- 1全国区块链职业技能大赛国赛考题前端功能开发
- 2基于springboot+vue.js+uniapp小程序的个人驾校预约管理系统附带文章源码部署视频讲解等
- 3mac电脑配置flutter完整详细的流程_mac配置flutter
- 4git报错: Access token is expired fatal: unable to access https://gitee.com/_remote: [session-1f460f9a] oauth: access token is
- 5【在 Windows系统中为 git 命令设置代理(v2rayN)】_windows git proxy
- 6阿里云数据盘挂载_阿里云查看数据盘
- 72024 年适用于 Linux 的 5 个微软 Word 替代品_word linux
- 8SpringBoot 文件格式转换_spring-boot实现文档格式转换
- 9DataNode_数据节点(datanode)负责存储数据,一个数据块会在多个datanode中进行冗余备份,那么
- 10NodeManager代码分析之NodeManager启动过程
Python实现使用NVD API获取最新发布且带有CPE信息的漏洞
赞
踩
#要通过Python实现使用NVD API获取最新发布且带有CPE信息的漏洞,
#使用requests库来发送HTTP请求,并使用json库来解析返回的JSON数据。以下是一个简单的示例代码:
import requests
import json
from datetime import datetime, timedelta
# 打开记录文件# # Open the file in append mode
file = open('myfile.txt', 'a')
# NVD API的URL
NVD_API_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0/"
# 设置时间范围以获取最新发布的漏洞,例如过去7天
days_ago = 30
start_date = (datetime.now() - timedelta(days=days_ago)).strftime('%Y-%m-%dT00:00:00.000')
end_date = datetime.now().strftime('%Y-%m-%dT00:00:00.000')
# 构造API请求参数
params = {
'pubStartDate': start_date,# '2024-02-27T00:00:00.000',#start_date,#'2024-01-01T00:00:00.000',#start_date,#'2024-04-01T00:00:00.000',#start_date,
'pubEndDate': end_date,#'2024-04-27T13:36:00.000',#end_date,# '2024-02-27T00:00:00.000',#end_date,#'2024-04-26T13:36:00.000',
#'resultsPerPage': 10, # 每次请求返回的漏洞数量,可以根据需要调整
'virtualMatchString': 'cpe:2.3:*:*:*:*:*:*:*'
}
file.write("#####################################################]\r")
#Append content to the file
file.write(f"now:{datetime.now()} startDate:{start_date} endDate:{end_date}\r")
# 发送HTTP GET请求
response = requests.get(NVD_API_URL, params=params)
print("reponse:{response.status_code}")
# 检查请求是否成功
if response.status_code == 200:
# 解析返回的JSON数据
cve_data = response.json()
#print(cve_data)
# 提取带有CPE信息的漏洞
print(cve_data['totalResults'])
file.write(f"totalrecords:{cve_data['totalResults']}\r")
for cve_item in cve_data['vulnerabilities']:
cve_id = cve_item['cve']['id']
print(f"CVE ID: {cve_id}")
file.write(f"CVE ID: {cve_id} CVSS: {cve_item['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']} ")
# 检查是否有CPE信息
#print(cve_item['cve']['configurations'][0]['nodes'])
if 'configurations' in cve_item['cve']:
for configuration_item in cve_item['cve']['configurations']:
for node_item in configuration_item['nodes']:
for cpe_item in node_item['cpeMatch']:
a=1
#print(cpe_item['criteria'])
# 在这里可以进一步处理每个带有CPE信息的漏洞
file.write(f"{cve_item['cve']['configurations'][0]['nodes'][0]['cpeMatch'][0]['criteria']}\r")
#print("---")
else:
print(f"Failed to retrieve data from NVD API. Status code: {response.status_code}")
# Close the file
file.close()
