用python打造x云漏洞词云 | LSABLOG

首页 » Program » Python » 正文

用python打造x云漏洞词云

0x00 前言

突然想做一个漏洞词云,看看哪些漏洞比较高频,如果某些厂商有漏洞公开(比如ly),也好针对性挖掘。就选x云吧(镜像站 http://wy.hxsec.com/bugs.php)。用jieba和wordcloud两个强大的第三方库,就可以轻松打造出x云漏洞词云。

github地址:https://github.com/theLSA/wooyun_wordcloud

 

0x01 爬取标题

直接上代码:

#coding:utf-8
#Author:LSA
#Description:wordcloud for wooyun
#Date:20170904



import urllib
import urllib2
import re
import threading
import Queue


q0 = Queue.Queue()

threads = 20

threadList = []


def gettitle():
    while not q0.empty():

        i = q0.get()
        url = 'http://wy.hxsec.com/bugs.php?page=' + str(i)
        html = urllib.urlopen(url).read()
        reg = re.compile(r'<li  style="width:60%;height:25px;background-color:#FFFFFF;float:left" ><a href=".*?">(.*?)</a>')
        titleList = re.findall(reg,html)
        fwy = open("wooyunBugTitle.txt","a")
        for title in titleList:
            fwy.write(title+'\n')
        fwy.flush()
        fwy.close()
        print 'Page ' + str(i) + ' over!'


def main():
    for page in range(1,2962):
        q0.put(page)
    for thread in range(threads):
        t = threading.Thread(target=gettitle)
        t.start()
        threadList.append(t)
    for th in threadList:
        th.join()

    print '***********************All pages over!**********************'
        



if __name__ == '__main__':
    main()

            

0x02 打造词云

还是直接上代码:

# coding: utf-8


import jieba
from wordcloud import WordCloud
import matplotlib.pyplot as plt

data = open("wooyunBugTitle.txt","r").read()
cutData = jieba.cut(data, cut_all=True)
word = " ".join(cutData)

cloud = WordCloud(
    #设置字体,不指定可能会出现中文乱码
    font_path="msyh.ttf",
    #font_path=path.join(e,'xxx.ttc'),
    #设置背景色
    background_color='white',
    #词云形状
    #mask=color_mask,
    #允许最大词汇
    max_words=2000,
    #最大号字体
    max_font_size=40
    )

wc = cloud.generate(word)
wc.to_file("wooyunwordcloud.jpg") 
plt.imshow(wc)
plt.axis("off")
plt.show()

0x03 效果演示:

0x04 结语

由词云图可以看出,SQL注入依旧风光无限,其次是命令执行,继而是信息泄漏,整体看还是比较直观的。

%e4%b9%8c%e4%ba%91%e5%b7%b2%e9%80%9d%ef%bc%8c%e6%9c%aa%e8%a7%81%e5%bd%a9%e8%99%b9

 

 

Comment