1day loophole cruiser system of steamed bread
1. Purpose of 1day vulnerability cruiser system
In order not to walk around every day to see whether the major leak repositories are updated and what new vulnerabilities appear, I decided to build my own vulnerability repository and 1day vulnerability cruiser system.
The main purpose of writing the 1day cruiser system is to find the vulnerabilities of the assets you are concerned about in time. If there are 1day vulnerabilities, the system will automatically report the occurrence of 1day vulnerabilities under your assets, and then generate HTML forms. In this way, it saves time to find the 1day vulnerability information of the assets you need one by one.
2. Feasibility of 1 day vulnerability cruiser system
For some large Internet companies, they should have their own vulnerability library and 1day vulnerability response. The system I made is more suitable for individuals.
The function of the cruiser system is to discover and provide vulnerability reports in time. There is no verification vulnerability and penetration, so there is no attack (this can be (^ −) ☆)
3. Technology used in 1day vulnerability cruiser system
Main functions of the system: timely crawl the vulnerability information of major platforms, analyze the collected data and save it to the database, generate report information for the added assets and remind the emergence of new 1day.
The languages used in the system are mainly python (other languages may be used in future improvement projects) and MySQL database
The technologies used in the system include:
Python crawler technology
Python for multithreading
Python operation on MySQL database
Python operations on files
For data visualization, data visualization technology will be added
For the accuracy of data, machine learning and natural language technology will be added
4. Preliminary design drawing of 1 day vulnerability cruiser system (first occupy a pit, etc., and then optimize the figure below)
5. 1day vulnerability cruiser system partial code
6. Preliminary finished product drawing of 1day vulnerability cruiser system
After the program runs, it will be automated. It will not be closed in the future. It will automatically crawl and generate forms every day
Auto generated master page:
All vulnerability pages automatically generated:
Automatically generated vulnerability page of interest:
Automatically find web addresses where this vulnerability may exist:
7. Next step plan of 1day vulnerability cruiser system
Integrate more vulnerability publishing platforms
Add data visualization technology to make the data more intuitive
Add some algorithms to improve the accuracy of data judgment
Making Android Software on the mobile terminal makes it easier to view
Make a vulnerability reminder function. If there is a vulnerability of concern, it will be reminded on QQ, wechat or nails