Edusrc漏洞审核通过通知监控脚本

0x01前言

通过监控漏洞通过审核个数+rank来判断漏洞是否通过,并不单单判断rank因为众测的漏洞是没有rank的，可通过定时任务来执行通知

效果图

邮箱配置可以参考https://cloud.tencent.com/developer/article/2177098

0x02 代码

# -*- coding: utf-8 -*-
# @Author  : Juneha
# @link    : https://blog.mo60.cn/index.php/archives/monitor_edusrc.html
import requests
import re
import os
import smtplib
from email.mime.text import MIMEText


userId=7365  # edusrc的用户id，在个人主页的url里有
receivers = ['[email protected]']  # 接收邮件，可设置为你的QQ邮箱或者其他邮箱

mail_host = "smtp.qq.com"      # SMTP服务器
mail_user = "[email protected]"                  # 用户名
mail_pass = "XX"               # 授权密码，非登录密码
sender = 'XXXX'    # 发件人邮箱(最好写全, 不然会失败)
mail_port = 465  # 端口一般是465

def sendEmail(data):
    message = MIMEText(str(data), 'plain', 'utf-8')  # 内容, 格式, 编码
    message['From'] = "{}".format(sender)
    message['To'] = ",".join(receivers)
    message['Subject'] = 'EduSrc监控小助手'
    try:
        smtpObj = smtplib.SMTP_SSL(mail_host, mail_port)   # 启用SSL发信
        smtpObj.login(mail_user, mail_pass)  # 登录验证
        smtpObj.sendmail(sender, receivers, message.as_string())  # 发送
        print("邮件发送成功")
    except smtplib.SMTPException as e:
        print(e)


def getRankBug():
    url = f"https://src.sjtu.edu.cn/profile/{userId}"
    try:
        r = requests.get(url, timeout=3)
        r.raise_for_status()
        rank = re.findall(r'Rank： (d+)?', r.text)[0]
        bugs = re.findall(r'已审核通过漏洞数量： (d+)?', r.text)[0]
        return rank, bugs
    except requests.exceptions.RequestException as e:
        print(f"网络请求出错: {e}")
        return None, None
    except IndexError as e:
        print(f"正则表达式匹配出错: {e}")
        return None, None
    
def writeRank(data):
    with open("edusrcdata.txt", mode='w+', encoding='utf-8') as f:
        f.write(",".join(data))

def checkRankBug(rankbugdata):
  # 检查文件是否存在
  if os.path.isfile('edusrcdata.txt'):
    # 检查文件是否可读写
    if os.access('edusrcdata.txt', os.R_OK | os.W_OK):
      # 打开文件并读取第一行
      with open("edusrcdata.txt") as f:
        current_rank, current_bug_count = f.read().splitlines()[0].split(",")
      # 获取新的rank和bug数
      new_rank, new_bug_count = rankbugdata
      # 检查rankbugdata和当前rank和bug数是否都不为空
      if rankbugdata and current_rank and current_bug_count:
        # 比较新旧rank和bug数是否有变化
        if new_bug_count != current_bug_count and new_rank == current_rank:
        #   print(f"有漏洞通过审核了当前漏洞个数{new_bug_count},rank并没有增加。")
          sendEmail(f"有漏洞通过审核了当前漏洞个数{new_bug_count},rank并没有增加。")
          writeRank(rankbugdata) # 调用writeRank函数更新文件中的数据
        elif new_rank != current_rank:
        #   print(f"Rank增加啦,当前rank为{new_rank}")
          sendEmail(f"Rank增加啦,当前rank为{new_rank}")
          writeRank(rankbugdata) # 调用writeRank函数更新文件中的数据
        else:
          print("无动静")
      else:
        print("rankbugdata或current_rank或current_bug_count为空")
    else:
      print("文件不可读写")
  else:
    writeRank(rankbugdata) # 调用writeRank函数创建文件并写入数据
    print('First Run Create File')

# 调用checkRankBug函数，传入getRankBug()的返回值作为参数

checkRankBug(getRankBug())