Skip to content

Commit

Permalink
feat: 增加蓝信webhook机器人和pushplus推送
Browse files Browse the repository at this point in the history
  • Loading branch information
fengwenhua02 committed Mar 22, 2024
1 parent 15c5db9 commit ff2fdd5
Show file tree
Hide file tree
Showing 8 changed files with 439 additions and 21 deletions.
89 changes: 69 additions & 20 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,30 +37,36 @@
- [Server 酱](https://sct.ftqq.com/)
- [自定义 Bark 服务](https://github.com/Finb/Bark)
- [自定义 Webhook 服务](./examples/webhook)
- [pushplus](https://pushplus.plus/)
- [蓝信](https://developer.lanxin.cn/official/article?id=646ecae03d4e4adb7039c0e4&module=development-help&article_id=646f193b3d4e4adb7039c21c)

### 使用 Docker

Docker 方式推荐使用环境变量来配置服务参数

| 环境变量名 | 说明 | 默认值 |
|-------------------------|-------------------------------------------------------------------------|-----------------------------------------|
| `DB_CONN` | 数据库链接字符串,详情见 [数据库连接](#数据库连接) | `sqlite3://vuln_v3.sqlite3` |
| `DINGDING_ACCESS_TOKEN` | 钉钉机器人 url 的 `access_token` 部分 | |
| `DINGDING_SECRET` | 钉钉机器人的加签值 (仅支持加签方式) | |
| `LARK_ACCESS_TOKEN` | 飞书机器人 url 的 `/open-apis/bot/v2/hook/` 后的部分, 也支持直接指定完整的 url 来访问私有部署的飞书 | |
| `LARK_SECRET` | 飞书机器人的加签值 (仅支持加签方式) | |
| `WECHATWORK_KEY ` | 微信机器人 url 的 `key` 部分 | |
| `SERVERCHAN_KEY ` | Server酱的 `SCKEY` | |
| `WEBHOOK_URL` | 自定义 webhook 服务的完整 url | |
| `BARK_URL` | Bark 服务的完整 url, 路径需要包含 DeviceKey | |
| `TELEGRAM_BOT_TOKEN` | Telegram Bot Token | |
| `TELEGRAM_CHAT_IDS` | Telegram Bot 需要发送给的 chat 列表,使用 `,` 分割 | |
| 环境变量名 | 说明 | 默认值 |
| ----------------------- | ------------------------------------------------------------ | --------------------------------------- |
| `DB_CONN` | 数据库链接字符串,详情见 [数据库连接](#数据库连接) | `sqlite3://vuln_v3.sqlite3` |
| `DINGDING_ACCESS_TOKEN` | 钉钉机器人 url 的 `access_token` 部分 | |
| `DINGDING_SECRET` | 钉钉机器人的加签值 (仅支持加签方式) | |
| `LARK_ACCESS_TOKEN` | 飞书机器人 url 的 `/open-apis/bot/v2/hook/` 后的部分, 也支持直接指定完整的 url 来访问私有部署的飞书 | |
| `LARK_SECRET` | 飞书机器人的加签值 (仅支持加签方式) | |
| `WECHATWORK_KEY ` | 微信机器人 url 的 `key` 部分 | |
| `SERVERCHAN_KEY ` | Server酱的 `SCKEY` | |
| `WEBHOOK_URL` | 自定义 webhook 服务的完整 url | |
| `BARK_URL` | Bark 服务的完整 url, 路径需要包含 DeviceKey | |
| `PUSHPLUS_KEY` | PushPlus的token | |
| `LANXIN_DOMAIN` | 蓝信webhook机器人的域名 | |
| `LANXIN_TOKEN` | 蓝信webhook机器人的hook token | |
| `LANXIN_SECRET` | 蓝信webhook机器人的签名 | |
| `TELEGRAM_BOT_TOKEN` | Telegram Bot Token | |
| `TELEGRAM_CHAT_IDS` | Telegram Bot 需要发送给的 chat 列表,使用 `,` 分割 | |
| `SOURCES` | 启用哪些漏洞信息源,逗号分隔, 可选 `avd`, `ti`, `oscs`, `seebug`,`threatbook`,`struts2` | `avd,ti,oscs,threatbook,seebug,struts2` |
| `INTERVAL` | 检查周期,支持秒 `60s`, 分钟 `10m`, 小时 `1h`, 最低 `1m` | `30m` |
| `ENABLE_CVE_FILTER` | 启用 CVE 过滤,开启后多个数据源的统一 CVE 将只推送一次 | `true` |
| `NO_FILTER` | 禁用上述推送过滤策略,所有新发现的漏洞都会被推送 | `false` |
| `NO_START_MESSAGE` | 禁用服务启动的提示信息 | `false` |
| `HTTPS_PROXY` | 给所有请求配置代理, 支持 `socks5://xxxx` 或者 `http(s)://xxkx` | |
| `INTERVAL` | 检查周期,支持秒 `60s`, 分钟 `10m`, 小时 `1h`, 最低 `1m` | `30m` |
| `ENABLE_CVE_FILTER` | 启用 CVE 过滤,开启后多个数据源的统一 CVE 将只推送一次 | `true` |
| `NO_FILTER` | 禁用上述推送过滤策略,所有新发现的漏洞都会被推送 | `false` |
| `NO_START_MESSAGE` | 禁用服务启动的提示信息 | `false` |
| `HTTPS_PROXY` | 给所有请求配置代理, 支持 `socks5://xxxx` 或者 `http(s)://xxkx` | |

