某比赛总结 引子 在某次比赛当中,我司排名16/28,此处做一个反思,并且总结了一些需要改进的点。
问题一 漏洞提交平台的资产经常变动,导致需要用脚本将平台中的资产导出,来跑自动化工具
但是脚本有个问题,将http://IP:8080
这种格式的资产,直接作为IP导出。所以导致比赛时导致可能会打偏,没分。
需要修改脚本,做个判断。 并且需要添加多线程,加快获取。
缺点:对多线程编程不熟悉,需要多写相关代码
before 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 import requestsimport re myreIP = r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b" myrehttp = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" def hw_get_asset (f ): for num in range (1 ,259 ): print ("=====================================" ) print (num) url = "http://58.240.81.139:8085/project/assetList?page=" + str (num) + "&size=100&projectId=42&name=" S = requests.Session() headers={ 'Host' : '58.240.81.139:8085' ,\ 'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0' ,\ 'Accept' : '*/*' ,\ 'Accept-Language' : 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2' ,\ 'Referer' : 'http://2021sec.jscert.org.cn:8073/' ,\ 'Content-Type' : 'application/json' ,\ 'token' : 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ6aG9uZ3poaXdlaV94eCIsImp0aSI6IjM0MTAiLCJzdWIiOiLmsZ_oi4_nnIFf5bGx55-z572R56eRX-mrmOemuea7tCIsImlhdCI6MTYyMDUyNDQ4Nn0.VvrrkhSrTNbEdrku0NLtW3pEX6iyUgjpxC7CKmSny-A' ,\ 'Connection' : 'close' } send = S.get(url,headers=headers) trueIp = re.findall(myreIP,send.text) trueUrl = re.findall(myrehttp,send.text) if send.status_code ==200 : print ('success' ) if len (trueIp) != 0 : for i in trueIp: print (i+"\r\n" ) f.write(i+"\r\n" ) if len (trueUrl) != 0 : for j in trueUrl: print (j+"\r\n" ) f.write(j+"\r\n" ) else : print ('error' ) def main (): f = open ('hwAsset.txt' ,'w' ) hw_get_asset(f) f.close()if __name__ == "__main__" : main()
after 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 import requestsimport jsonfrom threading import *def hw_get_asset (f ): print ("=====================================" ) print (num) url = "http://58.240.81.139:8085/project/assetList?page=" + str (num) + "&size=100&projectId=42&name=" S = requests.Session() headers={ 'Host' : '58.240.81.139:8085' ,\ 'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0' ,\ 'Accept' : '*/*' ,\ 'Accept-Language' : 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2' ,\ 'Referer' : 'http://2021sec.jscert.org.cn:8073/' ,\ 'Content-Type' : 'application/json' ,\ 'token' : 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ6aG9uZ3poaXdlaV94eCIsImp0aSI6IjM0MTAiLCJzdWIiOiLmsZ_oi4_nnIFf5bGx55-z572R56eRX-mrmOemuea7tCIsImlhdCI6MTYyMDUyNDQ4Nn0.VvrrkhSrTNbEdrku0NLtW3pEX6iyUgjpxC7CKmSny-A' ,\ 'Connection' : 'close' } send = S.get(url,headers=headers) if send.status_code ==200 : print ('success' ) jsonSend = json.loads(send) writedata = jsonSend["send" ]["asset" ] f.write(writedata+"\r\n" ) else : print ('connection error' ) def main (): f = open ('hwAsset.txt' ,'w' ) for i in range (1 ,259 ): t = threading.Thread(target=hw_get_asset,args=(f)) t.start() t.join() f.close()if __name__ == "__main__" : main()
参考资料 https://www.runoob.com/python/python-json.html