141516 class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> SasClient:25 """26 使用AK&SK初始化賬號Client27 """28 config = open_api_models.Config()29 # 您的AccessKey ID30 config.access_key_id = 'LTAI'31 # 您的AccessKey Secret32 config.access_key_secret = 'dSrH'33 config.endpoint = 'tds.aliyuncs.com'34 return SasClient(config)3536 @staticmethod37 def main(38 args: List[str],39 ) -> None:40 client = Sample.create_client(EnvClient.get_env( 'ACCESS_KEY_ID'), EnvClient.get_env( 'ACCESS_KEY_SECRET'))41 export_request = sas_models.ExportVulRequest(42 type= 'cve'43 )44 export_response = client.export_vul(export_request)45 body = export_response.body46 export_info_id = body.id47 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(48 export_id= 10288949 )50 info_detail_response = client.describe_vul_export_info(vul_export_info_request)51 ConsoleClient.log( f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')5253 @staticmethod54 async def main_async(55 args: List[str],56 ) -> None:57 client = Sample.create_client(EnvClient.get_env( 'ACCESS_KEY_ID'), EnvClient.get_env( 'ACCESS_KEY_SECRET'))58 export_request = sas_models.ExportVulRequest(59 type= 'cve'60 )61 export_response = await client.export_vul_async(export_request)62 body = export_response.body63 export_info_id = body.id64 vul_export_info_request = sas_models.DescribeVulExportInfoRequest(65 export_id= 10288966 )67 info_detail_response = await client.describe_vul_export_info_async(vul_export_info_request)68 ConsoleClient.log( f'response is {UtilClient.to_jsonstring(TeaCore.to_map(info_detail_response.body))}')697071 if __name__ == '__main__':72 Sample.main(sys.argv[ 1:])

1執行腳本得到附件的下載鏈接2python exportfile.py | awk -F\ "Link\": '{print $2}' | awk -F\, '{print $1}' | xargs wget -O "emg_$(date +%Y%m%d).zip "3

可以把zip文件解壓後上傳到oss存儲中,通過腳本釘釘推送到指定羣通知或者郵件推送指定的人

1釘釘推送如下2wget https://gosspublic.alicdn.com/ossutil/1.7.9/ossutil643chmod 755 ossutil64456./ossutil64 config7./ossutil64 ls oss://examplebucket -c /home/config8910vim vulnerabilityDingtack.sh11#!/bin/bash1213UPLOAD_TIME=$(date "+%Y%m%d")14curl 'https://oapi.dingtalk.com/robot/send?access_token=88c98f36028d0564c' \15-H 'Content-Type: application/json' \16-d '{17"msgtype": "link",18"link": {19"text":"應急安全漏洞 \n",20"title": "應急安全漏洞報告",21"picUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/vulnerability.png",22"messageUrl": "https://vulnerability.oss-cn-shanghai.aliyuncs.com/vulnerability/emg_'${UPLOAD_TIME}'.xlsx"23}24}'2526echo "---------上傳到OSS--------------------"27ALI_OSS_ENDPOINT="oss-cn-shanghai.aliyuncs.com"28ALI_OSS_AK="LTAI5"29ALI_OSS_SK="dSrH3z"30WORKSPACE=/opt/kingen3132#打開oss命令文件夾33cd ${WORKSPACE}/34#配置oss35./ossutil64 config -e ${ALI_OSS_ENDPOINT} -i ${ALI_OSS_AK} -k ${ALI_OSS_SK}36unzip emg_${UPLOAD_TIME}.zip37#上傳apk到oss38./ossutil64 cp "./emg_${UPLOAD_TIME}.xlsx" "oss://backups/vulnerability/"

來個開胃小菜

阿里雲CDN刷新目錄腳本(刷新之前更換AKSK秘鑰,替換object_path刷新的網站URL地址)

pip install alibabacloud_cdn20180510==1.0.11

1 # -*- coding: utf-8 -*-2 # This file is auto-generated, don't edit it. Thanks.3 import sys45 from typing import List6 from Tea.core import TeaCore78 from alibabacloud_cdn20180510.client import Client as Cdn20180510Client9 from alibabacloud_tea_openapi import models as open_api_models10 from alibabacloud_cdn20180510 import models as cdn_20180510_models11 from alibabacloud_tea_util import models as util_models12 from alibabacloud_tea_console.client import Client as ConsoleClient13 from alibabacloud_tea_util.client import Client as UtilClient141516 class Sample:17 def __init__(self):18 pass1920 @staticmethod21 def create_client(22 access_key_id: str,23 access_key_secret: str,24 ) -> Cdn20180510Client:25 """26 使用AK&SK初始化賬號Client27 @param access_key_id:28 @param access_key_secret:29 @return: Client30 @throws Exception31 """32 config = open_api_models.Config(33 # 您的AccessKey ID,34 access_key_id=access_key_id,35 # 您的AccessKey Secret,36 access_key_secret=access_key_secret37 )38 # 訪問的域名39 config.endpoint = f'cdn.aliyuncs.com'40 return Cdn20180510Client(config)4142 @staticmethod43 def main(44 args: List[str],45 ) -> None:46 client = Sample.create_client( 'ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')47 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(48 object_path= 'https://uat.abc.com/',49 object_type= 'Directory'50 )51 runtime = util_models.RuntimeOptions()52 resp = client.refresh_object_caches_with_options(refresh_object_caches_request, runtime)53 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))5455 @staticmethod56 async def main_async(57 args: List[str],58 ) -> None:59 client = Sample.create_client( 'ACCESS_KEY_ID', 'ACCESS_KEY_SECRET')60 refresh_object_caches_request = cdn_20180510_models.RefreshObjectCachesRequest(61 object_path= 'https://club-admin-7788-uat.apta.com.hk/',62 object_type= 'Directory'63 )64 runtime = util_models.RuntimeOptions()65 resp = await client.refresh_object_caches_with_options_async(refresh_object_caches_request, runtime)66 ConsoleClient.log(UtilClient.to_jsonstring(TeaCore.to_map(resp)))676869 if __name__ == '__main__':70 Sample.main(sys.argv[ 1:])

成功給https://uat.abc.com網站目錄刷新。

瞭解新鈦雲服

往期技術乾貨