比如使用钉钉机器人

Expand Down Expand Up @@ -104,6 +110,30 @@ docker run --restart always -d \

</details>

<details><summary>使用PushPlus</summary>

```bash
docker run --restart always -d \
-e PUSHPLUS_KEY=xxx \
-e INTERVAL=30m \
zemal/watchvuln:latest
```

</details>

<details><summary>使用蓝信Webhook机器人</summary>

```bash
docker run --restart always -d \
-e LANXIN_DOMAIN=xxx \
-e LANXIN_TOKEN=xxx \
-e LANXIN_SECRET=xxx \
-e INTERVAL=30m \
zemal/watchvuln:latest
```

</details>

<details><summary>使用Telegram 机器人</summary>

```bash
Expand Down Expand Up @@ -184,8 +214,12 @@ GLOBAL OPTIONS:
--bark-url value, --bark value your bark server url, ex: http://127.0.0.1:1111/DeviceKey
--dingding-access-token value, --dt value webhook access token of dingding bot
--dingding-sign-secret value, --ds value sign secret of dingding bot
--lark-access-token value, --lt value webhook access token of lark
--lanxin-domain value, --lxd value your lanxin server url, ex: https://apigw-example.domain
--lanxin-hook-token value, --lxt value lanxin hook token
--lanxin-sign-secret value, --lxs value sign secret of lanxin
--lark-access-token value, --lt value webhook access token/url of lark
--lark-sign-secret value, --ls value sign secret of lark
--pushplus-key value, --pk value send key for push plus
--serverchan-key value, --sk value send key for server chan
--telegram-bot-token value, --tgtk value telegram bot token, ex: 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11
--telegram-chat-ids value, --tgids value chat ids want to send on telegram, ex: 123456,4312341,123123
Expand Down Expand Up @@ -220,7 +254,6 @@ $ ./watchvuln --dt DINGDING_ACCESS_TOKEN --ds DINGDING_SECRET -i 30m
```bash
$ ./watchvuln --lt LARK_ACCESS_TOKEN --ls LARK_SECRET -i 30m
```
</details>
Expand All @@ -241,6 +274,22 @@ $ ./watchvuln --sk xxxx -i 30m
</details>
<details><summary>使用PushPlus</summary>
```
$ ./watchvuln --pk xxxx -i 30m
```
</details>
<details><summary>使用蓝信Webhook机器人</summary>
```
$ ./watchvuln --lxd xxxx --lxt xxx --lxs xxx -i 30m
```
</details>
<details><summary>使用Telegram 机器人</summary>
```
Expand Down
3 changes: 2 additions & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ require (
github.com/stretchr/testify v1.8.4
github.com/urfave/cli/v2 v2.26.0
github.com/vimsucks/wxwork-bot-go v0.0.0-20221213061339-fcbcd88ede1c
golang.org/x/net v0.21.0
golang.org/x/net v0.22.0
golang.org/x/sync v0.5.0
modernc.org/sqlite v1.28.0
)
Expand All @@ -40,6 +40,7 @@ require (
github.com/dlclark/regexp2 v1.10.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/go-openapi/inflect v0.19.0 // indirect
github.com/go-resty/resty/v2 v2.12.0 // indirect
github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/golang/protobuf v1.5.3 // indirect
Expand Down
12 changes: 12 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+m
github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
github.com/go-resty/resty/v2 v2.12.0 h1:rsVL8P90LFvkUYq/V5BTVe203WfRIU4gvcf+yfzJzGA=
github.com/go-resty/resty/v2 v2.12.0/go.mod h1:o0yGPrkS3lOe1+eFajk6kBW8ScXzwU3hD69/gt2yB/0=
github.com/go-sourcemap/sourcemap v2.1.3+incompatible h1:W1iEw64niKVGogNgBN3ePyLFfuisuzeidWPMPWmECqU=
github.com/go-sourcemap/sourcemap v2.1.3+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg=
github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
Expand Down Expand Up @@ -175,6 +177,7 @@ go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
go.uber.org/mock v0.3.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
golang.org/x/exp v0.0.0-20231214170342-aacd6d4b4611 h1:qCEDpW1G+vcj3Y7Fy52pEM1AWm3abj8WimGYejI3SC4=
Expand All @@ -191,8 +194,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand All @@ -211,12 +217,17 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
Expand All @@ -227,6 +238,7 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
Expand Down
46 changes: 46 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,12 +77,36 @@ func main() {
Usage: "send key for server chan",
Category: "[\x00Push Options]",
},
&cli.StringFlag{
Name: "pushplus-key",
Aliases: []string{"pk"},
Usage: "send key for push plus",
Category: "[\x00Push Options]",
},
&cli.StringFlag{
Name: "webhook-url",
Aliases: []string{"webhook"},
Usage: "your webhook server url, ex: http://127.0.0.1:1111/webhook",
Category: "[\x00Push Options]",
},
&cli.StringFlag{
Name: "lanxin-domain",
Aliases: []string{"lxd"},
Usage: "your lanxin server url, ex: https://apigw-example.domain",
Category: "[\x00Push Options]",
},
&cli.StringFlag{
Name: "lanxin-hook-token",
Aliases: []string{"lxt"},
Usage: "lanxin hook token",
Category: "[\x00Push Options]",
},
&cli.StringFlag{
Name: "lanxin-sign-secret",
Aliases: []string{"lxs"},
Usage: "sign secret of lanxin",
Category: "[\x00Push Options]",
},
&cli.StringFlag{
Name: "bark-url",
Aliases: []string{"bark"},
Expand Down Expand Up @@ -265,10 +289,14 @@ func initPusher(c *cli.Context) (push.TextPusher, push.RawPusher, error) {
dingSecret := c.String("dingding-sign-secret")
wxWorkKey := c.String("wechatwork-key")
webhook := c.String("webhook-url")
lanxinDomain := c.String("lanxin-domain")
lanxinToken := c.String("lanxin-hook-token")
lanxinSecret := c.String("lanxin-sign-secret")
bark := c.String("bark-url")
larkToken := c.String("lark-access-token")
larkSecret := c.String("lark-sign-secret")
serverChanKey := c.String("serverchan-key")
pushPlusKey := c.String("pushplus-key")
telegramBotTokey := c.String("telegram-bot-token")
telegramChatIDs := c.String("telegram-chat-ids")

