某比赛总结

某比赛总结

引子

在某次比赛当中,我司排名16/28,此处做一个反思,并且总结了一些需要改进的点。

问题一

漏洞提交平台的资产经常变动,导致需要用脚本将平台中的资产导出,来跑自动化工具

但是脚本有个问题,将http://IP:8080 这种格式的资产,直接作为IP导出。所以导致比赛时导致可能会打偏,没分。

需要修改脚本,做个判断。
并且需要添加多线程,加快获取。

缺点:对多线程编程不熟悉,需要多写相关代码

before

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import requests
import re

myreIP = r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b"
myrehttp = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+"

def hw_get_asset(f):
for num in range(1,259):
print("=====================================")
print(num)
url = "http://58.240.81.139:8085/project/assetList?page="+ str(num) + "&size=100&projectId=42&name="
S = requests.Session()

headers={ 'Host': '58.240.81.139:8085',\
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',\
'Accept': '*/*',\
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',\
'Referer': 'http://2021sec.jscert.org.cn:8073/',\
'Content-Type': 'application/json',\
'token': 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ6aG9uZ3poaXdlaV94eCIsImp0aSI6IjM0MTAiLCJzdWIiOiLmsZ_oi4_nnIFf5bGx55-z572R56eRX-mrmOemuea7tCIsImlhdCI6MTYyMDUyNDQ4Nn0.VvrrkhSrTNbEdrku0NLtW3pEX6iyUgjpxC7CKmSny-A',\
'Connection': 'close'
}

send = S.get(url,headers=headers)
trueIp = re.findall(myreIP,send.text)
trueUrl = re.findall(myrehttp,send.text)
if send.status_code ==200:
print('success')
#print(type(trueIp))
if len(trueIp) != 0:
for i in trueIp:
print(i+"\r\n")
f.write(i+"\r\n")
if len(trueUrl) != 0:
for j in trueUrl:
print(j+"\r\n")
f.write(j+"\r\n")
else:
print('error')

def main():
f = open('hwAsset.txt','w')
hw_get_asset(f)
f.close()
if __name__ == "__main__":
main()

after

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import requests
import json
from threading import *

def hw_get_asset(f):
#for num in range(1,259):
print("=====================================")
print(num)
url = "http://58.240.81.139:8085/project/assetList?page="+ str(num) + "&size=100&projectId=42&name="
S = requests.Session()

headers={ 'Host': '58.240.81.139:8085',\
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',\
'Accept': '*/*',\
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',\
'Referer': 'http://2021sec.jscert.org.cn:8073/',\
'Content-Type': 'application/json',\
'token': 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ6aG9uZ3poaXdlaV94eCIsImp0aSI6IjM0MTAiLCJzdWIiOiLmsZ_oi4_nnIFf5bGx55-z572R56eRX-mrmOemuea7tCIsImlhdCI6MTYyMDUyNDQ4Nn0.VvrrkhSrTNbEdrku0NLtW3pEX6iyUgjpxC7CKmSny-A',\
'Connection': 'close'
}

send = S.get(url,headers=headers) #json格式
if send.status_code ==200:
print('success')
jsonSend = json.loads(send) #加载json格式
writedata = jsonSend["send"]["asset"] #获取send变量的json文件中的asset字段
f.write(writedata+"\r\n")
else:
print('connection error')

def main():
f = open('hwAsset.txt','w')
for i in range(1,259):
t = threading.Thread(target=hw_get_asset,args=(f))
t.start() #开启线程
t.join() #wait() 第一个线程执行完毕后再执行第二个线程
f.close()
if __name__ == "__main__":
# execute only if run as a script
main()

参考资料

https://www.runoob.com/python/python-json.html