某比赛总结

某比赛总结

引子

在某次比赛当中,我司排名16/28,此处做一个反思,并且总结了一些需要改进的点。

问题一

漏洞提交平台的资产经常变动,导致需要用脚本将平台中的资产导出,来跑自动化工具

但是脚本有个问题,将http://IP:8080 这种格式的资产,直接作为IP导出。所以导致比赛时导致可能会打偏,没分。

需要修改脚本,做个判断。
并且需要添加多线程,加快获取。

缺点:对多线程编程不熟悉,需要多写相关代码

before

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import requests
import re

myreIP = r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b"
myrehttp = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+"

def hw_get_asset(f):
    for num in range(1,259):
        print("=====================================")
        print(num)
        url = "http://58.240.81.139:8085/project/assetList?page="+ str(num) + "&size=100&projectId=42&name="
        S = requests.Session()

        headers={ 'Host': '58.240.81.139:8085',\
        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',\
        'Accept': '*/*',\
        'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',\
        'Referer': 'http://2021sec.jscert.org.cn:8073/',\
        'Content-Type': 'application/json',\
        'token': 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ6aG9uZ3poaXdlaV94eCIsImp0aSI6IjM0MTAiLCJzdWIiOiLmsZ_oi4_nnIFf5bGx55-z572R56eRX-mrmOemuea7tCIsImlhdCI6MTYyMDUyNDQ4Nn0.VvrrkhSrTNbEdrku0NLtW3pEX6iyUgjpxC7CKmSny-A',\
        'Connection': 'close'
        }

        send = S.get(url,headers=headers)
        trueIp = re.findall(myreIP,send.text)
        trueUrl = re.findall(myrehttp,send.text)
        if send.status_code ==200:
           print('success')
           #print(type(trueIp))
           if len(trueIp) != 0:
                for i in trueIp:
                   print(i+"\r\n")
                   f.write(i+"\r\n")
           if len(trueUrl) != 0:
                for j in trueUrl:
                   print(j+"\r\n")
                   f.write(j+"\r\n")
        else:
           print('error')
        
def main():
    f = open('hwAsset.txt','w')
    hw_get_asset(f)
    f.close()
if __name__ == "__main__":
    main()

after

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import requests
import json
from threading import *

def hw_get_asset(f):
    #for num in range(1,259):
        print("=====================================")
        print(num)
        url = "http://58.240.81.139:8085/project/assetList?page="+ str(num) + "&size=100&projectId=42&name="
        S = requests.Session()

        headers={ 'Host': '58.240.81.139:8085',\
        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',\
        'Accept': '*/*',\
        'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',\
        'Referer': 'http://2021sec.jscert.org.cn:8073/',\
        'Content-Type': 'application/json',\
        'token': 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ6aG9uZ3poaXdlaV94eCIsImp0aSI6IjM0MTAiLCJzdWIiOiLmsZ_oi4_nnIFf5bGx55-z572R56eRX-mrmOemuea7tCIsImlhdCI6MTYyMDUyNDQ4Nn0.VvrrkhSrTNbEdrku0NLtW3pEX6iyUgjpxC7CKmSny-A',\
        'Connection': 'close'
        }

        send = S.get(url,headers=headers) #json格式
        if send.status_code ==200:
            print('success')
            jsonSend = json.loads(send)  #加载json格式
            writedata = jsonSend["send"]["asset"] #获取send变量的json文件中的asset字段
            f.write(writedata+"\r\n")
        else:
           print('connection error')
        
def main():
    f = open('hwAsset.txt','w')
    for i in range(1,259):
        t = threading.Thread(target=hw_get_asset,args=(f))
        t.start() #开启线程
        t.join() #wait()  第一个线程执行完毕后再执行第二个线程
    f.close()
if __name__ == "__main__":
    # execute only if run as a script
    main()

参考资料

https://www.runoob.com/python/python-json.html