威胁情报播报

Overview

Threat-Broadcast

威胁情报播报


运行环境

项目介绍

从以下公开的威胁情报来源爬取并整合最新信息:

爬取到的 CVE 情报会作如下处理:

  • 【邮件播报】 接收播报信息的邮箱配置: recv/mail_*.dat
  • 【邮件播报】 对所有 Issues 标题中的邮箱地址发送播报信息
  • 【页面播报】 最新的 TOP10 威胁情报会更新到 Github Page
  • 【情报归档】 所有威胁情报会归档到 sqlite

目前最有效的推送方式是邮件推送(建议使用手机邮箱,如 139 可触发短信通知)

播报效果

订阅方式

  • 【开发者订阅】 可自行 Fork 项目,通过配置定时任务向自己的邮箱推送即可
  • 【个人订阅】 在 Issues 标题留下你的邮箱等待添加后即可接收播报信息

威胁情报推送源

认准我的推送源,勿点击来历不明链接,慎防钓鱼

开发者部署

无服务器方式(推荐)

本项目已配置 Github Actions,因此你只需轻松几步即可实现部署:

尔后程序便会每小时执行一次,并自动生成 Github Page 播报页面(若要调整执行频率,可修改 autorun.ymlschedule 触发时点)

有服务器方式

安装

  • 任意找一台 Linux 服务器(阿里云、腾讯云等)
  • 安装 python 3.8
  • 把仓库 checkout 到服务器本地: git clone https://github.com/mr-xn/threat-broadcast

国内的云主机(阿里云/腾讯云等)为了避免滥发邮件默认关闭了对 SMTP 25 端口的出口流量,直接导致邮件无法发送。 解封需要到控制台申请,例如 《阿里云 25 端口解封》、 《腾讯云 25 端口解封

配置定时任务

  • 修改 crontab 配置文件,设置定时任务: vim /etc/crontab
  • 设置定时任务命令(每小时): 0 * * * * root python ${workspace}/threat-broadcast/main.py [-any_args]
  • 注意脚本位置需使用绝对路径,根据实际 checkout 的位置修改即可
  • 保存 crontab 配置文件后会自动生效,查看日志: tail -10f /var/log/cron

程序运行参数可通过 main.py -h 查看帮助文档

自动生成 Github Page 播报页面

  • 安装 git 命令行客户端
  • 安装 GitPython 模块: pip install GitPython
  • 打开项目目录: cd ${workspace}/threat-broadcast
  • 设置使用 SSH 与 Github 连接(避免提交内容时要输入账密),详见 这里
  • 若设置 SSH 后还要输入密码才能提交,则还需要把仓库的 https 协议改成 ssh,详见 这里
  • main.py 添加运行参数 -ac 可自动提交变更到仓库

只要爬取到新的威胁情报则会刷新 docs/index.html,将其提交到仓库会自动更新 Github Page

目录说明

threat-broadcast
├── README.md ............................... [项目说明]
├── main.py ................................. [程序运行入口]
├── cache ................................... [威胁情报缓存]
├── data
│   └── cves.db ............................. [sqlite: 威胁情报归档]
├── docs .................................... [Github Page 威胁情报总览]
├── recv
│   ├── mail_*.dat .......................... [接收威胁情报的邮箱]
│   └── qq_group.dat ........................ [接收威胁情报的 QQ 群]
├── src ..................................... [项目源码]
├── script .................................. [数据库脚本]
├── tpl ..................................... [模板文件]
├── imgs .................................... [项目图片]
└── log ..................................... [项目日志]

版权声明

 Copyright (C) EXP,2016 License: GPL v3

  • Fork From: https://github.com/mr-xn/threat-broadcast/

说明

这个 REPO 还有很多 BUG !!! 欢迎 PR ,不会 DEBUG 的朋友 慎用!


Owner
东方有鱼名为咸
InfoSec & Penteste studying & Feral programmer
东方有鱼名为咸
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

7 Dec 07, 2022
CVE-2022-21907 Vulnerability PoC

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17, just some sm

Michele 16 Dec 18, 2022
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Driver Buddy Reloaded Quickstart Table of Contents Installation Usage About Driver Buddy Reloaded Finding DispatchDeviceControl Labelling WDM & WDF St

Paolo 'VoidSec' Stagno 199 Jan 04, 2023
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022
Implementation of an attack on a tropical algebra discrete logarithm based protocol

Implementation of an attack on a tropical algebra discrete logarithm based protocol This code implements the attack detailed in the paper: On the trop

3 Dec 30, 2021
A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Invisible Backdoor Detector is a little Python script that allows you to spot and remove Bidi characters that could lead to an invisible backdoor. If you don't know what that is you should check the

SecSI 28 Dec 29, 2022
Python DNS Lookup: The Domain Name System (DNS) is basically the phonebook of the Internet

-Python-DNS-Lookup- ✨ 🌟 Python DNS Lookup ✨ 🌟 The Domain Name System (DNS) is

Ronnie Atuhaire 2 Feb 14, 2022
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

Vadi 329 Jan 01, 2023
A Python script that can be used to check if a SAP system is affected by CVE-2022-22536

Vulnerability assessment for CVE-2022-22536 This repository contains a Python script that can be used to check if a SAP system is affected by CVE-2022

Onapsis Inc. 42 Dec 01, 2022
NFC Implant-base RSA Encrypted Messagging application

Encrypted messaging application with the use of MIFARE DESfire chip to store the private/public keys needed for the application authentication

4 Nov 06, 2021
Log4j command generator: Generate commands for CVE-2021-44228

Log4j command generator Generate commands for CVE-2021-44228. Description The vulnerability exists due to the Log4j processor's handling of log messag

1 Jan 03, 2022
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regardin

Cycurity 39 Dec 10, 2022
An auxiliary tool for iot vulnerability hunter

firmeye - IoT固件漏洞挖掘工具 firmeye 是一个 IDA 插件,基于敏感函数参数回溯来辅助漏洞挖掘。我们知道,在固件漏洞挖掘中,从敏感/危险函数出发,寻找其参数来源,是一种很有效的漏洞挖掘方法,但程序中调用敏感函数的地方非常多,人工分析耗时费力,通过该插件,可以帮助排除大部分的安全

Firmy Yang 171 Nov 28, 2022
Template for new OSINT command-line tools

OSINT cli tool skeleton Template for new OSINT command-line tools. Press button "Use this template" to generate your own tool repository. See INSTALL.

36 Dec 20, 2022
Vuln Scanner With Python

VulnScanner Features Web Application Firewall (WAF) detection. Cross Site Scripting (XSS) tests. SQL injection time based test. SQL injection error ba

< / N u l l S 0 U L > 1 Dec 25, 2021
A small utility to deal with malware embedded hashes.

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dyn

Abdallah Elshinbary 48 Dec 19, 2022
An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.

TMOHS1 Root Utility Description An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several

40 Dec 29, 2022
the swiss army knife in the hash field. fast, reliable and easy to use

hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh

enigma146 17 Apr 05, 2022
NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network

NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Than

Error 263 Jan 01, 2023