Expand All @@ -284,6 +312,15 @@ func initPusher(c *cli.Context) (push.TextPusher, push.RawPusher, error) {
if os.Getenv("WEBHOOK_URL") != "" {
webhook = os.Getenv("WEBHOOK_URL")
}
if os.Getenv("LANXIN_DOMAIN") != "" {
lanxinDomain = os.Getenv("LANXIN_DOMAIN")
}
if os.Getenv("LANXIN_TOKEN") != "" {
lanxinToken = os.Getenv("LANXIN_TOKEN")
}
if os.Getenv("LANXIN_SECRET") != "" {
lanxinSecret = os.Getenv("LANXIN_SECRET")
}
if os.Getenv("BARK_URL") != "" {
bark = os.Getenv("BARK_URL")
}
Expand All @@ -296,6 +333,9 @@ func initPusher(c *cli.Context) (push.TextPusher, push.RawPusher, error) {
if os.Getenv("SERVERCHAN_KEY") != "" {
serverChanKey = os.Getenv("SERVERCHAN_KEY")
}
if os.Getenv("PUSHPLUS_KEY") != "" {
pushPlusKey = os.Getenv("PUSHPLUS_KEY")
}
if os.Getenv("TELEGRAM_BOT_TOKEN") != "" {
telegramBotTokey = os.Getenv("TELEGRAM_BOT_TOKEN")
}
Expand All @@ -317,6 +357,9 @@ func initPusher(c *cli.Context) (push.TextPusher, push.RawPusher, error) {
if webhook != "" {
rawPusher = append(rawPusher, push.NewWebhook(webhook))
}
if lanxinDomain != "" && lanxinToken != "" && lanxinSecret != "" {
textPusher = append(textPusher, push.NewLanxin(lanxinDomain, lanxinToken, lanxinSecret))
}
if bark != "" {
deviceKeys := strings.Split(bark, "/")
deviceKey := deviceKeys[len(deviceKeys)-1]
Expand All @@ -326,6 +369,9 @@ func initPusher(c *cli.Context) (push.TextPusher, push.RawPusher, error) {
if serverChanKey != "" {
textPusher = append(textPusher, push.NewServerChan(serverChanKey))
}
if pushPlusKey != "" {
textPusher = append(textPusher, push.NewPushPlus(pushPlusKey))
}
if telegramBotTokey != "" && telegramChatIDs != "" {
tgPusher, err := push.NewTelegram(telegramBotTokey, telegramChatIDs)
if err != nil {
Expand Down
Loading

0 comments on commit ff2fdd5

Please sign in to comment.